diff options
author | lucash-dev <lucash.dev@gmail.com> | 2018-11-09 19:31:49 -0800 |
---|---|---|
committer | lucash-dev <lucash.dev@gmail.com> | 2019-06-02 10:25:03 -0700 |
commit | 0c62e3aa73839e97e65a3155e06a98d84b700a1e (patch) | |
tree | 264aaaeaab60d647b9362c1b00880d5a1adc7d0f /test/functional/p2p_invalid_block.py | |
parent | 38bfca6bb2ad68719415e9c54a981441052da072 (diff) | |
download | bitcoin-0c62e3aa73839e97e65a3155e06a98d84b700a1e.tar.xz |
New regression testing for CVE-2018-17144, CVE-2012-2459, and CVE-2010-5137.
CVE-2018-17144 and CVE-2012-2459 are only partially tested for regression.
- CVE-2018-17144 is not tested for the inflation bug.
- CVE-2012-2459 is only tested for the mutated block being rejected, not
for the original block being accepted afterwards.
This commit fixes that limitation.
Also added functional test for CVE-2010-5137.
Diffstat (limited to 'test/functional/p2p_invalid_block.py')
-rwxr-xr-x | test/functional/p2p_invalid_block.py | 39 |
1 files changed, 33 insertions, 6 deletions
diff --git a/test/functional/p2p_invalid_block.py b/test/functional/p2p_invalid_block.py index 8ba3cc7d72..905534b862 100755 --- a/test/functional/p2p_invalid_block.py +++ b/test/functional/p2p_invalid_block.py @@ -85,12 +85,13 @@ class InvalidBlockRequestTest(BitcoinTestFramework): # Check transactions for duplicate inputs (CVE-2018-17144) self.log.info("Test duplicate input block.") - block2_orig.vtx[2].vin.append(block2_orig.vtx[2].vin[0]) - block2_orig.vtx[2].rehash() - block2_orig.hashMerkleRoot = block2_orig.calc_merkle_root() - block2_orig.rehash() - block2_orig.solve() - node.p2p.send_blocks_and_test([block2_orig], node, success=False, reject_reason='bad-txns-inputs-duplicate') + block2_dup = copy.deepcopy(block2_orig) + block2_dup.vtx[2].vin.append(block2_dup.vtx[2].vin[0]) + block2_dup.vtx[2].rehash() + block2_dup.hashMerkleRoot = block2_dup.calc_merkle_root() + block2_dup.rehash() + block2_dup.solve() + node.p2p.send_blocks_and_test([block2_dup], node, success=False, reject_reason='bad-txns-inputs-duplicate') self.log.info("Test very broken block.") @@ -106,5 +107,31 @@ class InvalidBlockRequestTest(BitcoinTestFramework): node.p2p.send_blocks_and_test([block3], node, success=False, reject_reason='bad-cb-amount') + # Complete testing of CVE-2012-2459 by sending the original block. + # It should be accepted even though it has the same hash as the mutated one. + + self.log.info("Test accepting original block after rejecting its mutated version.") + node.p2p.send_blocks_and_test([block2_orig], node, success=True, timeout=5) + + # Update tip info + height += 1 + block_time += 1 + tip = int(block2_orig.hash, 16) + + # Complete testing of CVE-2018-17144, by checking for the inflation bug. + # Create a block that spends the output of a tx in a previous block. + block4 = create_block(tip, create_coinbase(height), block_time) + tx3 = create_tx_with_script(tx2, 0, script_sig=b'\x51', amount=50 * COIN) + + # Duplicates input + tx3.vin.append(tx3.vin[0]) + tx3.rehash() + block4.vtx.append(tx3) + block4.hashMerkleRoot = block4.calc_merkle_root() + block4.rehash() + block4.solve() + self.log.info("Test inflation by duplicating input") + node.p2p.send_blocks_and_test([block4], node, success=False, reject_reason='bad-txns-inputs-duplicate') + if __name__ == '__main__': InvalidBlockRequestTest().main() |