Commit Graph

8373 Commits

Author SHA1 Message Date
moneromooo-monero d46fb70930
p2p: close the right number of connections on setting max in/out peers 2019-06-23 08:04:17 +03:00
moneromooo-monero 39e9fa05b8
core: fix --prune-blockchain not pruning if no blockchain exists 2019-06-23 08:00:10 +03:00
moneromooo-monero e6c875a954
rpc: restrict the recent cutoff size in restricted RPC mode 2019-06-17 12:35:03 +03:00
moneromooo-monero 12085c4c74
ensure no NULL is passed to memcpy
NULL is valid when size is 0, but memcpy uses nonnull attributes,
so let's not poke the bear
2019-06-17 12:34:54 +03:00
moneromooo-monero 2a5f743d0a
abstract_tcp_server2: improve DoS resistance 2019-06-17 12:34:44 +03:00
moneromooo-monero 2fb6c1f80d
serialization: check stream good flag at the end
just in case
2019-06-17 12:34:11 +03:00
moneromooo-monero 8ad9d0f618
tree-hash: allocate variable memory on heap, not stack
Large amounts might run out of stack

Reported by guidov
2019-06-17 12:30:40 +03:00
moneromooo-monero ddafd99cac
cryptonote: throw on tx hash calculation error 2019-06-17 12:30:31 +03:00
moneromooo-monero 26276d5df7
serialization: fail on read_varint error 2019-06-17 12:30:23 +03:00
moneromooo-monero de536f49cb
cryptonote_protocol: fix another potential P2P DoS
When asking for txes in a fluffy transaction, one might ask
for the same (large) tx many times
2019-06-17 12:30:16 +03:00
moneromooo-monero 3fdf63bc90
cryptonote_protocol: expand basic DoS protection
Count transactions as well
2019-06-17 12:30:07 +03:00
anonimal 2f402f9a45
cryptonote_protocol_handler: prevent potential DoS
Essentially, one can send such a large amount of IDs that core exhausts
all free memory. This issue can theoretically be exploited using very
large CN blockchains, such as Monero.

This is a partial fix. Thanks and credit given to CryptoNote author
'cryptozoidberg' for collaboration and the fix. Also thanks to
'moneromooo'. Referencing HackerOne report #506595.
2019-06-17 12:29:59 +03:00
moneromooo-monero 307bd8f5ae
epee: basic sanity check on allocation size from untrusted source
Reported by guidov
2019-06-17 12:29:47 +03:00
jw 94390f8364
Merge pull request #216 from wowario/upstream
Upstream
2019-06-14 05:46:17 -07:00
jw 5249d14063
Merge pull request #215 from wowario/masterb
bump version to 0.6.1.1 and update checkpoints.dat
2019-06-14 05:46:05 -07:00
jw 9713b3f058
Merge pull request #214 from wowario/master
Fix Windows detection
2019-06-14 05:45:54 -07:00
jw 6f2d52de9e
Merge pull request #213 from fuwa0529/fix-no-ring
[need testing] hotfix "no ring" error in wallet
2019-06-14 05:45:40 -07:00
jw 949158eb00
Merge pull request #212 from Aluisyo/patch-4
added super fast public node (wow.aluisyo.network)
2019-06-14 05:45:25 -07:00
Howard Chu c749be7f9d
Use 9 digit build IDs 2019-06-14 13:49:20 +03:00
Howard Chu 036cdfadad
Delete redundant cppzmq dependency 2019-06-14 13:48:57 +03:00
Howard Chu 8670b67c9c
Allow parallel make 2019-06-14 13:48:40 +03:00
Howard Chu 98f2524ecc
Don't use -march=native 2019-06-14 13:48:26 +03:00
who-biz a0b181f4cd
[depends] update openssl to 1.0.2r
- This addresses https://www.openssl.org/news/secadv/20190226.txt (CVE: 2019-1559) which impacted all versions of openssl-1.0.

Note that this does not address CVE-2019-1543 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1543), which impacts all versions of openssl 1.1 through 1.1.0j and 1.1.1b.

The above (1.1) is patched in openssl, where it was marked as low severity.  Similar issues possibly present in monero, should be looked into w.r.t. CVE-2019-1543.
2019-06-14 13:48:07 +03:00
moneromooo-monero 2ae11e8e4b
cmake: do not use -mmitigate-rop on GCC >= 9.1
It was removed, but it still accepted by the compiler, which warns
for every file
2019-06-14 13:47:44 +03:00
moneromooo-monero ae9de01824
Fix GCC 9.1 build warnings
GCC wants operator= aand copy ctor to be both defined, or neither
2019-06-14 13:47:11 +03:00
moneromooo-monero 5227b3280c
p2p: fix GCC 9.1 crash 2019-06-14 13:46:56 +03:00
xiphon ed34ba0774
epee: fix SSL autodetect on reconnection 2019-06-14 13:46:38 +03:00
ston1th 33634f6dfd
miner: fix double free of thread attributes
issue: #5568
2019-06-14 13:45:07 +03:00
moneromooo-monero 62d746ffeb
miniupnpc: update to build on BSD 2019-06-14 13:44:16 +03:00
wowario da0c68074e
bump version to 0.6.1.1 and update checkpoints.dat 2019-06-14 13:31:25 +03:00
wowario 8b392ed111
Fix Windows detection 2019-06-14 13:07:13 +03:00
fuwa 7683daa61f hotfix "no ring" error 2019-06-14 16:52:44 +08:00
Suzyo Nyirenda 105fc24be0
added public node (wow.aluisyo.network) 2019-06-13 20:01:35 +02:00
Hiroji Kiyotake 58aa5ac491
Create FUNDING.yml 2019-06-12 22:56:36 +00:00
jw c3f0e58191
Merge pull request #209 from wowario/master
bump up to v0.6.1
2019-06-06 08:49:26 -07:00
jw 1b96834767
Merge pull request #208 from fuwa0529/fix-bp
Fix tx error on testnet2
2019-06-06 08:49:05 -07:00
jw 73746a016e
Merge pull request #207 from wowario/block_version
correct RX_BLOCK_VERSION
2019-06-06 08:48:35 -07:00
jw 781f7ea3e6
Merge pull request #205 from wowario/readme
update readme
2019-06-06 08:48:01 -07:00
wowario ee9419998b
bump up to v0.6.1 2019-06-06 12:19:14 +03:00
fuwa f3d415f7a0 fix old bulletproof conditional branches 2019-06-06 12:48:21 +08:00
fuwa 904349a75c wallet2: fix hf rules for small BP 2019-06-06 11:02:17 +08:00
wowario fdb1f180e4
correct RX_BLOCK_VERSION 2019-06-05 12:10:43 +03:00
wowario c34c4d2e29
update readme 2019-06-05 01:22:32 +03:00
jw e757efb83d
Merge pull request #204 from wowario/checkpoints
update checkpoints.dat
2019-06-02 15:02:33 -07:00
jw 007032c83b
Merge pull request #203 from wowario/wow
♪♪ It’s a moment when I show up, got'em sayin WOW ♫♪♪
2019-06-02 15:02:21 -07:00
Hiroji Kiyotake 29e13fe96a
Merge branch 'dev-v0.6' into wow 2019-06-02 16:08:12 +00:00
jw 3a8d4bbf71
Merge pull request #202 from wowario/upstream
Upstream
2019-06-02 08:21:39 -07:00
wowario 5825907680
update checkpoints.dat 2019-06-02 10:06:19 +03:00
wowario 496c4babb6
update block synchronizing count fork height 2019-06-02 09:48:11 +03:00
wowario c7b73d31a5
update rpc mining_status 2019-06-02 09:10:16 +03:00