The length of vectors, maps, sets, etc are serialized using
Write/ReadCompactSize -- which, unfortunately, do not use a
unique encoding.
So deserializing and then re-serializing a transaction (for example)
can give you different bits than you started with. That doesn't
cause any problems that we are aware of, but it is exactly the type
of subtle mismatch that can lead to exploits.
With this pull, reading a non-canonical CompactSize throws an
exception, which means nodes will ignore 'tx' or 'block' or
other messages that are not properly encoded.
Please check my logic... but this change is safe with respect to
causing a network split. Old clients that receive
non-canonically-encoded transactions or blocks deserialize
them into CTransaction/CBlock structures in memory, and then
re-serialize them before relaying them to peers.
And please check my logic with respect to causing a blockchain
split: there are no CompactSize fields in the block header, so
the block hash is always canonical. The merkle root in the block
header is computed on a vector<CTransaction>, so
any non-canonical encoding of the transactions in 'tx' or 'block'
messages is erased as they are read into memory by old clients,
and does not affect the block hash. And, as noted above, old
clients re-serialize (with canonical encoding) 'tx' and 'block'
messages before relaying to peers.
Orphan transactions were stored as a CDataStream pointer;
this changes the mapOrphanTransactions data structures to
store orphans as a CTransaction.
This also fixes CVE-2013-4627 by always re-serializing
transactions before relaying them.
- move the code for saving and restoring window positions from BitcoinGUI
to GUIUtil, make it more generic and also use it for saving/restoring
debug window positions
- it was possible to trigger an infinite loop in FreespaceChecker::check() by
simply removing the drive letter on Windows (which leads to an infinite
loop in the FreespaceChecker thread)
- this was caused by not checking if we make progress with
parentDir.parent_path()
- remove an unneded include for mswsock.h as we use winsock2.h anyway
- move typedef u_int SOCKET; into the #ifndef WIN32 part
- remove typedef int socklen_t; as this is defined in ws2tcpip.h
- fixes src\net.cpp:1601: Error:invalid conversion from 'void*' to
'const char*' [-fpermissive] in a setsockopt() call on Win32 that was
found by using MinGW 4.8.1 compiler suite
The key refactor changed the way unencrypted private keys with compressed
public key are stored in the wallet. Apparently older versions relied on
this to verify the correctness of stored keys.
Note that earlier pre-release versions do risk creating wallets that can
not be opened by 0.8.3 and earlier.
use std::string instead of psz for WalletFile
only allow wallets within $DATADIR
Use strWalletFile in salvage/recover
fix: remove unused variable pszWalletFile
move strWalletFile to init.h/init.cpp
avoid conversion of strWalletfile to c-string
