Author: bitcoin-list at bluematt.me 2011-12-25 21:15:22
Published on: 2011-12-25T21:15:22+00:00
Gavin Andresen, a prominent developer for Bitcoin, recently posted in the forums about a remote vulnerability that was reported by a user named makomk. The vulnerability affected those who had pulled and compiled their own bitcoind/bitcoin-qt from the source tree in the last 5 days. Andresen explained that he made a mistake when refactoring the ConnectInputs() function into two pieces and forgot to duplicate a check in ConnectInputs for an out-of-range previous-transaction-output in the FetchInputs() method. This resulted in a new method being created that could crash with an out-of-bounds memory access if given an invalid transaction and helped prevent a possible OP_EVAL-related denial-of-service attack.The bug-fix puts a check in FetchInputs and an assertion in AreInputsStandard. Andresen noted that this does not affect the back-ported "mining only" code he wrote that some miners and pools have started using. Although the vulnerability was found and reported before binaries with the vulnerability were released, it could have made it into the next release if makomk had not been testing some unrelated code.Andresen also expressed his desire to have an "intelligent, bitcoin-specific fuzzing tool" that automatically finds this type of bug that they can run before every release. He asked if anyone already had one to speak up. Overall, Andresen's post highlights the importance of testing and finding vulnerabilities before releasing updates to ensure users are protected.
Updated on: 2023-06-05T01:22:15.940093+00:00