diff options
| author | Luke Dashjr <luke-jr+git@utopios.org> | 2012-08-27 19:14:59 +0000 |
|---|---|---|
| committer | Luke Dashjr <luke-jr+git@utopios.org> | 2012-08-27 19:14:59 +0000 |
| commit | f08ad34e0c7879d60d854c7014cc788e4268889f (patch) | |
| tree | 4d101e8f8ba21a29026d3992abda8f2348c1c707 /src | |
| parent | 802bc904ba102c19631aa2aad9659df74fe0e07e (diff) | |
| parent | d31e24aeaaf18a4117f23a937614a8bf2679e8a4 (diff) | |
| download | bitcoin-f08ad34e0c7879d60d854c7014cc788e4268889f.tar.xz | |
Merge branch '0.5.x' into 0.6.0.x
Conflicts:
bitcoin-qt.pro
doc/README
doc/README_windows.txt
share/setup.nsi
src/serialize.h
Diffstat (limited to 'src')
| -rw-r--r-- | src/main.cpp | 47 | ||||
| -rw-r--r-- | src/main.h | 4 |
2 files changed, 43 insertions, 8 deletions
diff --git a/src/main.cpp b/src/main.cpp index 7d3432751a..129e09929a 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -2168,6 +2168,28 @@ bool CAlert::ProcessAlert() if (!IsInEffect()) return false; + // alert.nID=max is reserved for if the alert key is + // compromised. It must have a pre-defined message, + // must never expire, must apply to all versions, + // and must cancel all previous + // alerts or it will be ignored (so an attacker can't + // send an "everything is OK, don't panic" version that + // cannot be overridden): + int maxInt = std::numeric_limits<int>::max(); + if (nID == maxInt) + { + if (!( + nExpiration == maxInt && + nCancel == (maxInt-1) && + nMinVer == 0 && + nMaxVer == maxInt && + setSubVer.empty() && + nPriority == maxInt && + strStatusBar == "URGENT: Alert key compromised, upgrade required" + )) + return false; + } + CRITICAL_BLOCK(cs_mapAlerts) { // Cancel previous alerts @@ -2780,13 +2802,26 @@ bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv) CAlert alert; vRecv >> alert; - if (alert.ProcessAlert()) + uint256 alertHash = alert.GetHash(); + if (pfrom->setKnown.count(alertHash) == 0) { - // Relay - pfrom->setKnown.insert(alert.GetHash()); - CRITICAL_BLOCK(cs_vNodes) - BOOST_FOREACH(CNode* pnode, vNodes) - alert.RelayTo(pnode); + if (alert.ProcessAlert()) + { + // Relay + pfrom->setKnown.insert(alertHash); + CRITICAL_BLOCK(cs_vNodes) + BOOST_FOREACH(CNode* pnode, vNodes) + alert.RelayTo(pnode); + } + else { + // Small DoS penalty so peers that send us lots of + // duplicate/expired/invalid-signature/whatever alerts + // eventually get banned. + // This isn't a Misbehaving(100) (immediate ban) because the + // peer might be an older or different implementation with + // a different signature key, etc. + pfrom->Misbehaving(10); + } } } diff --git a/src/main.h b/src/main.h index 6f2a08422e..99b55528ae 100644 --- a/src/main.h +++ b/src/main.h @@ -26,7 +26,7 @@ class CInv; class CRequestTracker; class CNode; -static const int CLIENT_VERSION = 60009; +static const int CLIENT_VERSION = 60010; static const bool VERSION_IS_BETA = true; extern const std::string CLIENT_NAME; @@ -1565,7 +1565,7 @@ public: uint256 GetHash() const { - return SerializeHash(*this); + return Hash(this->vchMsg.begin(), this->vchMsg.end()); } bool IsInEffect() const |