2 files changed, 4 insertions, 1 deletions

diff --git a/src/validation.cpp b/src/validation.cpp
index 9696b65ea7..39780e1c6d 100644
--- a/src/validation.cpp
+++ b/src/validation.cpp
@@ -574,7 +574,8 @@ bool MemPoolAccept::PreChecks(ATMPArgs& args, Workspace& ws)
 
     // Do not work on transactions that are too small.
     // A transaction with 1 segwit input and 1 P2WPHK output has non-witness size of 82 bytes.
-    // Transactions smaller than this are not relayed to reduce unnecessary malloc overhead.
+    // Transactions smaller than this are not relayed to mitigate CVE-2017-12842 by not relaying
+    // 64-byte transactions.
     if (::GetSerializeSize(tx, PROTOCOL_VERSION | SERIALIZE_TRANSACTION_NO_WITNESS) < MIN_STANDARD_TX_NONWITNESS_SIZE)
         return state.Invalid(ValidationInvalidReason::TX_NOT_STANDARD, false, REJECT_NONSTANDARD, "tx-size-small");
 
diff --git a/test/functional/data/invalid_txs.py b/test/functional/data/invalid_txs.py
index 9dc06422c4..fd69bbd2c7 100644
--- a/test/functional/data/invalid_txs.py
+++ b/test/functional/data/invalid_txs.py
@@ -99,6 +99,8 @@ class InputMissing(BadTxTemplate):
         return tx
 
 
+# The following check prevents exploit of lack of merkle
+# tree depth commitment (CVE-2017-12842)
 class SizeTooSmall(BadTxTemplate):
     reject_reason = "tx-size-small"
     expect_disconnect = False