summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJorge Timón <jtimon@jtimon.cc>2017-01-04 15:45:54 +0100
committerbitcoindev <bitcoindev@gnusha.org>2017-01-04 14:45:56 +0000
commit198c07b25aa9f6616dfc28808e3fb5cdaa3e58f6 (patch)
tree211846575474acb6e4a284fbf6398d05fd00836e
parent789e7ccb4ba28913ef526ac274c6dc945bf9b01a (diff)
downloadpi-bitcoindev-198c07b25aa9f6616dfc28808e3fb5cdaa3e58f6.tar.gz
pi-bitcoindev-198c07b25aa9f6616dfc28808e3fb5cdaa3e58f6.zip
Re: [bitcoin-dev] Script Abuse Potential?
-rw-r--r--d3/db9677635bd5353342c18a17bdadb8c65b8b3a315
1 files changed, 315 insertions, 0 deletions
diff --git a/d3/db9677635bd5353342c18a17bdadb8c65b8b3a b/d3/db9677635bd5353342c18a17bdadb8c65b8b3a
new file mode 100644
index 000000000..f4efc9281
--- /dev/null
+++ b/d3/db9677635bd5353342c18a17bdadb8c65b8b3a
@@ -0,0 +1,315 @@
+Return-Path: <jtimon@jtimon.cc>
+Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
+ [172.17.192.35])
+ by mail.linuxfoundation.org (Postfix) with ESMTPS id D596DB3E
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Wed, 4 Jan 2017 14:45:56 +0000 (UTC)
+X-Greylist: whitelisted by SQLgrey-1.7.6
+Received: from mail-ua0-f181.google.com (mail-ua0-f181.google.com
+ [209.85.217.181])
+ by smtp1.linuxfoundation.org (Postfix) with ESMTPS id DD1D8108
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Wed, 4 Jan 2017 14:45:55 +0000 (UTC)
+Received: by mail-ua0-f181.google.com with SMTP id i68so247384687uad.0
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Wed, 04 Jan 2017 06:45:55 -0800 (PST)
+DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
+ d=jtimon-cc.20150623.gappssmtp.com; s=20150623;
+ h=mime-version:in-reply-to:references:from:date:message-id:subject:to
+ :cc; bh=EomjKsUL6ta0ZOzOWC4/GcdT8VnodX90+CseSxd3UyY=;
+ b=aUl/Tm3sTc+ZkI7Zjl6bOTF5VdI8CL8fG9jtULi6TwLSshKujO9sIY2mXpnvuM24+v
+ 3SeOdqnCUtX98bERfLMOiv+mL06QHKWbQuQQoGrU4giqTb+DW5A2VPDouRDar020+SgB
+ 6xTVHft6BlX+uc8rq+08C3as05/qlDR8GZLaqYhV9OvRgQexy+dtOiiLIMw8FQ92pxpf
+ TET/TS2QvfKBIIDwdtdUhDkiJR4xapTOpVGsaIzuTgfUPssIfsEOOrTv6clEZ1Y5jZGf
+ eoBUAHFP2Wwr5cSdiFDyGKd5AOWs64kqLKhD/HlxjxwyD4Ar6D2L1PBDLHB12G0QlNP4
+ LWrg==
+X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
+ d=1e100.net; s=20161025;
+ h=x-gm-message-state:mime-version:in-reply-to:references:from:date
+ :message-id:subject:to:cc;
+ bh=EomjKsUL6ta0ZOzOWC4/GcdT8VnodX90+CseSxd3UyY=;
+ b=FbnwnbCnXXqzZMMKJ0zI6d5LuOpVuGputr8tgFiPEfGBLck5yZXMVE5GDcUB+GJZwN
+ 5yA0Xuwaa7qeKlynKHDWZCyxSvezNn0e2UXBZPBOcj65zFlKWq3Iiz0qzzOqeUZFvJJ4
+ SFc5fZXWd/9m9BNHIbMWYSg8yddfMJBaNLmagIwi/nNHJpV+UMyxfRbVpWm8O7TfTKba
+ QdgFTRMFSbFL7xXR9Q4j1bGsD5+i68SD1uoyTikhiLYFa+/xn6RjUozMNkiJqBOUK95B
+ 4aEjCL0rOedstJ4H1DNbRH9ctDEIT7nwOWesVBZtFEkMDKq9DxXqQuZxDRvgpqgv+SWw
+ dG+A==
+X-Gm-Message-State: AIkVDXIMZa8zDuJhxnY+J9m7hcIuMWC2IlEo9XwHayVFoRQiBLvc9Ys1rV8kS9qksiJ+E4J4lsyc/8hgvhywMw==
+X-Received: by 10.176.84.8 with SMTP id n8mr49944915uaa.29.1483541154889; Wed,
+ 04 Jan 2017 06:45:54 -0800 (PST)
+MIME-Version: 1.0
+Received: by 10.31.216.130 with HTTP; Wed, 4 Jan 2017 06:45:54 -0800 (PST)
+Received: by 10.31.216.130 with HTTP; Wed, 4 Jan 2017 06:45:54 -0800 (PST)
+In-Reply-To: <CAMZUoK=-3dGapPQTfKdd4oMQukiTyN1v123Yjo4ihO6YOHuBZQ@mail.gmail.com>
+References: <mailman.11263.1483391161.31141.bitcoin-dev@lists.linuxfoundation.org>
+ <400152B9-1838-432A-829E-13E4FC54320C@gmail.com>
+ <CAD5xwhjHFzFzKws10TG-XioZoRVZ_oZbMF_xDOy5xNWtzFTsEw@mail.gmail.com>
+ <6A91D4E4-750D-42C0-B593-3D5014B8A3F7@xbt.hk>
+ <CAD5xwhg3QeHZF1Oepo3dnCAth0EO3wCqyeT4a21gQ2uxZ5dTfQ@mail.gmail.com>
+ <CAMZUoK=-3dGapPQTfKdd4oMQukiTyN1v123Yjo4ihO6YOHuBZQ@mail.gmail.com>
+From: =?UTF-8?B?Sm9yZ2UgVGltw7Nu?= <jtimon@jtimon.cc>
+Date: Wed, 4 Jan 2017 15:45:54 +0100
+Message-ID: <CABm2gDr-8h6EszsKRpJq6OCNnTUjmPvN_K3pYzyeNT3z2Lu94w@mail.gmail.com>
+To: "Russell O'Connor" <roconnor@blockstream.io>,
+ Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
+Content-Type: multipart/alternative; boundary=94eb2c1b2d7e8c6e61054545d70e
+X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
+ DKIM_VALID, HTML_MESSAGE, RCVD_IN_DNSWL_NONE,
+ RCVD_IN_SORBS_SPAM autolearn=no version=3.3.1
+X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
+ smtp1.linux-foundation.org
+Cc: Steve Davis <steven.charles.davis@gmail.com>
+Subject: Re: [bitcoin-dev] Script Abuse Potential?
+X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
+X-Mailman-Version: 2.1.12
+Precedence: list
+List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
+List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
+ <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
+List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
+List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
+List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
+List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
+ <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
+X-List-Received-Date: Wed, 04 Jan 2017 14:45:57 -0000
+
+--94eb2c1b2d7e8c6e61054545d70e
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: quoted-printable
+
+I would assume that the controversial part of op_cat comes from the fact
+that it enables covenants. Are there more concerns than that?
+
+On 4 Jan 2017 04:14, "Russell O'Connor via bitcoin-dev" <
+bitcoin-dev@lists.linuxfoundation.org> wrote:
+
+> For the record, the OP_CAT limit of 520 bytes was added by Satoshi
+> <https://github.com/bitcoin/bitcoin/commit/4bd188c4383d6e614e18f79dc337fb=
+abe8464c82#diff-8458adcedc17d046942185cb709ff5c3R425>
+> on the famous August 15, 2010 "misc" commit, at the same time that OP_CAT
+> was disabled.
+> The previous limit was 5000 bytes.
+>
+> On Tue, Jan 3, 2017 at 7:13 PM, Jeremy via bitcoin-dev <bitcoin-dev@lists=
+.
+> linuxfoundation.org> wrote:
+>
+>> Sure, was just upper bounding it anyways. Even less of a problem!
+>>
+>>
+>> RE: OP_CAT, not as OP_CAT was specified, which is why it was disabled. A=
+s
+>> far as I know, the elements alpha proposal to reenable a limited op_cat =
+to
+>> 520 bytes is somewhat controversial...
+>>
+>>
+>>
+>> --
+>> @JeremyRubin <https://twitter.com/JeremyRubin>
+>> <https://twitter.com/JeremyRubin>
+>>
+>> On Mon, Jan 2, 2017 at 10:39 PM, Johnson Lau <jl2012@xbt.hk> wrote:
+>>
+>>> No, there could only have not more than 201 opcodes in a script. So you
+>>> may have 198 OP_2DUP at most, i.e. 198 * 520 * 2 =3D 206kB
+>>>
+>>> For OP_CAT, just check if the returned item is within the 520 bytes
+>>> limit.
+>>>
+>>> On 3 Jan 2017, at 11:27, Jeremy via bitcoin-dev <
+>>> bitcoin-dev@lists.linuxfoundation.org> wrote:
+>>>
+>>> It is an unfortunate script, but can't actually
+>>> =E2=80=8Bdo
+>>> that much
+>>> =E2=80=8B it seems=E2=80=8B
+>>> . The MAX_SCRIPT_ELEMENT_SIZE =3D 520 Bytes.
+>>> =E2=80=8B Thus, it would seem the worst you could do with this would be=
+ to (10000-520*2)*520*2
+>>> bytes ~=3D~ 10 MB.
+>>>
+>>> =E2=80=8BMuch more concerning would be the op_dup/op_cat style bug, whi=
+ch under
+>>> a similar script =E2=80=8Bwould certainly cause out of memory errors :)
+>>>
+>>>
+>>>
+>>> --
+>>> @JeremyRubin <https://twitter.com/JeremyRubin>
+>>> <https://twitter.com/JeremyRubin>
+>>>
+>>> On Mon, Jan 2, 2017 at 4:39 PM, Steve Davis via bitcoin-dev <
+>>> bitcoin-dev@lists.linuxfoundation.org> wrote:
+>>>
+>>>> Hi all,
+>>>>
+>>>> Suppose someone were to use the following pk_script:
+>>>>
+>>>> [op_2dup, op_2dup, op_2dup, op_2dup, op_2dup, ...(to limit)...,
+>>>> op_2dup, op_hash160, <addr_hash>, op_equalverify, op_checksig]
+>>>>
+>>>> This still seems to be valid AFAICS, and may be a potential attack
+>>>> vector?
+>>>>
+>>>> Thanks.
+>>>>
+>>>>
+>>>> _______________________________________________
+>>>> bitcoin-dev mailing list
+>>>> bitcoin-dev@lists.linuxfoundation.org
+>>>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
+>>>>
+>>>>
+>>> _______________________________________________
+>>> bitcoin-dev mailing list
+>>> bitcoin-dev@lists.linuxfoundation.org
+>>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
+>>>
+>>>
+>>>
+>>
+>> _______________________________________________
+>> bitcoin-dev mailing list
+>> bitcoin-dev@lists.linuxfoundation.org
+>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
+>>
+>>
+>
+> _______________________________________________
+> bitcoin-dev mailing list
+> bitcoin-dev@lists.linuxfoundation.org
+> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
+>
+>
+
+--94eb2c1b2d7e8c6e61054545d70e
+Content-Type: text/html; charset=UTF-8
+Content-Transfer-Encoding: quoted-printable
+
+<div dir=3D"auto">I would assume that the controversial part of op_cat come=
+s from the fact that it enables covenants. Are there more concerns than tha=
+t?</div><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">On 4 Jan =
+2017 04:14, &quot;Russell O&#39;Connor via bitcoin-dev&quot; &lt;<a href=3D=
+"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.linuxfound=
+ation.org</a>&gt; wrote:<br type=3D"attribution"><blockquote class=3D"gmail=
+_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:=
+1ex"><div dir=3D"ltr"><div>For the record, the OP_CAT limit of 520 bytes wa=
+s <a href=3D"https://github.com/bitcoin/bitcoin/commit/4bd188c4383d6e614e18=
+f79dc337fbabe8464c82#diff-8458adcedc17d046942185cb709ff5c3R425" target=3D"_=
+blank">added by Satoshi</a> on the famous August 15, 2010 &quot;misc&quot; =
+commit, at the same time that OP_CAT was disabled.<br></div>The previous li=
+mit was 5000 bytes.<br><div><div class=3D"gmail_extra"><br><div class=3D"gm=
+ail_quote">On Tue, Jan 3, 2017 at 7:13 PM, Jeremy via bitcoin-dev <span dir=
+=3D"ltr">&lt;<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" targe=
+t=3D"_blank">bitcoin-dev@lists.<wbr>linuxfoundation.org</a>&gt;</span> wrot=
+e:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-l=
+eft:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr"><div style=3D"font-fa=
+mily:arial,helvetica,sans-serif;font-size:small;color:#000000">Sure, was ju=
+st upper bounding it anyways. Even less of a problem!</div><div style=3D"fo=
+nt-family:arial,helvetica,sans-serif;font-size:small;color:#000000"><br></d=
+iv><div style=3D"font-family:arial,helvetica,sans-serif;font-size:small;col=
+or:#000000"><br></div><div style=3D"font-family:arial,helvetica,sans-serif;=
+font-size:small;color:#000000">RE: OP_CAT, not as OP_CAT was specified, whi=
+ch is why it was disabled. As far as I know, the elements alpha proposal to=
+ reenable a limited op_cat to 520 bytes is somewhat controversial...</div><=
+div style=3D"font-family:arial,helvetica,sans-serif;font-size:small;color:#=
+000000"><br></div><div style=3D"font-family:arial,helvetica,sans-serif;font=
+-size:small;color:#000000"><br></div><div class=3D"gmail_extra"><br clear=
+=3D"all"><div><div class=3D"m_7822325097514973326m_6723432281491834920m_-62=
+03106839964574959gmail_signature" data-smartmail=3D"gmail_signature"><div d=
+ir=3D"ltr">--<br><a href=3D"https://twitter.com/JeremyRubin" target=3D"_bla=
+nk">@JeremyRubin</a><a href=3D"https://twitter.com/JeremyRubin" target=3D"_=
+blank"></a></div></div></div><div><div class=3D"m_7822325097514973326h5">
+<br><div class=3D"gmail_quote">On Mon, Jan 2, 2017 at 10:39 PM, Johnson Lau=
+ <span dir=3D"ltr">&lt;<a href=3D"mailto:jl2012@xbt.hk" target=3D"_blank">j=
+l2012@xbt.hk</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" sty=
+le=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div s=
+tyle=3D"word-wrap:break-word"><div>No, there could only have not more than =
+201 opcodes in a script. So you may have 198 OP_2DUP at most, i.e. 198 * 52=
+0 * 2 =3D 206kB</div><div><br></div><div>For OP_CAT, just check if the retu=
+rned item is within the 520 bytes limit.</div><div><div class=3D"m_78223250=
+97514973326m_6723432281491834920m_-6203106839964574959h5"><br><div><blockqu=
+ote type=3D"cite"><div>On 3 Jan 2017, at 11:27, Jeremy via bitcoin-dev &lt;=
+<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
+bitcoin-dev@lists.linuxfounda<wbr>tion.org</a>&gt; wrote:</div><br class=3D=
+"m_7822325097514973326m_6723432281491834920m_-6203106839964574959m_65987160=
+0986875938Apple-interchange-newline"><div><div dir=3D"ltr"><div style=3D"fo=
+nt-family:arial,helvetica,sans-serif;font-size:small"><span style=3D"font-f=
+amily:arial,sans-serif;color:rgb(34,34,34);font-size:12.800000190734863px">=
+It is an unfortunate script, but can&#39;t actually=C2=A0</span><div style=
+=3D"display:inline">=E2=80=8Bdo</div><span style=3D"font-family:arial,sans-=
+serif;color:rgb(34,34,34);font-size:12.800000190734863px">=C2=A0that much</=
+span><div style=3D"display:inline">=E2=80=8B it seems=E2=80=8B</div><span s=
+tyle=3D"font-family:arial,sans-serif;color:rgb(34,34,34);font-size:12.80000=
+0190734863px">. The MAX_SCRIPT_ELEMENT_SIZE =3D 520 Bytes.</span><div style=
+=3D"font-family:arial,sans-serif;color:rgb(34,34,34);font-size:12.800000190=
+734863px;display:inline"><font face=3D"arial, helvetica, sans-serif">=E2=80=
+=8B Thus, it would seem the worst you could do with this would be to=C2=A0<=
+/font>(10000-520*2)*520*2 bytes =C2=A0~=3D~ 10 MB.</div></div><div style=3D=
+"font-size:12.800000190734863px"><br></div><div style=3D"font-size:12.80000=
+0190734863px"><div style=3D"font-family:arial,helvetica,sans-serif;font-siz=
+e:small">=E2=80=8BMuch more concerning would be the op_dup/op_cat style bug=
+, which under a similar script =E2=80=8Bwould certainly cause out of memory=
+ errors :)</div><div><br></div></div></div><div class=3D"gmail_extra"><br c=
+lear=3D"all"><div><br clear=3D"all"><div><div class=3D"m_782232509751497332=
+6m_6723432281491834920m_-6203106839964574959m_659871600986875938gmail_signa=
+ture" data-smartmail=3D"gmail_signature"><div dir=3D"ltr">--<br><a href=3D"=
+https://twitter.com/JeremyRubin" target=3D"_blank">@JeremyRubin</a><a href=
+=3D"https://twitter.com/JeremyRubin" target=3D"_blank"></a></div></div></di=
+v>
+</div>
+<br><div class=3D"gmail_quote">On Mon, Jan 2, 2017 at 4:39 PM, Steve Davis =
+via bitcoin-dev <span dir=3D"ltr">&lt;<a href=3D"mailto:bitcoin-dev@lists.l=
+inuxfoundation.org" target=3D"_blank">bitcoin-dev@lists.linuxfounda<wbr>tio=
+n.org</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"m=
+argin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style=3D=
+"word-wrap:break-word"><div><div style=3D"color:rgb(34,34,34);font-family:a=
+rial,sans-serif;font-size:12.800000190734863px">Hi all,</div><div style=3D"=
+color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8000001907348=
+63px"><br></div><div style=3D"color:rgb(34,34,34);font-family:arial,sans-se=
+rif;font-size:12.800000190734863px">Suppose someone were to use the followi=
+ng pk_script:</div><div style=3D"color:rgb(34,34,34);font-family:arial,sans=
+-serif;font-size:12.800000190734863px"><br></div><div class=3D"m_7822325097=
+514973326m_6723432281491834920m_-6203106839964574959m_659871600986875938m_-=
+8615729711671762748m_8591747901013163489gmail_signature" style=3D"color:rgb=
+(34,34,34);font-family:arial,sans-serif;font-size:12.800000190734863px"><di=
+v dir=3D"ltr">[op_2dup, op_2dup, op_2dup, op_2dup, op_2dup, ...(to limit)..=
+., op_2dup,=C2=A0op_hash160, &lt;addr_hash&gt;, op_equalverify, op_checksig=
+]</div><div dir=3D"ltr"><br></div><div>This still seems to be valid AFAICS,=
+ and may be a potential attack vector?</div><div><br></div><div>Thanks.</di=
+v></div></div><div><br></div></div><br>______________________________<wbr>_=
+________________<br>
+bitcoin-dev mailing list<br>
+<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
+bitcoin-dev@lists.linuxfoundat<wbr>ion.org</a><br>
+<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
+rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.<wbr>org=
+/mailman/listinfo/bitcoin-d<wbr>ev</a><br>
+<br></blockquote></div><br></div>
+______________________________<wbr>_________________<br>bitcoin-dev mailing=
+ list<br><a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D=
+"_blank">bitcoin-dev@lists.linuxfoundat<wbr>ion.org</a><br><a href=3D"https=
+://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" target=3D"_blank=
+">https://lists.linuxfoundation.<wbr>org/mailman/listinfo/bitcoin-d<wbr>ev<=
+/a><br></div></blockquote></div><br></div></div></div></blockquote></div><b=
+r></div></div></div></div>
+<br>______________________________<wbr>_________________<br>
+bitcoin-dev mailing list<br>
+<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
+bitcoin-dev@lists.linuxfoundat<wbr>ion.org</a><br>
+<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
+rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.<wbr>org=
+/mailman/listinfo/bitcoin-d<wbr>ev</a><br>
+<br></blockquote></div><br></div></div></div>
+<br>______________________________<wbr>_________________<br>
+bitcoin-dev mailing list<br>
+<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.=
+<wbr>linuxfoundation.org</a><br>
+<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
+rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.<wbr>org=
+/mailman/listinfo/bitcoin-<wbr>dev</a><br>
+<br></blockquote></div></div>
+
+--94eb2c1b2d7e8c6e61054545d70e--
+