From 38bfca6bb2ad68719415e9c54a981441052da072 Mon Sep 17 00:00:00 2001
From: lucash-dev <lucash.dev@gmail.com>
Date: Sat, 10 Nov 2018 09:11:22 -0800
Subject: Added comments referencing multiple CVEs in tests and production
 code.

This commit adds comments referencing multiple CVEs both in production and test code.
CVEs covered in this commit:

CVE-2010-5137
CVE-2010-5139
CVE-2010-5141
CVE-2012-1909
CVE-2012-2459
CVE-2012-3789
CVE-2018-17144
---
 test/functional/mempool_accept.py | 1 +
 1 file changed, 1 insertion(+)

(limited to 'test/functional/mempool_accept.py')

diff --git a/test/functional/mempool_accept.py b/test/functional/mempool_accept.py
index 2bb5d8ab7d..a94187ab90 100755
--- a/test/functional/mempool_accept.py
+++ b/test/functional/mempool_accept.py
@@ -212,6 +212,7 @@ class MempoolAcceptanceTest(BitcoinTestFramework):
             rawtxs=[tx.serialize().hex()],
         )
 
+        # The following two validations prevent overflow of the output amounts (see CVE-2010-5139).
         self.log.info('A transaction with too large output value')
         tx.deserialize(BytesIO(hex_str_to_bytes(raw_tx_reference)))
         tx.vout[0].nValue = 21000000 * COIN + 1
-- 
cgit v1.2.3