Browse Source
This fixes two alert system vulnerabilities found by Sergio Lerner; you could send peers unlimited numbers of invalid alert message to try to either fill up their debug.log with messages and/or keep their CPU busy checking signatures. Fixed by disconnecting/banning peers if they send 10 or more bad (invalid/expired/cancelled) alerts.0.8
Gavin Andresen
13 years ago
2 changed files with 20 additions and 7 deletions
Loading…
Reference in new issue