patched hole allowing attacker to enter masternode list with valid input

dashpay · Oct 7, 2014 · fe9fddb · fe9fddb
1 parent 6f8352c
commit fe9fddb
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 1 deletion.
diff --git a/src/clientversion.h b/src/clientversion.h
@@ -9,7 +9,7 @@
 #define CLIENT_VERSION_MAJOR       0
 #define CLIENT_VERSION_MINOR       10
 #define CLIENT_VERSION_REVISION    14
-#define CLIENT_VERSION_BUILD       0
+#define CLIENT_VERSION_BUILD       1
 
 // Set to true for release, false for prerelease or test build
 #define CLIENT_VERSION_IS_RELEASE  true

diff --git a/src/darksend.cpp b/src/darksend.cpp
@@ -1599,6 +1599,23 @@ int CDarkSendPool::GetDenominationsByAmount(int64 nAmount){
     return GetDenominations(vout1);
 }
 
+bool CDarkSendSigner::IsVinAssociatedWithPubkey(CTxIn& vin, CPubKey& pubkey){
+    CScript payee2;
+    payee2.SetDestination(pubkey.GetID());
+
+    CTransaction txVin;
+    uint256 hash;
+    if(GetTransaction(vin.prevout.hash, txVin, hash, true)){
+        BOOST_FOREACH(CTxOut out, txVin.vout){
+            if(out.nValue == 1000*COIN){
+                if(out.scriptPubKey == payee2) return true;
+            }
+        }
+    }
+
+    return false;
+}
+
 bool CDarkSendSigner::SetKey(std::string strSecret, std::string& errorMessage, CKey& key, CPubKey& pubkey){
     CBitcoinSecret vchSecret;
     bool fGood = vchSecret.SetString(strSecret);

diff --git a/src/darksend.h b/src/darksend.h
@@ -221,6 +221,7 @@ class CDarksendQueue
 class CDarkSendSigner
 {
 public:
+    bool IsVinAssociatedWithPubkey(CTxIn& vin, CPubKey& pubkey);
     bool SetKey(std::string strSecret, std::string& errorMessage, CKey& key, CPubKey& pubkey);
     bool SignMessage(std::string strMessage, std::string& errorMessage, std::vector<unsigned char>& vchSig, CKey key);
     bool VerifyMessage(CPubKey pubkey, std::vector<unsigned char>& vchSig, std::string strMessage, std::string& errorMessage);

diff --git a/src/main.cpp b/src/main.cpp
@@ -4216,6 +4216,11 @@ bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv)
             return false;  
         }
 
+        if(!darkSendSigner.IsVinAssociatedWithPubkey(vin, pubkey)) {
+            LogPrintf("dsee - Got mismatched pubkey and vin\n");
+            return false;
+        }
+
         std::string errorMessage = "";
         if(!darkSendSigner.VerifyMessage(pubkey, vchSig, strMessage, errorMessage)){
             LogPrintf("dsee - Got bad masternode address signature\n");