Implement test for merkle tree malleability in CPartialMerkleTree

This is a check that is mentioned in BIP 37, but never implemented in the reference code. As Bitcoin Core so far never decodes partial merkle trees, this is not a problem. But perhaps others use the code as a reference.
author: Pieter Wuille <pieter.wuille@gmail.com> 2014-11-22 15:44:43 +0100
committer: Pieter Wuille <pieter.wuille@gmail.com> 2014-12-11 17:22:15 +0100
commit: 012598880cf69a6a4d4d495c78e40ab4abb4eb39 (patch)
tree: f2d433bad71f00fadfdeac6063700b43735863b6 /src/merkleblock.cpp
parent: 3bb29a3e13f78f534d96b71048a128843f3bab85 (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/src/merkleblock.cpp b/src/merkleblock.cpp
index 8618e355d7..0500cfde88 100644
--- a/src/merkleblock.cpp
+++ b/src/merkleblock.cpp
@@ -93,10 +93,16 @@ uint256 CPartialMerkleTree::TraverseAndExtract(int height, unsigned int pos, uns
     } else {
         // otherwise, descend into the subtrees to extract matched txids and hashes
         uint256 left = TraverseAndExtract(height-1, pos*2, nBitsUsed, nHashUsed, vMatch), right;
-        if (pos*2+1 < CalcTreeWidth(height-1))
+        if (pos*2+1 < CalcTreeWidth(height-1)) {
             right = TraverseAndExtract(height-1, pos*2+1, nBitsUsed, nHashUsed, vMatch);
-        else
+            if (right == left) {
+                // If the left and right branch should never be identical as the transaction
+                // hashes covered by them must be unique.
+                fBad = true;
+            }
+        } else {
             right = left;
+        }
         // and combine them before returning
         return Hash(BEGIN(left), END(left), BEGIN(right), END(right));
     }
author	Pieter Wuille <pieter.wuille@gmail.com>	2014-11-22 15:44:43 +0100
committer	Pieter Wuille <pieter.wuille@gmail.com>	2014-12-11 17:22:15 +0100
commit	012598880cf69a6a4d4d495c78e40ab4abb4eb39 (patch)
tree	f2d433bad71f00fadfdeac6063700b43735863b6 /src/merkleblock.cpp
parent	3bb29a3e13f78f534d96b71048a128843f3bab85 (diff)