Couldn't your net testing code be modified to do that to some extent? Gavin Andresen <gavinandre...@gmail.com> wrote:
>Reposted from the forums: > >makomk reported a remote vulnerability that I pulled into the master >bitcoin/bitcoin tree on December 20. If you are running git-HEAD code >on the production network you should pull the latest code to get the >bug fixed. > >This affects only anybody who has pulled and compiled their own >bitcoind/bitcoin-qt from the source tree in the last 5 days. > >Gory details: > >I made a mistake. I refactored the ConnectInputs() function into two >pieces (FetchInputs() and ConnectInputs()), and should have duplicated >a check in ConnectInputs for an out-of-range >previous-transaction-output in the FetchInputs() method. The result >was a new method I wrote to help prevent a possible OP_EVAL-related >denial-of-service attack (AreInputsStandard()) could crash with an >out-of-bounds memory access if given an invalid transaction. > >The bug-fix puts a check in FetchInputs and an assertion in >AreInputsStandard. This does not affect the back-ported "mining only" >code I wrote that some miners and pools have started using. > >The good news is this was found and reported before binaries with the >vulnerability were released; the bad news is this was not found before >the code was pulled and could have made it into the next release if >makomk had not been testing some unrelated code. > >Before releasing 0.6, I would like to have an "intelligent, >bitcoin-specific fuzzing tool" that automatically finds this type of >bug that we can run before every release. If anybody already has one, >please speak up! > >-- >-- >Gavin Andresen > >------------------------------------------------------------------------------ >Write once. Port to many. >Get the SDK and tools to simplify cross-platform app development. >Create >new or port existing apps to sell to consumers worldwide. Explore the >Intel AppUpSM program developer opportunity. >appdeveloper.intel.com/join >http://p.sf.net/sfu/intel-appdev >_______________________________________________ >Bitcoin-development mailing list >Bitcoin-development@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/bitcoin-development ------------------------------------------------------------------------------ Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
