summaryrefslogtreecommitdiff
path: root/9a/df7b02ef7bc86d02b1b828b16a0f4af90f7c95
blob: 51068d982a829dc56ff1570356c4fa5ce2f099b9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
	helo=mx.sourceforge.net)
	by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <gavinandresen@gmail.com>) id 1Reqa5-0005vG-6K
	for bitcoin-development@lists.sourceforge.net;
	Sun, 25 Dec 2011 16:05:49 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.212.175 as permitted sender)
	client-ip=209.85.212.175; envelope-from=gavinandresen@gmail.com;
	helo=mail-wi0-f175.google.com; 
Received: from mail-wi0-f175.google.com ([209.85.212.175])
	by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.76) id 1Reqa4-0007Px-Fr
	for bitcoin-development@lists.sourceforge.net;
	Sun, 25 Dec 2011 16:05:49 +0000
Received: by wibhq7 with SMTP id hq7so6027505wib.34
	for <bitcoin-development@lists.sourceforge.net>;
	Sun, 25 Dec 2011 08:05:42 -0800 (PST)
MIME-Version: 1.0
Received: by 10.180.19.74 with SMTP id c10mr47408363wie.8.1324829142397; Sun,
	25 Dec 2011 08:05:42 -0800 (PST)
Received: by 10.223.156.77 with HTTP; Sun, 25 Dec 2011 08:05:42 -0800 (PST)
Date: Sun, 25 Dec 2011 11:05:42 -0500
Message-ID: <CABsx9T0AQMYxBh_Bq3ZfviU94CbszP264eKJHwj5akQNbTTrNA@mail.gmail.com>
From: Gavin Andresen <gavinandresen@gmail.com>
To: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Content-Type: text/plain; charset=ISO-8859-1
X-Spam-Score: -1.6 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
	(gavinandresen[at]gmail.com)
	-0.0 SPF_PASS               SPF: sender matches SPF record
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1Reqa4-0007Px-Fr
Subject: [Bitcoin-development] IMPORTANT: if you are running latest git HEAD
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sun, 25 Dec 2011 16:05:49 -0000

Reposted from the forums:

makomk reported a remote vulnerability that I pulled into the master
bitcoin/bitcoin tree on December 20. If you are running git-HEAD code
on the production network you should pull the latest code to get the
bug fixed.

This affects only anybody who has pulled and compiled their own
bitcoind/bitcoin-qt from the source tree in the last 5 days.

Gory details:

I made a mistake.  I refactored the ConnectInputs() function into two
pieces (FetchInputs() and ConnectInputs()), and should have duplicated
a check in ConnectInputs for an out-of-range
previous-transaction-output in the FetchInputs() method.  The result
was a new method I wrote to help prevent a possible OP_EVAL-related
denial-of-service attack (AreInputsStandard()) could crash with an
out-of-bounds memory access if given an invalid transaction.

The bug-fix puts a check in FetchInputs and an assertion in
AreInputsStandard. This does not affect the back-ported "mining only"
code I wrote that some miners and pools have started using.

The good news is this was found and reported before binaries with the
vulnerability were released; the bad news is this was not found before
the code was pulled and could have made it into the next release if
makomk had not been testing some unrelated code.

Before releasing 0.6, I would like to have an "intelligent,
bitcoin-specific fuzzing tool" that automatically finds this type of
bug that we can run before every release. If anybody already has one,
please speak up!

-- 
--
Gavin Andresen