Special-case the last alert for alert-key-compromised case
Hard-code a special nId=max int alert, to be broadcast if the alert key is ever compromised. It applies to all versions, never expires, cancels all previous alerts, and has a fixed message: URGENT: Alert key compromised, upgrade required Variations are not allowed (ignored), so an attacker with the private key cannot broadcast empty-message nId=max alerts.
This commit is contained in:
parent
d5a52d9b3e
commit
ea2fda46c3
22
src/main.cpp
22
src/main.cpp
@ -2322,6 +2322,28 @@ bool CAlert::ProcessAlert()
|
|||||||
if (!IsInEffect())
|
if (!IsInEffect())
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
|
// alert.nID=max is reserved for if the alert key is
|
||||||
|
// compromised. It must have a pre-defined message,
|
||||||
|
// must never expire, must apply to all versions,
|
||||||
|
// and must cancel all previous
|
||||||
|
// alerts or it will be ignored (so an attacker can't
|
||||||
|
// send an "everything is OK, don't panic" version that
|
||||||
|
// cannot be overridden):
|
||||||
|
int maxInt = std::numeric_limits<int>::max();
|
||||||
|
if (nID == maxInt)
|
||||||
|
{
|
||||||
|
if (!(
|
||||||
|
nExpiration == maxInt &&
|
||||||
|
nCancel == (maxInt-1) &&
|
||||||
|
nMinVer == 0 &&
|
||||||
|
nMaxVer == maxInt &&
|
||||||
|
setSubVer.empty() &&
|
||||||
|
nPriority == maxInt &&
|
||||||
|
strStatusBar == "URGENT: Alert key compromised, upgrade required"
|
||||||
|
))
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
{
|
{
|
||||||
LOCK(cs_mapAlerts);
|
LOCK(cs_mapAlerts);
|
||||||
// Cancel previous alerts
|
// Cancel previous alerts
|
||||||
|
Loading…
Reference in New Issue
Block a user