kvazar/kevacoin
1
0
Fork 0
mirror of https://github.com/kvazar-network/kevacoin.git synced 2025-01-10 23:27:54 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #4952

Browse Source 
01c2807 Add warning about the merkle-tree algorithm duplicate txid flaw (Peter Todd)
This commit is contained in:
Wladimir J. van der Laan 2014-09-22 09:03:36 +02:00
commit 5547f08ec7
No known key found for this signature in database
GPG Key ID: 74810B012346C9A6
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/core.cpp
View File

@ -226,6 +226,13 @@ uint256 CBlockHeader::GetHash() const
uint256 CBlock::BuildMerkleTree() const uint256 CBlock::BuildMerkleTree() const
{ {
// WARNING! If you're reading this because you're learning about crypto
// and/or designing a new system that will use merkle trees, keep in mind
// that the following merkle tree algorithm has a serious flaw related to
// duplicate txids, resulting in a vulnerability. (CVE-2012-2459) Bitcoin
// has since worked around the flaw, but for new applications you should
// use something different; don't just copy-and-paste this code without
// understanding the problem first.
vMerkleTree.clear(); vMerkleTree.clear();
BOOST_FOREACH(const CTransaction& tx, vtx) BOOST_FOREACH(const CTransaction& tx, vtx)
vMerkleTree.push_back(tx.GetHash()); vMerkleTree.push_back(tx.GetHash());