Mercurial > hg > bitcoin
changeset 3396:6e1213e0929a draft
Merge branch 'alert_fix' of git://github.com/gavinandresen/bitcoin-git
author | Gavin Andresen <gavinandresen@gmail.com> |
---|---|
date | Mon, 27 Aug 2012 12:39:13 -0400 |
parents | 271ae5494558 (current diff) e0dd4cb42a5b (diff) |
children | a096bd3cf1f6 |
files | |
diffstat | 2 files changed, 42 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/src/main.cpp +++ b/src/main.cpp @@ -2322,6 +2322,28 @@ if (!IsInEffect()) return false; + // alert.nID=max is reserved for if the alert key is + // compromised. It must have a pre-defined message, + // must never expire, must apply to all versions, + // and must cancel all previous + // alerts or it will be ignored (so an attacker can't + // send an "everything is OK, don't panic" version that + // cannot be overridden): + int maxInt = std::numeric_limits<int>::max(); + if (nID == maxInt) + { + if (!( + nExpiration == maxInt && + nCancel == (maxInt-1) && + nMinVer == 0 && + nMaxVer == maxInt && + setSubVer.empty() && + nPriority == maxInt && + strStatusBar == "URGENT: Alert key compromised, upgrade required" + )) + return false; + } + { LOCK(cs_mapAlerts); // Cancel previous alerts @@ -2997,14 +3019,27 @@ CAlert alert; vRecv >> alert; - if (alert.ProcessAlert()) + uint256 alertHash = alert.GetHash(); + if (pfrom->setKnown.count(alertHash) == 0) { - // Relay - pfrom->setKnown.insert(alert.GetHash()); + if (alert.ProcessAlert()) { - LOCK(cs_vNodes); - BOOST_FOREACH(CNode* pnode, vNodes) - alert.RelayTo(pnode); + // Relay + pfrom->setKnown.insert(alertHash); + { + LOCK(cs_vNodes); + BOOST_FOREACH(CNode* pnode, vNodes) + alert.RelayTo(pnode); + } + } + else { + // Small DoS penalty so peers that send us lots of + // duplicate/expired/invalid-signature/whatever alerts + // eventually get banned. + // This isn't a Misbehaving(100) (immediate ban) because the + // peer might be an older or different implementation with + // a different signature key, etc. + pfrom->Misbehaving(10); } } }