Special-case the last alert for alert-key-compromised case

Hard-code a special nId=max int alert, to be broadcast if the
alert key is ever compromised. It applies to all versions, never
expires, cancels all previous alerts, and has a fixed message:
   URGENT: Alert key compromised, upgrade required

Variations are not allowed (ignored), so an attacker with
the private key cannot broadcast empty-message nId=max alerts.
This commit is contained in:
Gavin Andresen 2012-08-27 10:22:57 -04:00
parent d5a52d9b3e
commit ea2fda46c3

View File

@ -2322,6 +2322,28 @@ bool CAlert::ProcessAlert()
if (!IsInEffect()) if (!IsInEffect())
return false; return false;
// alert.nID=max is reserved for if the alert key is
// compromised. It must have a pre-defined message,
// must never expire, must apply to all versions,
// and must cancel all previous
// alerts or it will be ignored (so an attacker can't
// send an "everything is OK, don't panic" version that
// cannot be overridden):
int maxInt = std::numeric_limits<int>::max();
if (nID == maxInt)
{
if (!(
nExpiration == maxInt &&
nCancel == (maxInt-1) &&
nMinVer == 0 &&
nMaxVer == maxInt &&
setSubVer.empty() &&
nPriority == maxInt &&
strStatusBar == "URGENT: Alert key compromised, upgrade required"
))
return false;
}
{ {
LOCK(cs_mapAlerts); LOCK(cs_mapAlerts);
// Cancel previous alerts // Cancel previous alerts