diff options
| author | lucash-dev <lucash.dev@gmail.com> | 2018-11-10 09:11:22 -0800 |
|---|---|---|
| committer | lucash-dev <lucash.dev@gmail.com> | 2019-06-02 10:25:03 -0700 |
| commit | 38bfca6bb2ad68719415e9c54a981441052da072 (patch) | |
| tree | fb2686c0635b1e4db76eb779df0fd2800d0a7c53 /test | |
| parent | c7cfd20a77ce57d200b3b9e5e0dfb0d63818abdc (diff) | |
| download | bitcoin-38bfca6bb2ad68719415e9c54a981441052da072.tar.xz | |
Added comments referencing multiple CVEs in tests and production code.
This commit adds comments referencing multiple CVEs both in production and test code.
CVEs covered in this commit:
CVE-2010-5137
CVE-2010-5139
CVE-2010-5141
CVE-2012-1909
CVE-2012-2459
CVE-2012-3789
CVE-2018-17144
Diffstat (limited to 'test')
| -rwxr-xr-x | test/functional/feature_block.py | 2 | ||||
| -rwxr-xr-x | test/functional/mempool_accept.py | 1 | ||||
| -rwxr-xr-x | test/functional/p2p_invalid_block.py | 5 |
3 files changed, 5 insertions, 3 deletions
diff --git a/test/functional/feature_block.py b/test/functional/feature_block.py index 3ad83cd2b3..ce353b2272 100755 --- a/test/functional/feature_block.py +++ b/test/functional/feature_block.py @@ -787,7 +787,7 @@ class FullBlockTest(BitcoinTestFramework): # # Blocks are not allowed to contain a transaction whose id matches that of an earlier, # not-fully-spent transaction in the same chain. To test, make identical coinbases; - # the second one should be rejected. + # the second one should be rejected. See also CVE-2012-1909. # self.log.info("Reject a block with a transaction with a duplicate hash of a previous transaction (BIP30)") self.move_tip(60) diff --git a/test/functional/mempool_accept.py b/test/functional/mempool_accept.py index 2bb5d8ab7d..a94187ab90 100755 --- a/test/functional/mempool_accept.py +++ b/test/functional/mempool_accept.py @@ -212,6 +212,7 @@ class MempoolAcceptanceTest(BitcoinTestFramework): rawtxs=[tx.serialize().hex()], ) + # The following two validations prevent overflow of the output amounts (see CVE-2010-5139). self.log.info('A transaction with too large output value') tx.deserialize(BytesIO(hex_str_to_bytes(raw_tx_reference))) tx.vout[0].nValue = 21000000 * COIN + 1 diff --git a/test/functional/p2p_invalid_block.py b/test/functional/p2p_invalid_block.py index 1e0b876593..8ba3cc7d72 100755 --- a/test/functional/p2p_invalid_block.py +++ b/test/functional/p2p_invalid_block.py @@ -53,10 +53,11 @@ class InvalidBlockRequestTest(BitcoinTestFramework): block_time = best_block["time"] + 1 # Use merkle-root malleability to generate an invalid block with - # same blockheader. + # same blockheader (CVE-2012-2459). # Manufacture a block with 3 transactions (coinbase, spend of prior # coinbase, spend of that spend). Duplicate the 3rd transaction to # leave merkle root and blockheader unchanged but invalidate the block. + # For more information on merkle-root malleability see src/consensus/merkle.cpp. self.log.info("Test merkle root malleability.") block2 = create_block(tip, create_coinbase(height), block_time) @@ -81,7 +82,7 @@ class InvalidBlockRequestTest(BitcoinTestFramework): node.p2p.send_blocks_and_test([block2], node, success=False, reject_reason='bad-txns-duplicate') - # Check transactions for duplicate inputs + # Check transactions for duplicate inputs (CVE-2018-17144) self.log.info("Test duplicate input block.") block2_orig.vtx[2].vin.append(block2_orig.vtx[2].vin[0]) |