77GODSON77
commented
7 years ago there's a patching problem.
Closed JeremyRand closed 7 years ago
77GODSON77
commented
7 years ago there's a patching problem.
JeremyRand
commented
7 years ago -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
77GODSON77:
there's a patching problem.
Not sure I follow -- is there an issue with this PR?
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYoYTpAAoJELPy0WV4bWVwObUQAJ9BkEsclkRFvIlimhXYnPnH TElO4OqAvGx0hPlkNc5wkflnXIon+84FWSKoRNI92tfKUpFyOBZ99pALxqdRR3Nd bH1XhsOQXMQF8PluXc1sJjTSBzT8sKrVZtwJV3xXv0JKZSm7c9cGzA2fm7KDJ9Ck Q4ZFsDHIeXAv5uusgALSgralwjb8hda8wKP/kv1APHqRjLIz2cSuUrY3g4TpQH/A v/5EKOuhzt+g3YtE/WbJgdPPXGF1g1K/r3Huz8RApzmoyRYgR3nO9ryG4crOqiIU Y6+6ZblGrBO0DC4xqpkPm3nS+89msPqhnX9dVp8yfzoSkvKvUTqD6VH5xtiKFmqQ Nl/KxcosSJZrcY0sX9286nC4TzzdSxq7/iLOwmp3hXsH5b9hpRajKAR7QxTv+FVR +3iDt2CIeTNqterpc6ThrT1KK80pymHtIvBuA3yQVIGRAvhahYfQMU31FrO3EpCJ TiOs6u+4gpIfoqMMmxili3NK9sYhxErizQXTdS+HVWS50KZWPSVR6gU++gxbW/Qk Lgw9XKoz/kwR8AAfu8gbf8K+voeCWwEVG329vhdO6wkwTbjVhN90IB9neuUXyxaq JlXOJMmQ9hakXqpqAVzv7F321EWHqmbDvkXzMQz9729VQUF3rX3ShYEY95Do6t2o PiCIU/QVUrccjkOhP9HX =H28I -----END PGP SIGNATURE-----
JeremyRand
commented
7 years ago -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
@rnicoll Any chance this could be merged?
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYzhgfAAoJELPy0WV4bWVwIZ0P/0XV4XjwLzp5EcWpMj0+SO8m CgFTP4Bbxo35xLoOjn2Vrw0K/EkgJTyNM2TrG/M9CAtv9/LzTeEorO9AJMBDsUO8 hMYbPz5v20cnSvL7EHtM1Pb1ufTemJqBpgMrypnwkLJZNDAsZ7z/GqCTH4CKaGCF k4kA/Y/fG2cMb2pDGCDLfonXQuK9Rky7BwdkUCDN1AqrLLG6Gs9XDxpVbCePCAHV EBfw+sYXon76i7vRPLUzyHEoULxGzVbiQg6IDxhXLC1dUG7YoHhSNh2WdOFR6xu+ /EAkoN57l/BGTpDPnYVmUjzAz8+ZkVB1CDmhLqvJMaFWfToFhldfDm3NrEF6VocU 0Kc9FGSTl1DmAbj6p9ZYjDHonQVAYEc4slP8PKM00fabpZEuCp/NfpJIkTeIR/sF 8FcIyY2g98Jb3NUxnLN+SMxs6uY0lO3B7T1sY21XyMUhgov2H3/A2KX4icxTK+uq OiL5KeyWm/Zxf6rR5Rfx1Z0ZK2Q+N+EPEL8hRrRatdrjrPc3uieM5TZ4z7ZJMAtX 6zNxkQn5xW7dPhdqu+pkJVeCHFlvP4KQga1pkD4KokusFWtSrrwZh/R4z+BK36wd lihhayxU2Sc9StSXlhfrIKlMyGVMh2R8nOPyUvEWKL3gRzINU9PHWOtcGDOL9dck o7ZXfkr0DxFK/QDBM7cI =aOja -----END PGP SIGNATURE-----
rnicoll
commented
7 years ago Sorry about the delay there, done now!
P2P full-block by-hash retrieval mode of libdohj-namecoin wasn't verifying that the received block had a header whose hash matched the requested hash.
This probably made it trivially easy to falsify name records, since any internally valid block supplied by a malicious P2P peer (or a MITM attacker) would be accepted, and the name transactions in it trusted as valid, even if the block had (for example) minimum difficulty.
And that is why this code isn't yet deployed to end users. :)