From e0adf1389774c802a39715b1de76f0b1115eb77f Mon Sep 17 00:00:00 2001
From: Gavin Andresen <gavinandresen@gmail.com>
Date: Mon, 27 Aug 2012 10:22:57 -0400
Subject: Special-case the last alert for alert-key-compromised case

Hard-code a special nId=max int alert, to be broadcast if the
alert key is ever compromised. It applies to all versions, never
expires, cancels all previous alerts, and has a fixed message:
   URGENT: Alert key compromised, upgrade required

Variations are not allowed (ignored), so an attacker with
the private key cannot broadcast empty-message nId=max alerts.
---
 src/main.cpp | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

(limited to 'src/main.cpp')

diff --git a/src/main.cpp b/src/main.cpp
index 1821576dc5..1860f471da 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -1970,6 +1970,28 @@ bool CAlert::ProcessAlert()
     if (!IsInEffect())
         return false;
 
+    // alert.nID=max is reserved for if the alert key is
+    // compromised. It must have a pre-defined message,
+    // must never expire, must apply to all versions,
+    // and must cancel all previous
+    // alerts or it will be ignored (so an attacker can't
+    // send an "everything is OK, don't panic" version that
+    // cannot be overridden):
+    int maxInt = std::numeric_limits<int>::max();
+    if (nID == maxInt)
+    {
+        if (!(
+                nExpiration == maxInt &&
+                nCancel == (maxInt-1) &&
+                nMinVer == 0 &&
+                nMaxVer == maxInt &&
+                setSubVer.empty() &&
+                nPriority == maxInt &&
+                strStatusBar == "URGENT: Alert key compromised, upgrade required"
+                ))
+            return false;
+    }
+
     CRITICAL_BLOCK(cs_mapAlerts)
     {
         // Cancel previous alerts
-- 
cgit v1.2.3