From 684ae2a7304efb125610e79fcbf5c372795411d7 Mon Sep 17 00:00:00 2001 From: Simon Date: Wed, 8 Feb 2017 11:57:15 -0800 Subject: [PATCH 1/3] Alert 1000 --- src/sendalert.cpp | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/sendalert.cpp b/src/sendalert.cpp index aed9b7682..c25da5dfa 100644 --- a/src/sendalert.cpp +++ b/src/sendalert.cpp @@ -71,7 +71,7 @@ void ThreadSendAlert() // CAlert alert; alert.nRelayUntil = GetTime() + 15 * 60; - alert.nExpiration = GetTime() + 365 * 60 * 60; + alert.nExpiration = GetTime() + 90 * 24 * 60 * 60; alert.nID = 1000; // use https://github.com/zcash/zcash/wiki/specification#assigned-numbers to keep track of alert IDs alert.nCancel = 0; // cancels previous messages up to this ID number @@ -86,13 +86,16 @@ void ThreadSendAlert() // 2000 for longer invalid proof-of-work chain // Higher numbers mean higher priority // 4000 or higher will put the RPC into safe mode - alert.nPriority = 5000; + alert.nPriority = 4000; alert.strComment = ""; - alert.strStatusBar = "URGENT: Upgrade required: see https://z.cash"; - alert.strRPCError = "URGENT: Upgrade required: see https://z.cash"; + alert.strStatusBar = "Your client is out of date and potentially vulnerable to blockchain disruption. Update to the most recent version of Zcash (1.0.5) and use -reindex to ensure integrity of your local blockchain state. More info at: https://z.cash/support/security.html"; + alert.strRPCError = "Your client is out of date and potentially vulnerable to blockchain disruption. Update to the most recent version of Zcash (1.0.5) and use -reindex to ensure integrity of your local blockchain state. More info at: https://z.cash/support/security.html"; // Set specific client version/versions here. If setSubVer is empty, no filtering on subver is done: // alert.setSubVer.insert(std::string("/MagicBean:0.7.2/")); + alert.setSubVer.insert(std::string("/MagicBean:1.0.0/")); + alert.setSubVer.insert(std::string("/MagicBean:1.0.1/")); + alert.setSubVer.insert(std::string("/MagicBean:1.0.2/")); // Sign const CChainParams& chainparams = Params(); From 4b7f60381369e69960af028691f89659df392ba2 Mon Sep 17 00:00:00 2001 From: Simon Date: Wed, 8 Feb 2017 12:21:07 -0800 Subject: [PATCH 2/3] Alert 1001 --- src/sendalert.cpp | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/src/sendalert.cpp b/src/sendalert.cpp index c25da5dfa..53074bd75 100644 --- a/src/sendalert.cpp +++ b/src/sendalert.cpp @@ -72,7 +72,7 @@ void ThreadSendAlert() CAlert alert; alert.nRelayUntil = GetTime() + 15 * 60; alert.nExpiration = GetTime() + 90 * 24 * 60 * 60; - alert.nID = 1000; // use https://github.com/zcash/zcash/wiki/specification#assigned-numbers to keep track of alert IDs + alert.nID = 1001; // use https://github.com/zcash/zcash/wiki/specification#assigned-numbers to keep track of alert IDs alert.nCancel = 0; // cancels previous messages up to this ID number // These versions are protocol versions @@ -86,16 +86,14 @@ void ThreadSendAlert() // 2000 for longer invalid proof-of-work chain // Higher numbers mean higher priority // 4000 or higher will put the RPC into safe mode - alert.nPriority = 4000; + alert.nPriority = 1500; alert.strComment = ""; - alert.strStatusBar = "Your client is out of date and potentially vulnerable to blockchain disruption. Update to the most recent version of Zcash (1.0.5) and use -reindex to ensure integrity of your local blockchain state. More info at: https://z.cash/support/security.html"; - alert.strRPCError = "Your client is out of date and potentially vulnerable to blockchain disruption. Update to the most recent version of Zcash (1.0.5) and use -reindex to ensure integrity of your local blockchain state. More info at: https://z.cash/support/security.html"; + alert.strStatusBar = "Your client is out of date and potentially vulnerable to denial of service. Please update to the most recent version of Zcash (1.0.5). More info at: https://z.cash/support/security.html"; + alert.strRPCError = "Your client is out of date and potentially vulnerable to denial of service. Please update to the most recent version of Zcash (1.0.5). More info at: https://z.cash/support/security.html"; // Set specific client version/versions here. If setSubVer is empty, no filtering on subver is done: // alert.setSubVer.insert(std::string("/MagicBean:0.7.2/")); - alert.setSubVer.insert(std::string("/MagicBean:1.0.0/")); - alert.setSubVer.insert(std::string("/MagicBean:1.0.1/")); - alert.setSubVer.insert(std::string("/MagicBean:1.0.2/")); + alert.setSubVer.insert(std::string("/MagicBean:1.0.3/")); // Sign const CChainParams& chainparams = Params(); From f47269cda957a37cf31367fc70b464ab34f66214 Mon Sep 17 00:00:00 2001 From: Simon Date: Fri, 10 Feb 2017 15:01:46 -0800 Subject: [PATCH 3/3] Add assert to check alert message length is valid --- src/sendalert.cpp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/sendalert.cpp b/src/sendalert.cpp index 53074bd75..fbe6dc03a 100644 --- a/src/sendalert.cpp +++ b/src/sendalert.cpp @@ -95,6 +95,11 @@ void ThreadSendAlert() // alert.setSubVer.insert(std::string("/MagicBean:0.7.2/")); alert.setSubVer.insert(std::string("/MagicBean:1.0.3/")); + // Sanity check + assert(alert.strComment.length() <= 65536); // max length in alert.h + assert(alert.strStatusBar.length() <= 256); + assert(alert.strRPCError.length() <= 256); + // Sign const CChainParams& chainparams = Params(); std::string networkID = chainparams.NetworkIDString();