|
|
@ -2322,6 +2322,28 @@ bool CAlert::ProcessAlert() |
|
|
|
if (!IsInEffect()) |
|
|
|
return false; |
|
|
|
|
|
|
|
// alert.nID=max is reserved for if the alert key is
|
|
|
|
// compromised. It must have a pre-defined message,
|
|
|
|
// must never expire, must apply to all versions,
|
|
|
|
// and must cancel all previous
|
|
|
|
// alerts or it will be ignored (so an attacker can't
|
|
|
|
// send an "everything is OK, don't panic" version that
|
|
|
|
// cannot be overridden):
|
|
|
|
int maxInt = std::numeric_limits<int>::max(); |
|
|
|
if (nID == maxInt) |
|
|
|
{ |
|
|
|
if (!( |
|
|
|
nExpiration == maxInt && |
|
|
|
nCancel == (maxInt-1) && |
|
|
|
nMinVer == 0 && |
|
|
|
nMaxVer == maxInt && |
|
|
|
setSubVer.empty() && |
|
|
|
nPriority == maxInt && |
|
|
|
strStatusBar == "URGENT: Alert key compromised, upgrade required" |
|
|
|
)) |
|
|
|
return false; |
|
|
|
} |
|
|
|
|
|
|
|
{ |
|
|
|
LOCK(cs_mapAlerts); |
|
|
|
// Cancel previous alerts
|
|
|
@ -2997,14 +3019,27 @@ bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv) |
|
|
|
CAlert alert; |
|
|
|
vRecv >> alert; |
|
|
|
|
|
|
|
if (alert.ProcessAlert()) |
|
|
|
uint256 alertHash = alert.GetHash(); |
|
|
|
if (pfrom->setKnown.count(alertHash) == 0) |
|
|
|
{ |
|
|
|
// Relay
|
|
|
|
pfrom->setKnown.insert(alert.GetHash()); |
|
|
|
if (alert.ProcessAlert()) |
|
|
|
{ |
|
|
|
LOCK(cs_vNodes); |
|
|
|
BOOST_FOREACH(CNode* pnode, vNodes) |
|
|
|
alert.RelayTo(pnode); |
|
|
|
// Relay
|
|
|
|
pfrom->setKnown.insert(alertHash); |
|
|
|
{ |
|
|
|
LOCK(cs_vNodes); |
|
|
|
BOOST_FOREACH(CNode* pnode, vNodes) |
|
|
|
alert.RelayTo(pnode); |
|
|
|
} |
|
|
|
} |
|
|
|
else { |
|
|
|
// Small DoS penalty so peers that send us lots of
|
|
|
|
// duplicate/expired/invalid-signature/whatever alerts
|
|
|
|
// eventually get banned.
|
|
|
|
// This isn't a Misbehaving(100) (immediate ban) because the
|
|
|
|
// peer might be an older or different implementation with
|
|
|
|
// a different signature key, etc.
|
|
|
|
pfrom->Misbehaving(10); |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|