Merge bitcoin#16885: doc: Update tx-size-small comment with relevant …

…CVE disclosure c4b0c08 Update tx-size-small comment with relevant CVE disclosure (Gregory Sanders) Pull request description: Code first introduced under bitcoin#11423 with essentially no description and no discussion. ACKs for top commit: MarcoFalke: ACK c4b0c08 fanquake: ACK c4b0c08 Tree-SHA512: 95d5c92998b8b1e944c477dbaee265b62612b6e815099ab31d9ff580b4dff777abaf7f326a284644709f918aa1510412d62310689b1250ef6e64de7b19ca9f71
Munkybooty · Jan 4, 2022 · 906672f · 906672f
1 parent 55934e8
commit 906672f
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/src/validation.cpp b/src/validation.cpp
@@ -552,7 +552,8 @@ static bool AcceptToMemoryPoolWorker(const CChainParams& chainparams, CTxMemPool
 
     // Do not work on transactions that are too small.
     // A transaction with 1 empty scriptSig input and 1 P2PKH output has size of 85 bytes.
-    // Transactions smaller than this are not relayed to reduce unnecessary malloc overhead.
+    // Transactions smaller than this are not relayed to mitigate CVE-2017-12842 by not relaying
+    // 64-byte transactions.
     if (::GetSerializeSize(tx, SER_NETWORK, PROTOCOL_VERSION) < MIN_STANDARD_TX_SIZE)
         return state.DoS(0, false, REJECT_NONSTANDARD, "tx-size-small");
 

diff --git a/test/functional/data/invalid_txs.py b/test/functional/data/invalid_txs.py
@@ -78,6 +78,8 @@ def get_tx(self):
         return tx
 
 
+# The following check prevents exploit of lack of merkle
+# tree depth commitment (CVE-2017-12842)
 class SizeTooSmall(BadTxTemplate):
     reject_reason = "tx-size-small"
     expect_disconnect = False