return DoS(10, error("CTransaction::CheckTransaction() : vin empty"));
if (vout.empty())
return DoS(10, error("CTransaction::CheckTransaction() : vout empty"));
+ // Time (prevent mempool memory exhaustion attack)
+ // Comes into force since 20 December 2015.
+ if (nTime > 1450569600 && nTime > FutureDrift(GetAdjustedTime()))
+ return DoS(10, error("CTransaction::CheckTransaction() : timestamp is too far into the future"));
// Size limits
if (::GetSerializeSize(*this, SER_NETWORK, PROTOCOL_VERSION) > MAX_BLOCK_SIZE)
return DoS(100, error("CTransaction::CheckTransaction() : size limits failed"));
if (nBits != GetNextTargetRequired(pindexPrev, IsProofOfStake()))
return DoS(100, error("AcceptBlock() : incorrect %s", IsProofOfWork() ? "proof-of-work" : "proof-of-stake"));
+ int64_t nMedianTimePast = pindexPrev->GetMedianTimePast();
+ int nMaxOffset = 12 * 3600; // 12 hours
+ if (pindexPrev->nTime < 1450569600)
+ nMaxOffset = 7 * 86400; // One week until 20 Dec, 2015
+
// Check timestamp against prev
- if (GetBlockTime() <= pindexPrev->GetMedianTimePast() || FutureDrift(GetBlockTime()) < pindexPrev->GetBlockTime())
+ if (GetBlockTime() <= nMedianTimePast || FutureDrift(GetBlockTime()) < pindexPrev->GetBlockTime())
return error("AcceptBlock() : block's timestamp is too early");
+ // Don't accept blocks with future timestamps
+ if (pindexPrev->nHeight > 1 && nMedianTimePast + nMaxOffset < GetBlockTime())
+ return error("AcceptBlock() : block's timestamp is too far in the future");
+
// Check that all transactions are finalized
BOOST_FOREACH(const CTransaction& tx, vtx)
if (!tx.IsFinal(nHeight, GetBlockTime()))
FILE* OpenBlockFile(unsigned int nFile, unsigned int nBlockPos, const char* pszMode)
{
- if ((nFile < 1) || (nFile == (unsigned int) -1))
+ if ((nFile < 1) || (nFile == std::numeric_limits<uint32_t>::max()))
return NULL;
FILE* file = fopen(BlockFilePath(nFile).string().c_str(), pszMode);
if (!file)
try {
CAutoFile blkdat(fileIn, SER_DISK, CLIENT_VERSION);
unsigned int nPos = 0;
- while (nPos != (unsigned int)-1 && blkdat.good() && !fRequestShutdown)
+ while (nPos != std::numeric_limits<uint32_t>::max() && blkdat.good() && !fRequestShutdown)
{
unsigned char pchData[65536];
do {
int nRead = fread(pchData, 1, sizeof(pchData), blkdat);
if (nRead <= 8)
{
- nPos = (unsigned int)-1;
+ nPos = std::numeric_limits<uint32_t>::max();
break;
}
void* nFind = memchr(pchData, pchMessageStart[0], nRead+1-sizeof(pchMessageStart));
else
nPos += sizeof(pchData) - sizeof(pchMessageStart) + 1;
} while(!fRequestShutdown);
- if (nPos == (unsigned int)-1)
+ if (nPos == std::numeric_limits<uint32_t>::max())
break;
fseek(blkdat, nPos, SEEK_SET);
unsigned int nSize;
}
// find last block in inv vector
- unsigned int nLastBlock = (unsigned int)(-1);
+ unsigned int nLastBlock = std::numeric_limits<uint32_t>::max();
for (unsigned int nInv = 0; nInv < vInv.size(); nInv++) {
if (vInv[vInv.size() - 1 - nInv].type == MSG_BLOCK) {
nLastBlock = vInv.size() - 1 - nInv;
}
- else if (strCommand == "getaddr")
+ // This asymmetric behavior for inbound and outbound connections was introduced
+ // to prevent a fingerprinting attack: an attacker can send specific fake addresses
+ // to users' AddrMan and later request them by sending getaddr messages.
+ // Making users (which are behind NAT and can only make outgoing connections) ignore
+ // getaddr message mitigates the attack.
+ else if ((strCommand == "getaddr") && (pfrom->fInbound))
{
// Don't return addresses older than nCutOff timestamp
int64_t nCutOff = GetTime() - (nNodeLifespan * nOneDay);
// orphan transactions
}
-} instance_of_cmaincleanup;
\ No newline at end of file
+} instance_of_cmaincleanup;
git://git.novaco.in / novacoin.git / blobdiff