BTCPrivate
/
BTCP-Rebase
mirror of https://github.com/BTCPrivate/BTCP-Rebase.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #4952 

01c2807 Add warning about the merkle-tree algorithm duplicate txid flaw (Peter Todd)
This commit is contained in:
Wladimir J. van der Laan 2014-09-22 09:03:36 +02:00
parent ae9966ed85 01c28073ba
commit 5547f08ec7
No known key found for this signature in database
GPG Key ID: 74810B012346C9A6
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/core.cpp
View File

@ -226,6 +226,13 @@ uint256 CBlockHeader::GetHash() const
uint256 CBlock::BuildMerkleTree() const
{
// WARNING! If you're reading this because you're learning about crypto
// and/or designing a new system that will use merkle trees, keep in mind
// that the following merkle tree algorithm has a serious flaw related to
// duplicate txids, resulting in a vulnerability. (CVE-2012-2459) Bitcoin
// has since worked around the flaw, but for new applications you should
// use something different; don't just copy-and-paste this code without
// understanding the problem first.
vMerkleTree.clear();
BOOST_FOREACH(const CTransaction& tx, vtx)
vMerkleTree.push_back(tx.GetHash());