Return-Path: <jlrubin@mit.edu>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 0AE3A305
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Wed,  4 Jan 2017 00:14:06 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from dmz-mailsec-scanner-8.mit.edu (dmz-mailsec-scanner-8.mit.edu
	[18.7.68.37])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id F09E1157
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Wed,  4 Jan 2017 00:14:04 +0000 (UTC)
X-AuditID: 12074425-59fff700000068fb-f4-586c3e4a1240
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36])
	(using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by  (Symantec Messaging Gateway) with SMTP id 88.5B.26875.A4E3C685;
	Tue,  3 Jan 2017 19:14:03 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11])
	by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id v040E2wH011634
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue, 3 Jan 2017 19:14:02 -0500
Received: from mail-wj0-f171.google.com (mail-wj0-f171.google.com
	[209.85.210.171]) (authenticated bits=0)
	(User authenticated as jlrubin@ATHENA.MIT.EDU)
	by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id v040E0DZ026336
	(version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT)
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue, 3 Jan 2017 19:14:01 -0500
Received: by mail-wj0-f171.google.com with SMTP id c11so252283129wjx.3
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue, 03 Jan 2017 16:14:01 -0800 (PST)
X-Gm-Message-State: AIkVDXJRWbH2VOk7XhvSmi25HVLh9QcdPBdh0/p8L2dA0QDuCCLhMM7tM945oU5HRgafXrQXb8nTKT4IoIMgQg==
X-Received: by 10.194.145.197 with SMTP id sw5mr55171876wjb.156.1483488839914; 
	Tue, 03 Jan 2017 16:13:59 -0800 (PST)
MIME-Version: 1.0
Received: by 10.194.23.8 with HTTP; Tue, 3 Jan 2017 16:13:39 -0800 (PST)
In-Reply-To: <6A91D4E4-750D-42C0-B593-3D5014B8A3F7@xbt.hk>
References: <mailman.11263.1483391161.31141.bitcoin-dev@lists.linuxfoundation.org>
	<400152B9-1838-432A-829E-13E4FC54320C@gmail.com>
	<CAD5xwhjHFzFzKws10TG-XioZoRVZ_oZbMF_xDOy5xNWtzFTsEw@mail.gmail.com>
	<6A91D4E4-750D-42C0-B593-3D5014B8A3F7@xbt.hk>
From: Jeremy <jlrubin@mit.edu>
Date: Tue, 3 Jan 2017 19:13:39 -0500
X-Gmail-Original-Message-ID: <CAD5xwhg3QeHZF1Oepo3dnCAth0EO3wCqyeT4a21gQ2uxZ5dTfQ@mail.gmail.com>
Message-ID: <CAD5xwhg3QeHZF1Oepo3dnCAth0EO3wCqyeT4a21gQ2uxZ5dTfQ@mail.gmail.com>
To: Johnson Lau <jl2012@xbt.hk>
Content-Type: multipart/alternative; boundary=089e012285be54ddd9054539a99b
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrLKsWRmVeSWpSXmKPExsUixG6nouttlxNh8GKCiUXTa1sHRo/fPyYz
	BjBGcdmkpOZklqUW6dslcGXsXTiFsWCOW8XBZx9ZGxjn2XcxcnJICJhINJ1fyt7FyMUhJNDG
	JNG64iMrhHOHUeLxlutsEM5nJomVH+4xQziLGCVa5h5hhejPkVj84DgLhF0mcXr9BmYQm1dA
	UOLkzCdgcSEBD4nOS/vZQGxOASuJQ5/XQu37xShxaFY30CAODjYBOYkPv0xBalgEVCT+Pf3C
	DDEzUWLR3BPsEDMDJDY/uw+2V1jASGLL34tMILaIgLzE+bWLwI5jFpjIKDHtfiNYA7OAl8Sz
	/hbmCYzCs5DcNAtJahbQamYBdYn184QgwtoSyxa+Zoaw1SRub7vKjiy+gJFtFaNsSm6Vbm5i
	Zk5xarJucXJiXl5qka6FXm5miV5qSukmRnCcuKjuYJzz1+sQowAHoxIP74pF2RFCrIllxZW5
	hxglOZiURHkLRHIihPiS8lMqMxKLM+KLSnNSiw8xSnAwK4nw3rICyvGmJFZWpRblw6SkOViU
	xHkvZbpHCAmkJ5akZqemFqQWwWRlODiUJHh/2QA1ChalpqdWpGXmlCCkmTg4QYbzAA1vBKnh
	LS5IzC3OTIfIn2I05jg2a/FTJo5dnWueMgmx5OXnpUqJ8yrbApUKgJRmlObBTQOluouhl1a/
	YhQHek6YNwOkigeYJuHmvQJaxQS0antANsiqkkSElFQDI59OYLw8+1WDK8HdYkYLHBbwqxVo
	3X0kJOB2wyV2W9zv4qK+z67e67/FSuZuDcysecTeIXOucrXizbvS3n9nK0/zD/8hWD/15c8N
	LRu52PYUdMjE7DS54rdNSLG/TuDRM3Nbx+fXf6nzf294wKss9OzAu09H15yZd+rbvDUHzRIk
	7lnmz4+bp8RSnJFoqMVcVJwIAODxuY9QAwAA
X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,HTML_MESSAGE,
	RCVD_IN_DNSWL_MED,RCVD_IN_SORBS_SPAM,RP_MATCHES_RCVD autolearn=ham
	version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Cc: bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org>,
	Steve Davis <steven.charles.davis@gmail.com>
Subject: Re: [bitcoin-dev] Script Abuse Potential?
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jan 2017 00:14:06 -0000

--089e012285be54ddd9054539a99b
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Sure, was just upper bounding it anyways. Even less of a problem!


RE: OP_CAT, not as OP_CAT was specified, which is why it was disabled. As
far as I know, the elements alpha proposal to reenable a limited op_cat to
520 bytes is somewhat controversial...



--
@JeremyRubin <https://twitter.com/JeremyRubin>
<https://twitter.com/JeremyRubin>

On Mon, Jan 2, 2017 at 10:39 PM, Johnson Lau <jl2012@xbt.hk> wrote:

> No, there could only have not more than 201 opcodes in a script. So you
> may have 198 OP_2DUP at most, i.e. 198 * 520 * 2 =3D 206kB
>
> For OP_CAT, just check if the returned item is within the 520 bytes limit=
.
>
> On 3 Jan 2017, at 11:27, Jeremy via bitcoin-dev <
> bitcoin-dev@lists.linuxfoundation.org> wrote:
>
> It is an unfortunate script, but can't actually
> =E2=80=8Bdo
>  that much
> =E2=80=8B it seems=E2=80=8B
> . The MAX_SCRIPT_ELEMENT_SIZE =3D 520 Bytes.
> =E2=80=8B Thus, it would seem the worst you could do with this would be t=
o (10000-520*2)*520*2
> bytes  ~=3D~ 10 MB.
>
> =E2=80=8BMuch more concerning would be the op_dup/op_cat style bug, which=
 under a
> similar script =E2=80=8Bwould certainly cause out of memory errors :)
>
>
>
> --
> @JeremyRubin <https://twitter.com/JeremyRubin>
> <https://twitter.com/JeremyRubin>
>
> On Mon, Jan 2, 2017 at 4:39 PM, Steve Davis via bitcoin-dev <
> bitcoin-dev@lists.linuxfoundation.org> wrote:
>
>> Hi all,
>>
>> Suppose someone were to use the following pk_script:
>>
>> [op_2dup, op_2dup, op_2dup, op_2dup, op_2dup, ...(to limit)...,
>> op_2dup, op_hash160, <addr_hash>, op_equalverify, op_checksig]
>>
>> This still seems to be valid AFAICS, and may be a potential attack vecto=
r?
>>
>> Thanks.
>>
>>
>> _______________________________________________
>> bitcoin-dev mailing list
>> bitcoin-dev@lists.linuxfoundation.org
>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>>
>>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
>
>

--089e012285be54ddd9054539a99b
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_default" style=3D"font-family:arial,he=
lvetica,sans-serif;font-size:small;color:#000000">Sure, was just upper boun=
ding it anyways. Even less of a problem!</div><div class=3D"gmail_default" =
style=3D"font-family:arial,helvetica,sans-serif;font-size:small;color:#0000=
00"><br></div><div class=3D"gmail_default" style=3D"font-family:arial,helve=
tica,sans-serif;font-size:small;color:#000000"><br></div><div class=3D"gmai=
l_default" style=3D"font-family:arial,helvetica,sans-serif;font-size:small;=
color:#000000">RE: OP_CAT, not as OP_CAT was specified, which is why it was=
 disabled. As far as I know, the elements alpha proposal to reenable a limi=
ted op_cat to 520 bytes is somewhat controversial...</div><div class=3D"gma=
il_default" style=3D"font-family:arial,helvetica,sans-serif;font-size:small=
;color:#000000"><br></div><div class=3D"gmail_default" style=3D"font-family=
:arial,helvetica,sans-serif;font-size:small;color:#000000"><br></div><div c=
lass=3D"gmail_extra"><br clear=3D"all"><div><div class=3D"m_-62031068399645=
74959gmail_signature" data-smartmail=3D"gmail_signature"><div dir=3D"ltr">-=
-<br><a href=3D"https://twitter.com/JeremyRubin" target=3D"_blank">@JeremyR=
ubin</a><a href=3D"https://twitter.com/JeremyRubin" target=3D"_blank"></a><=
/div></div></div>
<br><div class=3D"gmail_quote">On Mon, Jan 2, 2017 at 10:39 PM, Johnson Lau=
 <span dir=3D"ltr">&lt;<a href=3D"mailto:jl2012@xbt.hk" target=3D"_blank">j=
l2012@xbt.hk</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" sty=
le=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div s=
tyle=3D"word-wrap:break-word"><div>No, there could only have not more than =
201 opcodes in a script. So you may have 198 OP_2DUP at most, i.e. 198 * 52=
0 * 2 =3D 206kB</div><div><br></div><div>For OP_CAT, just check if the retu=
rned item is within the 520 bytes limit.</div><div><div class=3D"m_-6203106=
839964574959h5"><br><div><blockquote type=3D"cite"><div>On 3 Jan 2017, at 1=
1:27, Jeremy via bitcoin-dev &lt;<a href=3D"mailto:bitcoin-dev@lists.linuxf=
oundation.org" target=3D"_blank">bitcoin-dev@lists.linuxfounda<wbr>tion.org=
</a>&gt; wrote:</div><br class=3D"m_-6203106839964574959m_65987160098687593=
8Apple-interchange-newline"><div><div dir=3D"ltr"><div class=3D"gmail_defau=
lt" style=3D"font-family:arial,helvetica,sans-serif;font-size:small"><span =
style=3D"font-family:arial,sans-serif;color:rgb(34,34,34);font-size:12.8000=
00190734863px">It is an unfortunate script, but can&#39;t actually=C2=A0</s=
pan><div class=3D"gmail_default" style=3D"display:inline">=E2=80=8Bdo</div>=
<span style=3D"font-family:arial,sans-serif;color:rgb(34,34,34);font-size:1=
2.800000190734863px">=C2=A0that much</span><div class=3D"gmail_default" sty=
le=3D"display:inline">=E2=80=8B it seems=E2=80=8B</div><span style=3D"font-=
family:arial,sans-serif;color:rgb(34,34,34);font-size:12.800000190734863px"=
>. The MAX_SCRIPT_ELEMENT_SIZE =3D 520 Bytes.</span><div class=3D"gmail_def=
ault" style=3D"font-family:arial,sans-serif;color:rgb(34,34,34);font-size:1=
2.800000190734863px;display:inline"><font face=3D"arial, helvetica, sans-se=
rif">=E2=80=8B Thus, it would seem the worst you could do with this would b=
e to=C2=A0</font>(10000-520*2)*520*2 bytes =C2=A0~=3D~ 10 MB.</div></div><d=
iv style=3D"font-size:12.800000190734863px"><br></div><div style=3D"font-si=
ze:12.800000190734863px"><div class=3D"gmail_default" style=3D"font-family:=
arial,helvetica,sans-serif;font-size:small">=E2=80=8BMuch more concerning w=
ould be the op_dup/op_cat style bug, which under a similar script =E2=80=8B=
would certainly cause out of memory errors :)</div><div><br></div></div></d=
iv><div class=3D"gmail_extra"><br clear=3D"all"><div><br clear=3D"all"><div=
><div class=3D"m_-6203106839964574959m_659871600986875938gmail_signature" d=
ata-smartmail=3D"gmail_signature"><div dir=3D"ltr">--<br><a href=3D"https:/=
/twitter.com/JeremyRubin" target=3D"_blank">@JeremyRubin</a><a href=3D"http=
s://twitter.com/JeremyRubin" target=3D"_blank"></a></div></div></div>
</div>
<br><div class=3D"gmail_quote">On Mon, Jan 2, 2017 at 4:39 PM, Steve Davis =
via bitcoin-dev <span dir=3D"ltr">&lt;<a href=3D"mailto:bitcoin-dev@lists.l=
inuxfoundation.org" target=3D"_blank">bitcoin-dev@lists.linuxfounda<wbr>tio=
n.org</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"m=
argin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style=3D=
"word-wrap:break-word"><div><div style=3D"color:rgb(34,34,34);font-family:a=
rial,sans-serif;font-size:12.800000190734863px">Hi all,</div><div style=3D"=
color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8000001907348=
63px"><br></div><div style=3D"color:rgb(34,34,34);font-family:arial,sans-se=
rif;font-size:12.800000190734863px">Suppose someone were to use the followi=
ng pk_script:</div><div style=3D"color:rgb(34,34,34);font-family:arial,sans=
-serif;font-size:12.800000190734863px"><br></div><div class=3D"m_-620310683=
9964574959m_659871600986875938m_-8615729711671762748m_8591747901013163489gm=
ail_signature" style=3D"color:rgb(34,34,34);font-family:arial,sans-serif;fo=
nt-size:12.800000190734863px"><div dir=3D"ltr">[op_2dup, op_2dup, op_2dup, =
op_2dup, op_2dup, ...(to limit)..., op_2dup,=C2=A0op_hash160, &lt;addr_hash=
&gt;, op_equalverify, op_checksig]</div><div dir=3D"ltr"><br></div><div>Thi=
s still seems to be valid AFAICS, and may be a potential attack vector?</di=
v><div><br></div><div>Thanks.</div></div></div><div><br></div></div><br>___=
___________________________<wbr>_________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
bitcoin-dev@lists.linuxfoundat<wbr>ion.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.<wbr>org=
/mailman/listinfo/bitcoin-d<wbr>ev</a><br>
<br></blockquote></div><br></div>
______________________________<wbr>_________________<br>bitcoin-dev mailing=
 list<br><a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D=
"_blank">bitcoin-dev@lists.linuxfoundat<wbr>ion.org</a><br><a href=3D"https=
://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" target=3D"_blank=
">https://lists.linuxfoundation.<wbr>org/mailman/listinfo/bitcoin-d<wbr>ev<=
/a><br></div></blockquote></div><br></div></div></div></blockquote></div><b=
r></div></div>

--089e012285be54ddd9054539a99b--