Added comments referencing multiple CVEs in tests and production code.

This commit adds comments referencing multiple CVEs both in production and test code. CVEs covered in this commit: CVE-2010-5137 CVE-2010-5139 CVE-2010-5141 CVE-2012-1909 CVE-2012-2459 CVE-2012-3789 CVE-2018-17144
2025-08-23 08:02:39 +02:00 · 2018-11-10 09:11:22 -08:00
parent c7cfd20a77
commit 38bfca6bb2
8 changed files with 16 additions and 10 deletions
--- a/test/functional/p2p_invalid_block.py
+++ b/test/functional/p2p_invalid_block.py
@@ -53,10 +53,11 @@ class InvalidBlockRequestTest(BitcoinTestFramework):
        block_time = best_block["time"] + 1

        # Use merkle-root malleability to generate an invalid block with
-        # same blockheader.
+        # same blockheader (CVE-2012-2459).
        # Manufacture a block with 3 transactions (coinbase, spend of prior
        # coinbase, spend of that spend).  Duplicate the 3rd transaction to
        # leave merkle root and blockheader unchanged but invalidate the block.
+        # For more information on merkle-root malleability see src/consensus/merkle.cpp.
        self.log.info("Test merkle root malleability.")

        block2 = create_block(tip, create_coinbase(height), block_time)
@@ -81,7 +82,7 @@ class InvalidBlockRequestTest(BitcoinTestFramework):

        node.p2p.send_blocks_and_test([block2], node, success=False, reject_reason='bad-txns-duplicate')

-        # Check transactions for duplicate inputs
+        # Check transactions for duplicate inputs (CVE-2018-17144)
        self.log.info("Test duplicate input block.")

        block2_orig.vtx[2].vin.append(block2_orig.vtx[2].vin[0])