From 01cc7bf0c5f7ebe0a3cde208edf5fceac9d2e1fb Mon Sep 17 00:00:00 2001 From: Luke Dashjr Date: Sun, 26 Aug 2012 22:43:42 +0000 Subject: [PATCH 1/4] Support sending to script (P2SH) addresses Upstream partials from 9e470585b35a84fcb7f6aa41ac0216c117e2a5e1, e679ec969c8b22c676ebb10bea1038f6c8f13b33, and 922e8e2929a2e78270868385aa46f96002fbcff3. --- src/base58.h | 18 ++++++++++++++++++ src/script.h | 5 ++++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/src/base58.h b/src/base58.h index af1022dfc07..9fe80781bd2 100644 --- a/src/base58.h +++ b/src/base58.h @@ -242,6 +242,14 @@ public: class CBitcoinAddress : public CBase58Data { public: + enum + { + PUBKEY_ADDRESS = 0, + SCRIPT_ADDRESS = 5, + PUBKEY_ADDRESS_TEST = 111, + SCRIPT_ADDRESS_TEST = 196, + }; + bool SetHash160(const uint160& hash160) { SetData(fTestNet ? 111 : 0, &hash160, 20); @@ -260,9 +268,11 @@ public: switch(nVersion) { case 0: + case SCRIPT_ADDRESS: break; case 111: + case SCRIPT_ADDRESS_TEST: fExpectTestNet = true; break; @@ -271,6 +281,14 @@ public: } return fExpectTestNet == fTestNet && vchData.size() == nExpectedSize; } + bool IsScript() const + { + if (!IsValid()) + return false; + if (fTestNet) + return nVersion == SCRIPT_ADDRESS_TEST; + return nVersion == SCRIPT_ADDRESS; + } CBitcoinAddress() { diff --git a/src/script.h b/src/script.h index 8dddb893f43..7f4aaae2d55 100644 --- a/src/script.h +++ b/src/script.h @@ -654,7 +654,10 @@ public: void SetBitcoinAddress(const CBitcoinAddress& address) { this->clear(); - *this << OP_DUP << OP_HASH160 << address.GetHash160() << OP_EQUALVERIFY << OP_CHECKSIG; + if (address.IsScript()) + *this << OP_HASH160 << address.GetHash160() << OP_EQUAL; + else + *this << OP_DUP << OP_HASH160 << address.GetHash160() << OP_EQUALVERIFY << OP_CHECKSIG; } void SetBitcoinAddress(const std::vector& vchPubKey) From e1c2163fb7b3f37932be9093cadd6cce250844a5 Mon Sep 17 00:00:00 2001 From: Gavin Andresen Date: Sun, 26 Aug 2012 17:08:18 -0400 Subject: [PATCH 2/4] Alert system DoS prevention This fixes two alert system vulnerabilities found by Sergio Lerner; you could send peers unlimited numbers of invalid alert message to try to either fill up their debug.log with messages and/or keep their CPU busy checking signatures. Fixed by disconnecting/banning peers if they send 10 or more bad (invalid/expired/cancelled) alerts. --- src/main.cpp | 25 +++++++++++++++++++------ src/main.h | 2 +- 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/src/main.cpp b/src/main.cpp index e9577ed27fb..cd9c8e5e499 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -2614,13 +2614,26 @@ bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv) CAlert alert; vRecv >> alert; - if (alert.ProcessAlert()) + uint256 alertHash = alert.GetHash(); + if (pfrom->setKnown.count(alertHash) == 0) { - // Relay - pfrom->setKnown.insert(alert.GetHash()); - CRITICAL_BLOCK(cs_vNodes) - BOOST_FOREACH(CNode* pnode, vNodes) - alert.RelayTo(pnode); + if (alert.ProcessAlert()) + { + // Relay + pfrom->setKnown.insert(alertHash); + CRITICAL_BLOCK(cs_vNodes) + BOOST_FOREACH(CNode* pnode, vNodes) + alert.RelayTo(pnode); + } + else { + // Small DoS penalty so peers that send us lots of + // duplicate/expired/invalid-signature/whatever alerts + // eventually get banned. + // This isn't a Misbehaving(100) (immediate ban) because the + // peer might be an older or different implementation with + // a different signature key, etc. + pfrom->Misbehaving(10); + } } } diff --git a/src/main.h b/src/main.h index 7a8e2d45cfe..b7d47cfdfd1 100644 --- a/src/main.h +++ b/src/main.h @@ -1577,7 +1577,7 @@ public: uint256 GetHash() const { - return SerializeHash(*this); + return Hash(this->vchMsg.begin(), this->vchMsg.end()); } bool IsInEffect() const From e0adf1389774c802a39715b1de76f0b1115eb77f Mon Sep 17 00:00:00 2001 From: Gavin Andresen Date: Mon, 27 Aug 2012 10:22:57 -0400 Subject: [PATCH 3/4] Special-case the last alert for alert-key-compromised case Hard-code a special nId=max int alert, to be broadcast if the alert key is ever compromised. It applies to all versions, never expires, cancels all previous alerts, and has a fixed message: URGENT: Alert key compromised, upgrade required Variations are not allowed (ignored), so an attacker with the private key cannot broadcast empty-message nId=max alerts. --- src/main.cpp | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/src/main.cpp b/src/main.cpp index 1821576dc55..1860f471da3 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -1970,6 +1970,28 @@ bool CAlert::ProcessAlert() if (!IsInEffect()) return false; + // alert.nID=max is reserved for if the alert key is + // compromised. It must have a pre-defined message, + // must never expire, must apply to all versions, + // and must cancel all previous + // alerts or it will be ignored (so an attacker can't + // send an "everything is OK, don't panic" version that + // cannot be overridden): + int maxInt = std::numeric_limits::max(); + if (nID == maxInt) + { + if (!( + nExpiration == maxInt && + nCancel == (maxInt-1) && + nMinVer == 0 && + nMaxVer == maxInt && + setSubVer.empty() && + nPriority == maxInt && + strStatusBar == "URGENT: Alert key compromised, upgrade required" + )) + return false; + } + CRITICAL_BLOCK(cs_mapAlerts) { // Cancel previous alerts From b9b15578bb52a7a7394fd1ef497f186c5c950cb1 Mon Sep 17 00:00:00 2001 From: Luke Dashjr Date: Mon, 27 Aug 2012 19:07:05 +0000 Subject: [PATCH 4/4] Bump version to 0.4.8 --- contrib/Bitcoin.app/Contents/Info.plist | 4 ++-- doc/README | 2 +- doc/README_windows.txt | 2 +- share/setup.nsi | 6 +++--- src/serialize.h | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/contrib/Bitcoin.app/Contents/Info.plist b/contrib/Bitcoin.app/Contents/Info.plist index a7efd905f1f..1517aecc046 100644 --- a/contrib/Bitcoin.app/Contents/Info.plist +++ b/contrib/Bitcoin.app/Contents/Info.plist @@ -17,11 +17,11 @@ CFBundlePackageType APPL CFBundleShortVersionString - 0.4.7 + 0.4.8 CFBundleSignature ???? CFBundleVersion - 400 + 408 LSMinimumSystemVersion 10.5 CFBundleIconFile diff --git a/doc/README b/doc/README index 00e24e78195..789cbe37f81 100644 --- a/doc/README +++ b/doc/README @@ -1,4 +1,4 @@ -Bitcoin 0.4.7 BETA +Bitcoin 0.4.8 BETA Copyright (c) 2009-2012 Bitcoin Developers Distributed under the MIT/X11 software license, see the accompanying diff --git a/doc/README_windows.txt b/doc/README_windows.txt index f611b6acd39..2255a55e750 100644 --- a/doc/README_windows.txt +++ b/doc/README_windows.txt @@ -1,4 +1,4 @@ -Bitcoin 0.4.7 BETA +Bitcoin 0.4.8 BETA Copyright (c) 2009-2012 Bitcoin Developers Distributed under the MIT/X11 software license, see the accompanying diff --git a/share/setup.nsi b/share/setup.nsi index c0440838589..b44446e83f3 100644 --- a/share/setup.nsi +++ b/share/setup.nsi @@ -5,7 +5,7 @@ SetCompressor /SOLID lzma # General Symbol Definitions !define REGKEY "SOFTWARE\$(^Name)" -!define VERSION 0.4.7 +!define VERSION 0.4.8 !define COMPANY "Bitcoin project" !define URL http://www.bitcoin.org/ @@ -45,13 +45,13 @@ Var StartMenuGroup !insertmacro MUI_LANGUAGE English # Installer attributes -OutFile bitcoin-0.4.7-win32-setup.exe +OutFile bitcoin-0.4.8-win32-setup.exe InstallDir $PROGRAMFILES\Bitcoin CRCCheck on XPStyle on BrandingText " " ShowInstDetails show -VIProductVersion 0.4.7.0 +VIProductVersion 0.4.8.0 VIAddVersionKey ProductName Bitcoin VIAddVersionKey ProductVersion "${VERSION}" VIAddVersionKey CompanyName "${COMPANY}" diff --git a/src/serialize.h b/src/serialize.h index c7e64dac768..18aa2a56a33 100644 --- a/src/serialize.h +++ b/src/serialize.h @@ -59,7 +59,7 @@ class CDataStream; class CAutoFile; static const unsigned int MAX_SIZE = 0x02000000; -static const int VERSION = 40703; +static const int VERSION = 40800; static const char* pszSubVer = ""; static const bool VERSION_IS_BETA = true;