Re: [bitcoin-dev] Script Abuse Potential?

author: Jeremy <jlrubin@mit.edu> 2017-01-02 22:27:44 -0500
committer: bitcoindev <bitcoindev@gnusha.org> 2017-01-03 03:33:11 +0000
commit: e10ee3b6bc030edf9a515af3cc5e98a7ceb7a0d4 (patch)
tree: 4ce792d819c44a16b99c12b3df6346ad4d78ad55
parent: 498c87e8d4a59515ba15181a7c040f0ba1114561 (diff)
download: pi-bitcoindev-e10ee3b6bc030edf9a515af3cc5e98a7ceb7a0d4.tar.gz
pi-bitcoindev-e10ee3b6bc030edf9a515af3cc5e98a7ceb7a0d4.zip
1 files changed, 183 insertions, 0 deletions
diff --git a/77/5aee5d24f4e97098012eb04bfd1aa1240e0268 b/77/5aee5d24f4e97098012eb04bfd1aa1240e0268
new file mode 100644
index 000000000..34690d22f
--- /dev/null
+++ b/77/5aee5d24f4e97098012eb04bfd1aa1240e0268
@@ -0,0 +1,183 @@
+Return-Path: <jlrubin@mit.edu>
+Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
+	[172.17.192.35])
+	by mail.linuxfoundation.org (Postfix) with ESMTPS id A76C12C
+	for <bitcoin-dev@lists.linuxfoundation.org>;
+	Tue,  3 Jan 2017 03:33:11 +0000 (UTC)
+X-Greylist: delayed 00:05:01 by SQLgrey-1.7.6
+Received: from dmz-mailsec-scanner-6.mit.edu (dmz-mailsec-scanner-6.mit.edu
+	[18.7.68.35])
+	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 359EA180
+	for <bitcoin-dev@lists.linuxfoundation.org>;
+	Tue,  3 Jan 2017 03:33:11 +0000 (UTC)
+X-AuditID: 12074423-043ff7000000401a-1a-586b1a470fd6
+Received: from mailhub-auth-4.mit.edu ( [18.7.62.39])
+	(using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits))
+	(Client did not present a certificate)
+	by  (Symantec Messaging Gateway) with SMTP id DD.35.16410.74A1B685;
+	Mon,  2 Jan 2017 22:28:09 -0500 (EST)
+Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11])
+	by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id v033S7F6025259
+	for <bitcoin-dev@lists.linuxfoundation.org>;
+	Mon, 2 Jan 2017 22:28:07 -0500
+Received: from mail-wm0-f43.google.com (mail-wm0-f43.google.com [74.125.82.43])
+	(authenticated bits=0) (User authenticated as jlrubin@ATHENA.MIT.EDU)
+	by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id v033S5XU008953
+	(version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT)
+	for <bitcoin-dev@lists.linuxfoundation.org>;
+	Mon, 2 Jan 2017 22:28:06 -0500
+Received: by mail-wm0-f43.google.com with SMTP id m1so51233280wme.0
+	for <bitcoin-dev@lists.linuxfoundation.org>;
+	Mon, 02 Jan 2017 19:28:06 -0800 (PST)
+X-Gm-Message-State: AIkVDXJX8lEK7ffkqhOFolKFzdoOu5RNQ5kwvkocVhKC4cq8SPZtqaiHtPcGKcJB/DiRNDbQjl5AV8v1dZjULg==
+X-Received: by 10.28.20.70 with SMTP id 67mr48992274wmu.102.1483414084877;
+	Mon, 02 Jan 2017 19:28:04 -0800 (PST)
+MIME-Version: 1.0
+Received: by 10.194.23.8 with HTTP; Mon, 2 Jan 2017 19:27:44 -0800 (PST)
+In-Reply-To: <400152B9-1838-432A-829E-13E4FC54320C@gmail.com>
+References: <mailman.11263.1483391161.31141.bitcoin-dev@lists.linuxfoundation.org>
+	<400152B9-1838-432A-829E-13E4FC54320C@gmail.com>
+From: Jeremy <jlrubin@mit.edu>
+Date: Mon, 2 Jan 2017 22:27:44 -0500
+X-Gmail-Original-Message-ID: <CAD5xwhjHFzFzKws10TG-XioZoRVZ_oZbMF_xDOy5xNWtzFTsEw@mail.gmail.com>
+Message-ID: <CAD5xwhjHFzFzKws10TG-XioZoRVZ_oZbMF_xDOy5xNWtzFTsEw@mail.gmail.com>
+To: Steve Davis <steven.charles.davis@gmail.com>,
+	Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
+Content-Type: multipart/alternative; boundary=001a1145a8369584950545284149
+X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrPKsWRmVeSWpSXmKPExsUixG6nrusplR1hcGEHh0XTa1sHRo/fPyYz
+	BjBGcdmkpOZklqUW6dslcGXc2vKcvaBTo2JbxyyWBsZVKl2MnBwSAiYSC9fuZOxi5OIQEmhj
+	krjZcY0NJCEkcIdRYuYyM4jEeyaJxqNv2SCc+YwSTTMOsEO050i0tpyGsoskXr+cAmbzCghK
+	nJz5hAVikofE+Zl7mUBsTgFbia+HZjNDDGpllPix4QzQbg4ONgE5iQ+/TEFqWARUJLqefmKF
+	mJkocWn9FmaImQES+7a/YQSxhQWMJLb8vQg2U0SgTuJSaweYzSzgJTH18S3mCYxCs5CcMQtJ
+	ahbQNmYBdYn184QgwtoSyxa+Zoaw1SRub7vKjiy+gJFtFaNsSm6Vbm5iZk5xarJucXJiXl5q
+	ka6ZXm5miV5qSukmRnAsuCjvYHzZ532IUYCDUYmHtyMqK0KINbGsuDL3EKMkB5OSKG80Q3aE
+	EF9SfkplRmJxRnxRaU5q8SFGCQ5mJRHeCxJAOd6UxMqq1KJ8mJQ0B4uSOO+lTPcIIYH0xJLU
+	7NTUgtQimKwMB4eSBC+jJFCjYFFqempFWmZOCUKaiYMTZDgP0PC5YMOLCxJzizPTIfKnGI05
+	pr1b+JSJY0fnmqdMQix5+XmpUuK8k0FKBUBKM0rz4KaB0plXbZD2K0ZxoOeEebeAVPEAUyHc
+	vFdAq5iAVn2NSwdZVZKIkJJqYMxWYS6uLi6f4t97+c2t/x7y61k4qzfUHLTdsGTanzifMDFr
+	v+0VRw2lJzn+vtxfFVLf2jN70Z+9bVc9LHbfz//Jt0Y+M+GahmDuklUatz+FHApJjIm/LMh2
+	vals/0Idr8dfzPX6FgaJ57Qo7eU6e2HOz3h7pTj2FRM/vArSP7TOr819y90prUosxRmJhlrM
+	RcWJADu/eBVCAwAA
+X-Spam-Status: No, score=-7.4 required=5.0 tests=BAYES_00,HTML_MESSAGE,
+	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD autolearn=ham version=3.3.1
+X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
+	smtp1.linux-foundation.org
+Subject: Re: [bitcoin-dev] Script Abuse Potential?
+X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
+X-Mailman-Version: 2.1.12
+Precedence: list
+List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
+List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
+	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
+List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
+List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
+List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
+List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
+	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
+X-List-Received-Date: Tue, 03 Jan 2017 03:33:11 -0000
+
+--001a1145a8369584950545284149
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: quoted-printable
+
+It is an unfortunate script, but can't actually
+=E2=80=8Bdo
+ that much
+=E2=80=8B it seems=E2=80=8B
+. The MAX_SCRIPT_ELEMENT_SIZE =3D 520 Bytes.
+=E2=80=8B Thus, it would seem the worst you could do with this would be to
+(10000-520*2)*520*2
+bytes  ~=3D~ 10 MB.
+
+=E2=80=8BMuch more concerning would be the op_dup/op_cat style bug, which u=
+nder a
+similar script =E2=80=8Bwould certainly cause out of memory errors :)
+
+
+
+--
+@JeremyRubin <https://twitter.com/JeremyRubin>
+<https://twitter.com/JeremyRubin>
+
+On Mon, Jan 2, 2017 at 4:39 PM, Steve Davis via bitcoin-dev <
+bitcoin-dev@lists.linuxfoundation.org> wrote:
+
+> Hi all,
+>
+> Suppose someone were to use the following pk_script:
+>
+> [op_2dup, op_2dup, op_2dup, op_2dup, op_2dup, ...(to limit)...,
+> op_2dup, op_hash160, <addr_hash>, op_equalverify, op_checksig]
+>
+> This still seems to be valid AFAICS, and may be a potential attack vector=
+?
+>
+> Thanks.
+>
+>
+> _______________________________________________
+> bitcoin-dev mailing list
+> bitcoin-dev@lists.linuxfoundation.org
+> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
+>
+>
+
+--001a1145a8369584950545284149
+Content-Type: text/html; charset=UTF-8
+Content-Transfer-Encoding: quoted-printable
+
+<div dir=3D"ltr"><div class=3D"gmail_default" style=3D"font-family:arial,he=
+lvetica,sans-serif;font-size:small;color:rgb(0,0,0)"><span style=3D"font-fa=
+mily:arial,sans-serif;color:rgb(34,34,34);font-size:12.800000190734863px">I=
+t is an unfortunate script, but can&#39;t actually=C2=A0</span><div class=
+=3D"gmail_default" style=3D"display:inline">=E2=80=8Bdo</div><span style=3D=
+"font-family:arial,sans-serif;color:rgb(34,34,34);font-size:12.800000190734=
+863px">=C2=A0that much</span><div class=3D"gmail_default" style=3D"display:=
+inline">=E2=80=8B it seems=E2=80=8B</div><span style=3D"font-family:arial,s=
+ans-serif;color:rgb(34,34,34);font-size:12.800000190734863px">. The MAX_SCR=
+IPT_ELEMENT_SIZE =3D 520 Bytes.</span><div class=3D"gmail_default" style=3D=
+"font-family:arial,sans-serif;color:rgb(34,34,34);font-size:12.800000190734=
+863px;display:inline"><font color=3D"#000000" face=3D"arial, helvetica, san=
+s-serif">=E2=80=8B Thus, it would seem the worst you could do with this wou=
+ld be to=C2=A0</font>(10000-520*2)*520*2 bytes =C2=A0~=3D~ 10 MB.</div></di=
+v><div style=3D"font-size:12.800000190734863px"><br></div><div style=3D"fon=
+t-size:12.800000190734863px"><div class=3D"gmail_default" style=3D"font-fam=
+ily:arial,helvetica,sans-serif;font-size:small;color:rgb(0,0,0)">=E2=80=8BM=
+uch more concerning would be the op_dup/op_cat style bug, which under a sim=
+ilar script =E2=80=8Bwould certainly cause out of memory errors :)</div><di=
+v><br></div></div></div><div class=3D"gmail_extra"><br clear=3D"all"><div><=
+br clear=3D"all"><div><div class=3D"gmail_signature" data-smartmail=3D"gmai=
+l_signature"><div dir=3D"ltr">--<br><a href=3D"https://twitter.com/JeremyRu=
+bin" target=3D"_blank">@JeremyRubin</a><a href=3D"https://twitter.com/Jerem=
+yRubin" target=3D"_blank"></a></div></div></div>
+</div>
+<br><div class=3D"gmail_quote">On Mon, Jan 2, 2017 at 4:39 PM, Steve Davis =
+via bitcoin-dev <span dir=3D"ltr">&lt;<a href=3D"mailto:bitcoin-dev@lists.l=
+inuxfoundation.org" target=3D"_blank">bitcoin-dev@lists.linuxfoundation.org=
+</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin=
+:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style=3D"word=
+-wrap:break-word"><div><div style=3D"color:rgb(34,34,34);font-family:arial,=
+sans-serif;font-size:12.800000190734863px">Hi all,</div><div style=3D"color=
+:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.800000190734863px"=
+><br></div><div style=3D"color:rgb(34,34,34);font-family:arial,sans-serif;f=
+ont-size:12.800000190734863px">Suppose someone were to use the following pk=
+_script:</div><div style=3D"color:rgb(34,34,34);font-family:arial,sans-seri=
+f;font-size:12.800000190734863px"><br></div><div class=3D"m_-86157297116717=
+62748m_8591747901013163489gmail_signature" style=3D"color:rgb(34,34,34);fon=
+t-family:arial,sans-serif;font-size:12.800000190734863px"><div dir=3D"ltr">=
+[op_2dup, op_2dup, op_2dup, op_2dup, op_2dup, ...(to limit)..., op_2dup,=C2=
+=A0op_hash160, &lt;addr_hash&gt;, op_equalverify, op_checksig]</div><div di=
+r=3D"ltr"><br></div><div>This still seems to be valid AFAICS, and may be a =
+potential attack vector?</div><div><br></div><div>Thanks.</div></div></div>=
+<div><br></div></div><br>______________________________<wbr>_______________=
+__<br>
+bitcoin-dev mailing list<br>
+<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.=
+<wbr>linuxfoundation.org</a><br>
+<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
+rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.<wbr>org=
+/mailman/listinfo/bitcoin-<wbr>dev</a><br>
+<br></blockquote></div><br></div>
+
+--001a1145a8369584950545284149--
+
author	Jeremy <jlrubin@mit.edu>	2017-01-02 22:27:44 -0500
committer	bitcoindev <bitcoindev@gnusha.org>	2017-01-03 03:33:11 +0000
commit	e10ee3b6bc030edf9a515af3cc5e98a7ceb7a0d4 (patch)
tree	4ce792d819c44a16b99c12b3df6346ad4d78ad55
parent	498c87e8d4a59515ba15181a7c040f0ba1114561 (diff)
download	pi-bitcoindev-e10ee3b6bc030edf9a515af3cc5e98a7ceb7a0d4.tar.gz pi-bitcoindev-e10ee3b6bc030edf9a515af3cc5e98a7ceb7a0d4.zip