From 97ee01ad898b0699c2319a1283313881ef4ba430 Mon Sep 17 00:00:00 2001 From: s_nakamoto Date: Sun, 12 Dec 2010 18:20:36 +0000 Subject: [PATCH 1/2] added some DoS limits, removed safe mode git-svn-id: https://bitcoin.svn.sourceforge.net/svnroot/bitcoin/trunk@199 1a98c847-1fd6-4fd8-948a-caf3550aa51b --- main.cpp | 45 ++++++++++++++++++++++++++++++++++++--------- rpc.cpp | 30 ------------------------------ serialize.h | 2 +- 3 files changed, 37 insertions(+), 40 deletions(-) diff --git a/main.cpp b/main.cpp index 10d482d8..6e7cb3ea 100644 --- a/main.cpp +++ b/main.cpp @@ -571,10 +571,15 @@ bool CTransaction::AcceptToMemoryPool(CTxDB& txdb, bool fCheckInputs, bool* pfMi if ((int64)nLockTime > INT_MAX) return error("AcceptToMemoryPool() : not accepting nLockTime beyond 2038 yet"); - // Rather not work on nonstandard transactions - if (!IsStandard() || GetSigOpCount() > 2 || ::GetSerializeSize(*this, SER_NETWORK) < 100) + // Safety limits + unsigned int nSize = ::GetSerializeSize(*this, SER_NETWORK); + if (GetSigOpCount() > 2 || nSize < 100) return error("AcceptToMemoryPool() : nonstandard transaction"); + // Rather not work on nonstandard transactions + if (!IsStandard()) + return error("AcceptToMemoryPool() : nonstandard transaction type"); + // Do we already have it? uint256 hash = GetHash(); CRITICAL_BLOCK(cs_mapTransactions) @@ -612,14 +617,36 @@ bool CTransaction::AcceptToMemoryPool(CTxDB& txdb, bool fCheckInputs, bool* pfMi } } - // Check against previous transactions - map mapUnused; - int64 nFees = 0; - if (fCheckInputs && !ConnectInputs(txdb, mapUnused, CDiskTxPos(1,1,1), pindexBest, nFees, false, false)) + if (fCheckInputs) { - if (pfMissingInputs) - *pfMissingInputs = true; - return error("AcceptToMemoryPool() : ConnectInputs failed %s", hash.ToString().substr(0,10).c_str()); + // Check against previous transactions + map mapUnused; + int64 nFees = 0; + if (!ConnectInputs(txdb, mapUnused, CDiskTxPos(1,1,1), pindexBest, nFees, false, false)) + { + if (pfMissingInputs) + *pfMissingInputs = true; + return error("AcceptToMemoryPool() : ConnectInputs failed %s", hash.ToString().substr(0,10).c_str()); + } + + // Don't accept it if it can't get into a block + if (nFees < GetMinFee(1000)) + return error("AcceptToMemoryPool() : not enough fees"); + + // Limit free transactions per 10 minutes + if (nFees < CENT && GetBoolArg("-limitfreerelay")) + { + static int64 nNextReset; + static int64 nFreeCount; + if (GetTime() > nNextReset) + { + nNextReset = GetTime() + 10 * 60; + nFreeCount = 0; + } + if (nFreeCount > 150000 && !IsFromMe()) + return error("AcceptToMemoryPool() : free transaction rejected by rate limiter"); + nFreeCount += nSize; + } } // Store transaction in memory diff --git a/rpc.cpp b/rpc.cpp index b9ed61de..49e87e56 100644 --- a/rpc.cpp +++ b/rpc.cpp @@ -1178,31 +1178,6 @@ pair pCallTable[] = }; map mapCallTable(pCallTable, pCallTable + sizeof(pCallTable)/sizeof(pCallTable[0])); -string pAllowInSafeMode[] = -{ - "help", - "stop", - "getblockcount", - "getblocknumber", - "getconnectioncount", - "getdifficulty", - "getgenerate", - "setgenerate", - "gethashespersec", - "getinfo", - "getnewaddress", - "getaccountaddress", - "setlabel", - "getaccount", - "getlabel", // deprecated - "getaddressesbyaccount", - "getaddressesbylabel", // deprecated - "backupwallet", - "validateaddress", - "getwork", -}; -set setAllowInSafeMode(pAllowInSafeMode, pAllowInSafeMode + sizeof(pAllowInSafeMode)/sizeof(pAllowInSafeMode[0])); - @@ -1640,11 +1615,6 @@ void ThreadRPCServer2(void* parg) if (mi == mapCallTable.end()) throw JSONRPCError(-32601, "Method not found"); - // Observe safe mode - string strWarning = GetWarnings("rpc"); - if (strWarning != "" && !GetBoolArg("-disablesafemode") && !setAllowInSafeMode.count(strMethod)) - throw JSONRPCError(-2, string("Safe mode: ") + strWarning); - try { // Execute diff --git a/serialize.h b/serialize.h index 4e90b76c..ad9fb9fa 100644 --- a/serialize.h +++ b/serialize.h @@ -25,7 +25,7 @@ class CDataStream; class CAutoFile; static const unsigned int MAX_SIZE = 0x02000000; -static const int VERSION = 31800; +static const int VERSION = 31801; static const char* pszSubVer = ""; From 986b5e257e2bb9d7aaed5111ca335732f8808b2d Mon Sep 17 00:00:00 2001 From: s_nakamoto Date: Sun, 12 Dec 2010 18:38:02 +0000 Subject: [PATCH 2/2] correction git-svn-id: https://bitcoin.svn.sourceforge.net/svnroot/bitcoin/trunk@200 1a98c847-1fd6-4fd8-948a-caf3550aa51b --- main.cpp | 1 - main.h | 10 ++++------ rpc.cpp | 30 ++++++++++++++++++++++++++++++ 3 files changed, 34 insertions(+), 7 deletions(-) diff --git a/main.cpp b/main.cpp index 6e7cb3ea..1d9b35b5 100644 --- a/main.cpp +++ b/main.cpp @@ -1953,7 +1953,6 @@ string GetWarnings(string strFor) { nPriority = alert.nPriority; strStatusBar = alert.strStatusBar; - strRPC = alert.strRPCError; } } } diff --git a/main.h b/main.h index 0b950e80..088e2860 100644 --- a/main.h +++ b/main.h @@ -1754,7 +1754,7 @@ public: // Actions string strComment; string strStatusBar; - string strRPCError; + string strReserved; IMPLEMENT_SERIALIZE ( @@ -1772,7 +1772,7 @@ public: READWRITE(strComment); READWRITE(strStatusBar); - READWRITE(strRPCError); + READWRITE(strReserved); ) void SetNull() @@ -1790,7 +1790,7 @@ public: strComment.clear(); strStatusBar.clear(); - strRPCError.clear(); + strReserved.clear(); } string ToString() const @@ -1815,7 +1815,6 @@ public: " nPriority = %d\n" " strComment = \"%s\"\n" " strStatusBar = \"%s\"\n" - " strRPCError = \"%s\"\n" ")\n", nVersion, nRelayUntil, @@ -1828,8 +1827,7 @@ public: strSetSubVer.c_str(), nPriority, strComment.c_str(), - strStatusBar.c_str(), - strRPCError.c_str()); + strStatusBar.c_str()); } void print() const diff --git a/rpc.cpp b/rpc.cpp index 49e87e56..b9ed61de 100644 --- a/rpc.cpp +++ b/rpc.cpp @@ -1178,6 +1178,31 @@ pair pCallTable[] = }; map mapCallTable(pCallTable, pCallTable + sizeof(pCallTable)/sizeof(pCallTable[0])); +string pAllowInSafeMode[] = +{ + "help", + "stop", + "getblockcount", + "getblocknumber", + "getconnectioncount", + "getdifficulty", + "getgenerate", + "setgenerate", + "gethashespersec", + "getinfo", + "getnewaddress", + "getaccountaddress", + "setlabel", + "getaccount", + "getlabel", // deprecated + "getaddressesbyaccount", + "getaddressesbylabel", // deprecated + "backupwallet", + "validateaddress", + "getwork", +}; +set setAllowInSafeMode(pAllowInSafeMode, pAllowInSafeMode + sizeof(pAllowInSafeMode)/sizeof(pAllowInSafeMode[0])); + @@ -1615,6 +1640,11 @@ void ThreadRPCServer2(void* parg) if (mi == mapCallTable.end()) throw JSONRPCError(-32601, "Method not found"); + // Observe safe mode + string strWarning = GetWarnings("rpc"); + if (strWarning != "" && !GetBoolArg("-disablesafemode") && !setAllowInSafeMode.count(strMethod)) + throw JSONRPCError(-2, string("Safe mode: ") + strWarning); + try { // Execute