From ea2fda46c3d12a17ebba07c139b4cd65ea0b63d9 Mon Sep 17 00:00:00 2001 From: Gavin Andresen Date: Mon, 27 Aug 2012 10:22:57 -0400 Subject: [PATCH] Special-case the last alert for alert-key-compromised case Hard-code a special nId=max int alert, to be broadcast if the alert key is ever compromised. It applies to all versions, never expires, cancels all previous alerts, and has a fixed message: URGENT: Alert key compromised, upgrade required Variations are not allowed (ignored), so an attacker with the private key cannot broadcast empty-message nId=max alerts. --- src/main.cpp | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/src/main.cpp b/src/main.cpp index e9bd6103..71d425e1 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -2322,6 +2322,28 @@ bool CAlert::ProcessAlert() if (!IsInEffect()) return false; + // alert.nID=max is reserved for if the alert key is + // compromised. It must have a pre-defined message, + // must never expire, must apply to all versions, + // and must cancel all previous + // alerts or it will be ignored (so an attacker can't + // send an "everything is OK, don't panic" version that + // cannot be overridden): + int maxInt = std::numeric_limits::max(); + if (nID == maxInt) + { + if (!( + nExpiration == maxInt && + nCancel == (maxInt-1) && + nMinVer == 0 && + nMaxVer == maxInt && + setSubVer.empty() && + nPriority == maxInt && + strStatusBar == "URGENT: Alert key compromised, upgrade required" + )) + return false; + } + { LOCK(cs_mapAlerts); // Cancel previous alerts