aboutsummaryrefslogtreecommitdiff
path: root/src/validation.cpp
diff options
context:
space:
mode:
authorlucash-dev <lucash.dev@gmail.com>2018-11-10 09:11:22 -0800
committerlucash-dev <lucash.dev@gmail.com>2019-06-02 10:25:03 -0700
commit38bfca6bb2ad68719415e9c54a981441052da072 (patch)
treefb2686c0635b1e4db76eb779df0fd2800d0a7c53 /src/validation.cpp
parentc7cfd20a77ce57d200b3b9e5e0dfb0d63818abdc (diff)
Added comments referencing multiple CVEs in tests and production code.
This commit adds comments referencing multiple CVEs both in production and test code. CVEs covered in this commit: CVE-2010-5137 CVE-2010-5139 CVE-2010-5141 CVE-2012-1909 CVE-2012-2459 CVE-2012-3789 CVE-2018-17144
Diffstat (limited to 'src/validation.cpp')
-rw-r--r--src/validation.cpp3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/validation.cpp b/src/validation.cpp
index 436c62261b..d0ce3f78fc 100644
--- a/src/validation.cpp
+++ b/src/validation.cpp
@@ -1865,7 +1865,7 @@ bool CChainState::ConnectBlock(const CBlock& block, CValidationState& state, CBl
// If such overwrites are allowed, coinbases and transactions depending upon those
// can be duplicated to remove the ability to spend the first instance -- even after
// being sent to another address.
- // See BIP30 and http://r6.ca/blog/20120206T005236Z.html for more information.
+ // See BIP30, CVE-2012-1909, and http://r6.ca/blog/20120206T005236Z.html for more information.
// This logic is not necessary for memory pool transactions, as AcceptToMemoryPool
// already refuses previously-known transaction ids entirely.
// This rule was originally applied to all blocks with a timestamp after March 15, 2012, 0:00 UTC.
@@ -3136,6 +3136,7 @@ bool CheckBlock(const CBlock& block, CValidationState& state, const Consensus::P
return state.Invalid(ValidationInvalidReason::CONSENSUS, false, REJECT_INVALID, "bad-cb-multiple", "more than one coinbase");
// Check transactions
+ // Must check for duplicate inputs (see CVE-2018-17144)
for (const auto& tx : block.vtx)
if (!CheckTransaction(*tx, state, true))
return state.Invalid(state.GetReason(), false, state.GetRejectCode(), state.GetRejectReason(),