Alert system DoS prevention

This fixes two alert system vulnerabilities found by Sergio Lerner; you could send peers unlimited numbers of invalid alert message to try to either fill up their debug.log with messages and/or keep their CPU busy checking signatures. Fixed by disconnecting/banning peers if they send 10 or more bad (invalid/expired/cancelled) alerts.
author: Gavin Andresen <gavinandresen@gmail.com> 2012-08-26 17:08:18 -0400
committer: Luke Dashjr <luke-jr+git@utopios.org> 2012-08-27 18:56:54 +0000
commit: e1c2163fb7b3f37932be9093cadd6cce250844a5 (patch)
tree: 001977dca177027e5367c394132e65c2313885da /src
parent: 2eaeb17fe16594313004c56450fcc1a698d50bb7 (diff)
2 files changed, 20 insertions, 7 deletions
diff --git a/src/main.cpp b/src/main.cpp
index e9577ed27f..cd9c8e5e49 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -2614,13 +2614,26 @@ bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv)
         CAlert alert;
         vRecv >> alert;
 
-        if (alert.ProcessAlert())
+        uint256 alertHash = alert.GetHash();
+        if (pfrom->setKnown.count(alertHash) == 0)
         {
-            // Relay
-            pfrom->setKnown.insert(alert.GetHash());
-            CRITICAL_BLOCK(cs_vNodes)
-                BOOST_FOREACH(CNode* pnode, vNodes)
-                    alert.RelayTo(pnode);
+            if (alert.ProcessAlert())
+            {
+                // Relay
+                pfrom->setKnown.insert(alertHash);
+                CRITICAL_BLOCK(cs_vNodes)
+                    BOOST_FOREACH(CNode* pnode, vNodes)
+                        alert.RelayTo(pnode);
+            }
+            else {
+                // Small DoS penalty so peers that send us lots of
+                // duplicate/expired/invalid-signature/whatever alerts
+                // eventually get banned.
+                // This isn't a Misbehaving(100) (immediate ban) because the
+                // peer might be an older or different implementation with
+                // a different signature key, etc.
+                pfrom->Misbehaving(10);
+            }
         }
     }
 
diff --git a/src/main.h b/src/main.h
index 7a8e2d45cf..b7d47cfdfd 100644
--- a/src/main.h
+++ b/src/main.h
@@ -1577,7 +1577,7 @@ public:
 
     uint256 GetHash() const
     {
-        return SerializeHash(*this);
+        return Hash(this->vchMsg.begin(), this->vchMsg.end());
     }
 
     bool IsInEffect() const
author	Gavin Andresen <gavinandresen@gmail.com>	2012-08-26 17:08:18 -0400
committer	Luke Dashjr <luke-jr+git@utopios.org>	2012-08-27 18:56:54 +0000
commit	e1c2163fb7b3f37932be9093cadd6cce250844a5 (patch)
tree	001977dca177027e5367c394132e65c2313885da /src
parent	2eaeb17fe16594313004c56450fcc1a698d50bb7 (diff)