-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[vulnerability] Disconnect outbound peers on the invalid chain #2283
Comments
@patricklodder @rnicoll Who is working on this? How can I help? |
@patricklodder @rnicoll @michilumin This fix requires a significant amount of work to implement properly. See Bitcoins, #11490 ( bitcoin/bitcoin@d93fa26 ), where the merge description describes the kind of work I mean. For reference:
Subsequent to that, we will need to implement #11568 (bitcoin/bitcoin@4637f18), and then the mentioned above commit. I tried implementing only the suggest fix in the commit, but substantial changes will need to be made to src/net.h , src/net.cpp, src/net_processing.cpp, and possibly to src/validation.cpp as well --- I cant remember by now, after chasing so many logical nibles of code that needs to included to make that small suggestion above work. Unless someone's got a subtle idea to make it work, this is all I got for now. |
…logically equivalent to the old version but for when called as needed wuth first_invalid.
…ders even if from compact blocks (See BIP 152).
@patricklodder Given #2459, let's move this one as well to 1.14.5. |
Currently, the outbound peers on incompatible chains may use up outbound connection slots (the
ProcessMessage()
function insrc/net_processing.cpp
). If the block header is valid, but the block is known to be invalid, and the peer announces the same block as being on its active chain, the peer should be disconnected.A possible solution is to check whether the first invalid header in
mapBlockIndex
is at the end, if not, disconnect the peer (after line 1981 insrc/net_processing.cpp
).Similar fix from Bitcoin: bitcoin/bitcoin@37886d5.
Reported by
6004ed5feaa31ae9df36b5dbc60f0fa53255a5fb734334082c6d202405fc738c
.The text was updated successfully, but these errors were encountered: