diff options
| author | lucash-dev <lucash.dev@gmail.com> | 2018-11-10 09:11:22 -0800 |
|---|---|---|
| committer | lucash-dev <lucash.dev@gmail.com> | 2019-06-02 10:25:03 -0700 |
| commit | 38bfca6bb2ad68719415e9c54a981441052da072 (patch) | |
| tree | fb2686c0635b1e4db76eb779df0fd2800d0a7c53 /src/script | |
| parent | c7cfd20a77ce57d200b3b9e5e0dfb0d63818abdc (diff) | |
| download | bitcoin-38bfca6bb2ad68719415e9c54a981441052da072.tar.xz | |
Added comments referencing multiple CVEs in tests and production code.
This commit adds comments referencing multiple CVEs both in production and test code.
CVEs covered in this commit:
CVE-2010-5137
CVE-2010-5139
CVE-2010-5141
CVE-2012-1909
CVE-2012-2459
CVE-2012-3789
CVE-2018-17144
Diffstat (limited to 'src/script')
| -rw-r--r-- | src/script/interpreter.cpp | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/script/interpreter.cpp b/src/script/interpreter.cpp index 95b25b4911..a819a65d24 100644 --- a/src/script/interpreter.cpp +++ b/src/script/interpreter.cpp @@ -334,7 +334,7 @@ bool EvalScript(std::vector<std::vector<unsigned char> >& stack, const CScript& opcode == OP_MOD || opcode == OP_LSHIFT || opcode == OP_RSHIFT) - return set_error(serror, SCRIPT_ERR_DISABLED_OPCODE); // Disabled opcodes. + return set_error(serror, SCRIPT_ERR_DISABLED_OPCODE); // Disabled opcodes (CVE-2010-5137). // With SCRIPT_VERIFY_CONST_SCRIPTCODE, OP_CODESEPARATOR in non-segwit script is rejected even in an unexecuted branch if (opcode == OP_CODESEPARATOR && sigversion == SigVersion::BASE && (flags & SCRIPT_VERIFY_CONST_SCRIPTCODE)) @@ -1483,6 +1483,8 @@ bool VerifyScript(const CScript& scriptSig, const CScript& scriptPubKey, const C return set_error(serror, SCRIPT_ERR_SIG_PUSHONLY); } + // scriptSig and scriptPubKey must be evaluated sequentially on the same stack + // rather than being simply concatenated (see CVE-2010-5141) std::vector<std::vector<unsigned char> > stack, stackCopy; if (!EvalScript(stack, scriptSig, flags, checker, SigVersion::BASE, serror)) // serror is set |