-
Notifications
You must be signed in to change notification settings - Fork 36.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
addrman: change internal id counting to int64_t #30568
Conversation
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. Code CoverageFor detailed information about the code coverage, see the test coverage report. ReviewsSee the guideline for information on the review process.
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
Concept ACK |
a11a6d0
to
153492d
Compare
d565df5
to
e869860
Compare
Concept ACK |
e869860
to
e5c7744
Compare
Updated the PR to have a refactor-only commit that introduces a user-defined type for all spots that use |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Concept ACK
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Concept ACK.
* This used to be int, making it feasible for attackers to cause an overflow, | ||
* see https://bitcoincore.org/en/2024/07/31/disclose-addrman-int-overflow/ | ||
*/ | ||
using nid_type = int64_t; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good to see that a signed type is used, rather than an unsigned one in the initial version of this PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
interesting pdf, thanks! In this particular case there was no choice because nId
s in vvNew
and vvTried
are initialised to -1
.
@@ -188,7 +188,7 @@ void AddrManImpl::Serialize(Stream& s_) const | |||
|
|||
int nUBuckets = ADDRMAN_NEW_BUCKET_COUNT ^ (1 << 30); | |||
s << nUBuckets; | |||
std::unordered_map<int, int> mapUnkIds; | |||
std::unordered_map<nid_type, int> mapUnkIds; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you'll want std::vector<std::pair<int, nid_type>> bucket_entries;
as well in the serializer below (not strictly necessary as the number can't actually overflow an int
, but morally, the second pair element is an id). Same with const nid_type entry_index{bucket_entry.second};
that's derived from it (and possibly other places).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, can you explain the "morally" part a bit more?
mapUnkIds
maps nid_type
to an int
, let's call that counter ser_count
. ser_count
is part of the serialization and is bounded by the limited slots of the addrman tables - even if the internal id would overflow an int
, ser_count
wouldn't be affected by that.
During deserialization, ser_count
is read into int entry_index
(which must be int
), and then makes it into bucket_entries
and later into vvNew
. But I'm unsure when is the best step to convert it into an int64_t
- why is it better to already do that in the step entry_index
-> bucket_entries
rather than the way it is now?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I assume this is about the introduced index mismatch at AddrInfo& info = mapInfo[entry_index];
, specifically the keys of mapInfo
.
It is technically safe because we always go from a narrower type to the wide one... but that's what is immoral i guess :)
I think it's fine they way this commit works, at most we could add a comment explaining this mismatch.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm fine with the version on the branch now because Serialise()
and Unserialise()
are symmetrical. nIndex
is written as int into peers.dat in Serialise()
and read as int from peers.dat in Unserialise()
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Concept ACK. if you retouch, there's also:
bitcoin/src/test/fuzz/addrman.cpp
Line 189 in c2d15d9
auto IdsReferToSameAddress = [&](int id, int other_id) EXCLUSIVE_LOCKS_REQUIRED(m_impl->cs, other.m_impl->cs) { |
e5c7744
to
1ded29d
Compare
Good catch, fixed! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Concept ACK.
Briefly reviewed, and will return to review in more detail. Love the approach to introduce nid_type
. Makes things safer moving forward.
Main thing is to make sure that (you could change the type of I looked into the assertion crash since I was confused how it happened. Sharing details in case it's helpful to anyone. 32 bit An example scenario:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approach ACK
Reviewed a bit more. Just nits.
src/addrman_impl.h
Outdated
@@ -258,7 +265,7 @@ class AddrManImpl | |||
* | |||
* @return int The nid of the entry. If the addrman position is empty or not found, returns -1. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: The return type in the Doxygen content could be adjusted.
- * @return int The nid of the entry. If the addrman position is empty or not found, returns -1.
+ * @return nid_type The nid of the entry. If the addrman position is empty or not found, returns -1.
* */
nid_type GetEntry(bool use_tried, size_t bucket, size_t position) const EXCLUSIVE_LOCKS_REQUIRED(cs);
nit / thinking out loud: Returning -1
is a remnant of the previous type being a plain int
. To keep with the theme of using the user-defined nid_type
, would it be worth creating a macro (or constexpr, or similar) to name the invalid case (e.g. INVALID_NID = -1
)? Not sure, as I'm not seeing a need to adjust nid_type
to anything more complicated than int64_t
, and GetEntry()
in this case is just indicating empty/not found.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed the return type.
Yes, also not sure about INVALID_NID
- I don't really see why we would want to change it from -1 to another value, but happy to add it if others like it... I'll keep this thread open for a while.
This makes it easier to track which spots refer to an nId (as opposed to, for example, bucket index etc. which also use int) Co-authored-by: Pieter Wuille <pieter@wuille.net>
With nId being incremented for each addr received, an attacker could cause an overflow in the past. (https://bitcoincore.org/en/2024/07/31/disclose-addrman-int-overflow/) Even though that attack was made infeasible by rate-limiting (PR bitcoin#22387), to be on the safe side change the type to an int64_t.
1ded29d
to
51f7668
Compare
1ded29d to 51f7668:
No, there is no test case that directly tests the vulnerability. For that, we'd need to add approximately |
ACK 51f7668 The reasoning in the original post makes sense, this is an improvement. I reviewed the code visually. |
ACK 51f7668. I think it's a good change to make the nId space large(64 bits) so that the nId values are distinct. |
ACK 51f7668 |
…47757ea3b 1047757ea3b kernel: Add pure kernel bitcoin-chainstate c568fdf75fd kernel: Add block index utility functions to C header 0f1da1dcba5 kernel: Add function to read block undo data from disk to C header 45af559c9f6 kernel: Add functions to read block from disk to C header 2a7f8a8240c kernel: Add function for copying block data to C header b19f5336c03 kernel: Add functions for the block validation state to C header 9c0ffa913f4 kernel: Add validation interface to C header a93318c6152 kernel: Add interrupt function to C header 51053f33720 kernel: Add import blocks function to C header 6b0ada2af42 kernel: Add chainstate load options for in-memory dbs in C header 34427bfa9c7 kernel: Add options for reindexing in C header ca57311c969 kernel: Add block validation to C header 44156d84838 Kernel: Add chainstate loading to kernel C header 2cee46cdcc1 kernel: Add chainstate manager object to C header 7102c7ae45e kernel: Add notifications context option to C header ed628a2a3c4 kerenl: Add chain params context option to C header 27643297ff7 kernel: Add kernel library context object 2ba22cf3f90 kernel: Add logging to kernel library C header 873874c03e9 kernel: Introduce initial kernel C header API d94adc7270b Merge bitcoin/bitcoin#29702: fees: Remove CLIENT_VERSION serialization 7290bc61c00 Merge bitcoin/bitcoin#31078: build: Fix kernel static lib component install 68f29b24907 Merge bitcoin/bitcoin#31141: doc: Make list of targets in depends README consistent e9b95665eea Merge bitcoin/bitcoin#31046: init: Some small chainstate load improvements b8c821cc1ea Merge bitcoin/bitcoin#30724: test: add test for specifying custom pidfile via `-pid` a0c9595810c doc: Make list of targets in depends README consistent fa1c5cc9df1 fees: Log non-fatal errors as [warning], instead of info-level ffe4261cb06 Merge bitcoin/bitcoin#30935: ci: Approximate MAKEJOBS in image build phase 28ce159bc32 Merge bitcoin/bitcoin#30183: rpc: net: follow-ups for #30062 684873931b3 Merge bitcoin/bitcoin#26334: Add Signet and testnet4 launch shortcuts for Windows 9b0e2598089 Merge bitcoin/bitcoin#31121: guix: Enable CET for `glibc` package d9f8dc64534 Merge bitcoin/bitcoin#31097: validation: Improve input script check error reporting a16917fb598 rpc, net: improve `mapped_as` doc for getrawaddrman/getpeerinfo 563c4d29268 Merge bitcoin/bitcoin#31105: Update libmultiprocess library 0e9f20625a1 Merge bitcoin/bitcoin#31063: lint: commit-script-check.sh: echo to stderr e8f72aefd20 Merge bitcoin/bitcoin#29877: tracing: explicitly cast block_connected duration to nanoseconds 86e2a6b749c [test] A non-standard transaction which is also consensus-invalid should return the consensus error 4d3da08d1b9 guix: Enable CET for `glibc` package a38603456e9 Merge bitcoin/bitcoin#31100: doc: remove dependency install instructions from win docs 90b405516f7 Update libmultiprocess library 479715e9db0 Merge bitcoin/bitcoin#30996: doc: update signet documentation related to build directories 99e041f86fd Merge bitcoin/bitcoin#31099: doc: drop macOS LLVM install instructions 21e2f06a1cc Merge bitcoin/bitcoin#31067: test: Print CompletedProcess object on error 184f12c1542 doc: remove dependency install instructions from win docs dea9fb9a8b8 Merge bitcoin/bitcoin#30093: optimization: reserve memory allocation for transaction inputs/outputs 79aa8280b2e doc: drop LLVM install instructions 2123c94448e Merge bitcoin/bitcoin#30527: Bump python minimum supported version to 3.10 538ccaed004 Merge bitcoin/bitcoin#31048: build: Bump minimum supported macOS to 13.0 f859ff8a4e9 [validation] Improve script check error reporting ddddbac9c10 fees: Pin required version to 149900 fa5126adcb1 fees: Pin "version that wrote" to 0 0ca1d1bf69c Merge bitcoin/bitcoin#31092: doc: fuzz: remove Honggfuzz NetDriver instructions d823ba6e20b doc: fuzz: remove Honggfuzz NetDriver instructions 15563d3388e Merge bitcoin/bitcoin#30859: doc: cmake: prepend "build" to functional/test_runner.py 2ac5ba24bf0 Merge bitcoin/bitcoin#31083: doc: add doxygen for m_args in tests a0e089a71dc build: Bump minimum supported macOS to 13.0 1fe1b3ba8e9 doc: doxygen comment for m_args usage in tests 82e16e69832 cmake: Refactor install kernel dependencies 42e62779873 build: Add static libraries to Kernel install component e64b2f1a16e doc: cmake: prepend and explain "build/" where needed 48cf3da6360 Merge bitcoin/bitcoin#30970: build: Add missing USDT header dependency to kernel d8b835cf18c Merge bitcoin/bitcoin#31070: contrib: fix typos in check-deps.sh da8824ba301 Fix typos in check-deps.sh fa43c4f93ca test: Print CompletedProcess object on error 489e5aa3a29 Merge bitcoin/bitcoin#30857: cluster mempool: extend DepGraph functionality 9f45062b9b0 Merge bitcoin/bitcoin#30937: build: scripted-diff: drop config/ subdir for bitcoin-config.h 882f736d0a6 doc: lint: correct outdated comment (s/Makefile.am/CMakeLists.txt/) 1786be7b4a5 scripted-diff: drop config/ subdir for bitcoin-config.h, rename to bitcoin-build-config.h 0c2c3bb3f5c Merge bitcoin/bitcoin#30955: Mining interface: getCoinbaseMerklePath() and submitSolution() 9909a34d794 Merge bitcoin/bitcoin#30992: doc: update IBD requirements in doc/README.md fac6cfe5ac0 lint: commit-script-check.sh: echo to stderr 5fb94550638 Merge bitcoin/bitcoin#31058: refactor: include the proper header rather than forward-declaring RemovalReasonToString e569eb8d917 Merge bitcoin/bitcoin#30885: scripted-diff: Modernize nLocalServices naming 31cc5006c3d init: Return fatal failure on snapshot validation failure 8f1246e8338 init: Improve chainstate init db error messages 5837e3463fe Merge bitcoin/bitcoin#30967: refactor: Replace g_genesis_wait_cv with m_tip_block_cv ca2e4ba352c refactor: include the proper header rather than forward-declaring RemovalReasonToString a9f6a57b691 Merge bitcoin/bitcoin#30920: test: Remove 0.16.3 test from wallet_backwards_compatibility.py fa71bedf860 ci: Approximate MAKEJOBS in image build phase 03696bb1bd5 Merge bitcoin/bitcoin#31045: ci: Add missing -DWERROR=ON to test-each-commit 56093565bbe Merge bitcoin/bitcoin#31018: test: Treat exclude list warning as failure in CI bb47b5a6576 Merge bitcoin/bitcoin#31038: test: Fix copy-paste in wallet/test/db_tests ostream operator 3fecf36c7b3 Merge bitcoin/bitcoin#31056: ci: Double ctest timeout 3c4a9419dbe Merge bitcoin/bitcoin#31013: depends: For mingw cross compile use -gcc-posix to prevent library conflict 5d5cc021ce3 Merge bitcoin/bitcoin#31051: test: remove unused code from `script_tests` caf44e500eb Merge bitcoin/bitcoin#31008: depends: Print ready-to-use `--toolchain` option for CMake invocation fa5ebc99207 ci: Double ctest timeout 0b3ec8c59b2 clusterlin: remove Cluster type 1c24c625105 clusterlin: merge two DepGraph fuzz tests into simulation test 0606e66fdbb clusterlin: add DepGraph::RemoveTransactions and support for holes in DepGraph 75b5d42419e clusterlin: make DepGraph::AddDependency support multiple dependencies at once abf50649d13 clusterlin: simplify DepGraphFormatter::Ser eaab55ffc81 clusterlin: rework DepGraphFormatter::Unser 5901cf7100a clusterlin: abstract out DepGraph::GetReduced{Parents,Children} e0287bc4b2d test: remove unused code from script_tests 62e45167221 Merge bitcoin/bitcoin#31026: ci: set a ctest test timeout of 1200 (20 minutes) cd093049dda init: Remove incorrect comment about shutdown condition 635e9f85d76 init: Remove misleading log line when user chooses not to retry fa1cffacae6 ci: Install missing nproc in macos task faf7a2bccc7 ci: Add missing -DWERROR=ON to test-each-commit 56aad83307e ci: set a ctest timeout of 1200 (20 minutes) 1b707146717 Merge bitcoin-core/gui#840: qt6: Handle different signatures of `QANEF::nativeEventFilter` 720ce880a35 init: Improve comment describing chainstate load retry behaviour baea842ff18 init: Remove unneeded argument for mempool_opts checks ec58dfe8f74 Merge bitcoin/bitcoin#31010: cmake: Avoid hardcoding Qt's major version in Find module / variable names 5fe6878b5f7 Merge bitcoin-core/gui#836: Fix display issues for IPv6 proxy setup in Options Dialog (UI only, no functionality impact) f50557f5d36 test: Fix copy-paste in db_tests ostream operator 5ea335a97f8 Merge bitcoin/bitcoin#30793: rpc: add getorphantxs 76e2e8aabd8 Merge bitcoin/bitcoin#31035: doc: Archive 28.0 release notes f019fcec412 doc: Archive 28.0 release notes 80761afced1 qt6: Handle different signatures of `QANEF::nativeEventFilter` 51c698161b5 Merge bitcoin-core/gui#837: qt6: Fix linking when configured with `-DENABLE_WALLET=OFF` 4be785b3e33 Merge bitcoin-core/gui#839: qt6, test: Handle deprecated code f117f3f7473 Merge bitcoin-core/gui#838: qt6: Handle deprecated `QLocale::nativeCountryName` 5625840c11d qt6, test: Handle deprecated `QVERIFY_EXCEPTION_THROWN` 772928a13c2 Merge bitcoin/bitcoin#30982: docs: Add instructions on how to self-sign bitcoin-core binaries for macOS 27709f51ee0 docs: Add instructions on how to self-sign bitcoin-core binaries for macOS cfb59da4b3b Merge bitcoin/bitcoin#30980: fuzz: fix bug in p2p_headers_presync harness dda2613239b Merge bitcoin/bitcoin#30929: log: Enforce trailing newline e0ae9c14c4e Merge bitcoin/bitcoin#31011: refactor: move util/pcp and util/netif to common/ 98c1536852d test: add getorphantxs tests 93f48fceb7d test: add tx_in_orphanage() 34a9c10e8cd rpc: add getorphantxs f511ff3654d refactor: move verbosity parsing to rpc/util 36a6d4b0078 doc: update IBD requirements in doc/README.md fa6d14eacb2 test: Treat exclude list warning as failure in CI 6a370435526 Merge bitcoin/bitcoin#31007: doc: add testnet4 section header for config file 70910eb2ecb Merge bitcoin/bitcoin#31016: test: add missing sync to feature_fee_estimation.py 532491faf1a net: add GetOrphanTransactions() to PeerManager 91b65adff2a refactor: add OrphanTxBase for external use a1576edab35 test: add missing sync to feature_fee_estimation.py ae56b3230b2 depends: For mingw cross compile use -gcc-posix to prevent library conflict fd38711217c ci: make CI job fail when check-deps.sh script fails d51edecddcb common: move pcp.cpp and netif.cpp files from util to common library since they depend on netaddress.cpp 61cdb1c9d83 doc: add testnet4 section header for config file deacf3c7cd6 cmake: Avoid hardcoding Qt's major version in Find module 605926da0ab depends: Print ready-to-use `--toolchain` option for CMake invocation fa2b7d8d6b3 Remove redundant unterminated-logprintf tidy check bbbb2e43ee9 log: Enforce trailing newline, Remove redundant m_started_new_line fa22e5c430a refactor: Remove dead code that assumed tip == nullptr fa2e4439652 refactor: Replace g_genesis_wait_cv with m_tip_block_cv fa7f52af1a4 refactor: Use wait_for predicate to check for interrupt 5ca28ef28bc refactor: Split up NodeContext shutdown_signal and shutdown_request fad8e7fba7b bugfix: Mark m_tip_block_cv as guarded by m_tip_block_mutex fa18586c29d refactor: Add missing GUARDED_BY(m_tip_block_mutex) fa4c0750331 doc: Clarify waitTipChanged docs fc642c33ef2 Merge bitcoin/bitcoin#30718: test: switch MiniWallet padding unit from weight to vsize d7f956a309e Merge bitcoin/bitcoin#30968: init: Remove retry for loop c33eb2360e2 Merge bitcoin/bitcoin#30043: net: Replace libnatpmp with built-in PCP+NATPMP implementation f3c74c4a7e1 Merge bitcoin/bitcoin#30989: guix: Drop no longer needed `PATH` modification 5c7cacf649a ci: Remove natpmp build option and libnatpmp dependency 7e7ec984da5 doc: Remove mention of natpmp build options 061c3e32a26 depends: Drop natpmp and associated option from depends 20a18bf6aa3 build: Drop libnatpmp from build system 7b04709862f qt: Changes for built-in PCP+NAT-PMP 52f8ef66c61 net: Replace libnatpmp with built-in NATPMP+PCP implementation in mapport 97c97177cdb net: Add PCP and NATPMP implementation cb750b4b405 qt6, test: Use `qWarning()` instead of `QWARN()` macro 9123a286e97 qt6: Handle deprecated `QLocale::nativeCountryName` 940edd6ac24 test: refactor: introduce and use `TRUC_CHILD_MAX_VSIZE` constant c16ae717689 test: switch MiniWallet padding unit from weight to vsize a647d4400d5 doc: update signet documentation related to build directories f1daa80521e guix: Drop no longer needed `PATH` modification d812cf11896 Merge bitcoin/bitcoin#30879: test: re-bucket long-running tests 18d4c43cab4 Merge bitcoin/bitcoin#30921: test: generalize HasReason and use it in FailFmtWithError d7fcc91416a Merge bitcoin/bitcoin#30974: ci: Inline PACKAGE_MANAGER_INSTALL 29d00a1cee1 Merge bitcoin/bitcoin#30940: depends: Fix build with `MULTIPROCESS=1` in Guix environment 89a8e9b732f Merge bitcoin/bitcoin#30979: contrib: Update asmap link in seeds readme fafd1a0f648 ci: Inline PACKAGE_MANAGER_INSTALL 36ad9516dbd Merge bitcoin/bitcoin#30981: ci: add timestamps to cirrus jobs fa7c2838a5f Merge bitcoin/bitcoin#30948: test: Add missing sync_mempools() to fill_mempool() f951f1fab25 ci: add timestamps to cirrus jobs f158993fd55 contrib: Update asmap link in seeds readme d5af7d28f47 Merge bitcoin/bitcoin#30976: depends, doc: Drop package-specific note about CMake a7498cc7e26 Fix bug in p2p_headers_presync harness 4cf84b344de depends, doc: No need to specify general requirement e13da501db9 Merge bitcoin/bitcoin#30973: doc: fix `loadtxoutset` example 513b7136c79 Merge bitcoin/bitcoin#30961: ci: add `LLVM_SYMBOLIZER_PATH` to Valgrind fuzz job 286725168ae doc: fix loadtxoutset example 525e9dcba0b Add submitSolution to BlockTemplate interface 47b4875ef05 Add getCoinbaseMerklePath() to Mining interface 63d6ad7c89c Move BlockMerkleBranch back to merkle.{h,cpp} 65f6e7078b1 Merge bitcoin/bitcoin#30510: multiprocess: Add IPC wrapper for Mining interface da612cea032 Merge bitcoin/bitcoin#30962: validation: Disable CheckForkWarningConditions for background chainstate e9d60af9889 refactor: Replace init retry for loop with if statement c1d8870ea41 refactor: Move most of init retry for loop to a function ccd10fdb97f build: Add missing USDT header dependency to kernel 781c01f5806 init: Check mempool arguments in AppInitParameterInteractions 39219fe145e Merge bitcoin/bitcoin#30946: doc: correct the zmq automatic build info 06e7e836329 doc: correct the zmq automatic build info a9773b6215e Merge bitcoin/bitcoin#30963: doc: Adjust links in OSS-Fuzz section fa6c1946d23 doc: Adjust links in OSS-Fuzz section c0a0c72b4d6 validation: Disable CheckForkWarningConditions for background chainstate c1832584bfd ci: add LLVM_SYMBOLIZER_PATH to Valgrind fuzz job 393f323bd60 Merge bitcoin/bitcoin#30952: test: Use shell builtins in run_command test case faf801515f8 test: Add missing sync_mempools() to fill_mempool() fa48be6f023 test: Refactor fill_mempool to extract send_batch helper 1a332817665 doc: multiprocess documentation improvements 90a5786bba4 Merge bitcoin/bitcoin#30678: wallet: Write best block to disk before backup d043950ba24 multiprocess: Add serialization code for BlockValidationState 33c2eee285e multiprocess: Add IPC wrapper for Mining interface 06882f84017 multiprocess: Add serialization code for vector<char> 095286f790a multiprocess: Add serialization code for CTransaction 69dfeb18761 multiprocess: update common-types.h to use C++20 concepts 206c6e78eec build: Make bitcoin_ipc_test depend on bitcoin_ipc 070e6a32d5f depends: Update libmultiprocess library for cmake headers target dabc74e86c3 Merge bitcoin/bitcoin#30409: Introduce waitTipChanged() mining interface, replace RPCNotifyBlockChange, drop CRPCSignals & g_best_block 7bd3ee62f6d test: Use shell builtins in run_command test case f5a2000579b test: re-bucket long-running tests 06b4c339e89 depends: Fix reproducibility when building with `MULTIPROCESS=1` 04e4d52420a test: add test for specifying custom pidfile via `-pid` b832ffe0446 refactor: introduce default pid file name constant in tests d8e3afc3352 depends: Fix build with `MULTIPROCESS=1` in Guix environment f20fe33e94c test: Add basic balance coverage to wallet_assumeutxo.py d72df63d169 net: Use GetLocalAddresses in Discover e02030432b7 net: Add netif utility 754e4254388 crypto: Add missing WriteBE16 function 33adc7521cc Merge bitcoin/bitcoin#30765: refactor: Allow `CScript`'s `operator<<` to accept spans, not just vectors 0894748316c Merge bitcoin/bitcoin#30918: fuzz: Add check in `p2p_headers_presync` that chain work never exceeds minimum work f57a6754ed6 Merge bitcoin/bitcoin#30826: fuzz: reduce number of iterations in `crypto_aeadchacha20poly1305` target 48c20dbd86c Merge bitcoin/bitcoin#30794: interpreter: use int32_t instead of int type for risczero compile 4148e60909e Merge bitcoin/bitcoin#30679: fix: handle invalid `-rpcbind` port earlier a8a2628b7a9 Merge bitcoin/bitcoin#30828: interfaces: #30697 follow ups 0d81b3ddedc Merge bitcoin/bitcoin#30568: addrman: change internal id counting to int64_t c985a34b9c3 Merge bitcoin/bitcoin#26990: cli: Improve error message on multiwallet cli-side commands 037b101e808 test: Add coverage for best block locator write in wallet_backup 31c0df03890 wallet: migration, write best locator before unloading wallet 7e3dbe4180c wallet: Write best block to disk before backup 79f20fa1b1e Merge bitcoin/bitcoin#30561: refactor: move `SignSignature` helpers to test utils 284bd17309a add check that chainwork doesn't exceed minimum work 9aa5d1c3fcd add clarification in comment 197aa249551 Merge bitcoin/bitcoin#30856: build: drop obj/ subdirectory for generated build.h 7025942687f build: drop superfluous `HAVE_BUILD_INFO` define 0dd662510c5 build: drop obj/ subdir for generated build.h, rename to bitcoin-build-info.h 84cd6478c42 Merge bitcoin/bitcoin#30927: Follow-up after AutoFile position caching: remove unused code caac06f784c streams: reorder/document functions 67a3d590768 streams: remove unused code 2db926f49c8 Merge bitcoin/bitcoin#30889: log: Use ConstevalFormatString fee4cba4847 gui: Fix proxy details display in Options Dialog 9ba56884f62 Merge bitcoin/bitcoin#30869: ci: Print inner env, Make ccache config more flexible 6c3c619b35c test: generalize HasReason and use it in FailFmtWithError ab0b5706b25 Merge bitcoin/bitcoin#30875: doc: fixed inconsistencies in documentation between autotools to cmake change fd08fded63a Merge bitcoin/bitcoin#30639: ci: Use clang-19 in msan tasks 5be34bacf6d qt: Fix linking when configured with `-DENABLE_WALLET=OFF` a9964c04447 doc: Updating docs from autotools to cmake fae44c83da9 test: Remove 0.16.3 test from wallet_backwards_compatibility.py 69409bc6e55 Merge bitcoin/bitcoin#30908: doc: remove Eclipser fuzzing documentation 6b97882ab53 Merge bitcoin/bitcoin#30915: ci: Use `ninja` to build in macOS native CI job e6994efe08b fix: increase rpcbind check robustness d38e3aed89e fix: handle invalid rpcbind port earlier 83b67f2e6d5 refactor: move host/port checking 73c243965ab test: add tests for invalid rpcbind ports 54227e681a4 rpc, cli: improve error message on multiwallet mode 735436df8ce Remove outdated Eclipser fuzzing documentation ccccb67851b ci: Use clang-19 in msan tasks facbcd4cef8 log: Use ConstevalFormatString d01b85bfecb ci: Use `ninja` to build in macOS native CI job 6fc46927971 Merge bitcoin/bitcoin#29624: doc: update NeedsRedownload() and nStatus comment 2a0949f0977 Merge bitcoin/bitcoin#30888: build: optimize .h generation in GenerateHeaderFrom{Raw,Json}.cmake bdbc90f29ac Merge bitcoin/bitcoin#30902: Remove Autotools packages from CI (and depends doc) a95e742b692 Merge bitcoin/bitcoin#30913: ci: Use macos-14 GHA image (x86_64-apple-darwin22.6.0 -> arm64-apple-darwin23.6.0) 225718eda89 Merge bitcoin/bitcoin#30438: guix: (explicitly) build Linux GCC with `--enable-cet` fab932b4211 ci: Remove incorrectly hardcoded HOST in mac_native task af9f9878934 doc: update NeedsRedownload() comment fa8f35d7865 ci: Use macos-14 GHA image 7942951e3fc Remove unused g_best_block e3a560ca68d rpc: use waitTipChanged for longpoll 460687a09c2 Remove unused CRPCSignals dca923150e3 Replace RPCNotifyBlockChange with waitTipChanged() 2a40ee11219 rpc: check for negative timeout arg in waitfor* de7c855b3af rpc: recommend -rpcclienttimeout=0 for waitfor* 77ec072925a rpc: fix waitfornewblock description 285fe9fb51c rpc: add test for waitforblock and waitfornewblock b94b27cf05c Add waitTipChanged to Mining interface 7eccdaf1608 node: Track last block that received a blockTip notification ebb8215f236 Rename getTipHash() to getTip() and return BlockRef 89a8f74bbbb refactor: rename BlockKey to BlockRef 9f1aa88d4d9 Merge bitcoin/bitcoin#30884: streams: cache file position within AutoFile 06329eb1348 Merge bitcoin/bitcoin#29436: net: call `Select` with reachable networks in `ThreadOpenConnections` e983ed41d9f Merge bitcoin/bitcoin#30410: rpc, rest: Improve block rpc error handling, check header before attempting to read block data. fce9e065c16 Merge bitcoin/bitcoin#28358: Drop -dbcache limit 8d000b85dd4 Merge bitcoin/bitcoin#30868: refactor: add clang-tidy `modernize-use-starts-ends-with` check 3f66642820b Merge bitcoin/bitcoin#30440: Have createNewBlock() return a BlockTemplate interface 2bf721e76a5 Merge bitcoin/bitcoin#30661: fuzz: Test headers pre-sync through p2p c38e9993de7 Merge bitcoin/bitcoin#30286: cluster mempool: optimized candidate search fa99e4521b6 ci: Allow CCACHE_DIR bind mount 37679b856ce Merge bitcoin/bitcoin#30899: qt: Translations update fc7b507e9a5 tidy: add clang-tidy `modernize-use-starts-ends-with` check 7a8a6a06676 doc: Fix comment in `contrib/devtools/check-deps.sh` script 712d105e093 depends, doc: Do not install Autotools packages b786449e663 ci: Do not install Autotools packages a240e150e83 streams: remove AutoFile::Get() entirely ae052957614 qt: Translations update 6a1aa510e31 rpc: check block index before reading block / undo data 6cbf2e5f819 rpc: Improve gettxoutproof error when only header is available. 69fc867ea19 test: add coverage to getblock and getblockstats 5290cbd5850 rpc: Improve getblock / getblockstats error when only header is available. e5b537bbdfb rest: improve error when only header of a block is available. e624a9bef16 streams: cache file position within AutoFile 89bf11b8072 guix: build Linux GCC with --enable-cet a93c171faa7 Drop unneeded nullptr check from CreateNewBlock() dd87b6dff35 Have createNewBlock return BlockTemplate interface fae9b60c4ff test: Use LogPrintStr to test m_log_sourcelocations 33381ea530a scripted-diff: Modernize nLocalServices to m_local_services 2a581144f28 build: Minimize I/O operations in GenerateHeaderFromJson.cmake aa003d1568b build: Minimize I/O operations in GenerateHeaderFromRaw.cmake 9ad2fe7e69e clusterlin: only start/use search when enough iterations left bd044356edb clusterlin: improve heuristic to decide split transaction (optimization) 71f26293988 clusterlin: include topological pot subsets automatically (optimization) e20fda77a2d clusterlin: reduce computation of unnecessary pot sets (optimization) 6060a948caf clusterlin bench: add example hard cluster benchmarks 2965fbf203f clusterlin: track upper bound potential set for work items (optimization) 9e43e4ce109 clusterlin: use feerate-sorted depgraph in SearchCandidateFinder b80e6dfe780 clusterlin: add reordering support for DepGraph 85a285a3061 clusterlin: separate initial search entries per component (optimization) e4faea9ca79 clusterlin bench: have low/high iter benchmarks instead of per-iter fa39b1ca638 doc: move-only logging warning fa252da0b9c ci: Remove hardcoded CCACHE_DIR in cirrus fa146904e19 ci: Bump default CCACHE_MAXSIZE to 500M aaaa7cf8bad cirrus: Drop CCACHE_NOHASHDIR fa7ca182a9b ci: Print inner env 84663291275 chain: simplify `deleteRwSettings` code and improve it's doc f8d91f49c70 chain: dont check for null settings value in `overwriteRwSetting` df601993f2d chain: ensure `updateRwSetting` doesn't update to a null settings 5e190cd11f6 Replace CScript _hex_v_u8 appends with _hex cac846c2fbf Allow CScript's operator<< to accept spans, not just vectors c78d8ff4cb8 prevector: avoid GCC bogus warnings in insert method e4e3b44e9cc net: call `Select` with reachable networks in `ThreadOpenConnections` 829becd990b addrman: change `Select` to support multiple networks f698636ec86 net: add `All()` in `ReachableNets` a97f43d63a6 fuzz: Add harness for p2p headers sync c8e2eeeffb4 chain: uniformly use `SettingsAction` enum in settings methods f482d0e366a fuzz: reduce number of iterations in `crypto_aeadchacha20poly1305` target 1e9e735670f chain: move new settings safely in `overwriteRwSetting` 1c409004c80 test: remove wallet context from `write_wallet_settings_concurrently` 58499b00d0a refactor: move `SignSignature` helpers to test utils cd0edf26c07 tracing: cast block_connected duration to nanoseconds cfd03de965a Add Testnet4 launch shortcut for Windows 77b2923f871 Add Signet launch shortcut for Windows bc52cda1f3c fix use int32_t instead of int type for risczero compile with (-march=rv32i, -mabi=ilp32) a0eaa4749fe Add FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION in PoW check a3f6f5acd89 build: Automatically define FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION for fuzz builds 0c02d4b2bdb net_processing: Make MAX_HEADERS_RESULTS a PeerManager option 51f7668d31e addrman: change nid_type from int to int64_t 051ba3290e3 addrman, refactor: introduce user-defined type for internal nId bdad0243be8 rpc, net: getrawaddrman "mapped_as" follow-ups fa1b139d17d Bump python minimum supported version to 3.10 ec585f11c38 Reserve space for transaction inputs in CreateTransactionInternal c76aaaf9003 Reserve space for transaction outputs in CreateTransactionInternal bb3b980dfd9 validation: drop maximum -dbcache REVERT: e70e527ef21 kernel: Add pure kernel bitcoin-chainstate REVERT: ed9a8a54d3c kernel: Add block index utility functions to C header REVERT: 6338dd45b55 kernel: Add function to read block undo data from disk to C header REVERT: a2ac0c1e7c9 kernel: Add functions to read block from disk to C header REVERT: 170060c3372 kernel: Add function for copying block data to C header REVERT: 0f8c00bba07 kernel: Add functions for the block validation state to C header REVERT: 41dba7d2603 kernel: Add validation interface to C header REVERT: 877cf01f22c kernel: Add interrupt function to C header REVERT: f77c2b90422 kernel: Add import blocks function to C header REVERT: 254e17dbeab kernel: Add chainstate load options for in-memory dbs in C header REVERT: 8baa06d318f kernel: Add options for reindexing in C header REVERT: 0243ed8a200 kernel: Add block validation to C header REVERT: 36fbab87e9e Kernel: Add chainstate loading to kernel C header REVERT: b249e93f295 kernel: Add chainstate manager object to C header REVERT: 2546745a393 kernel: Add notifications context option to C header REVERT: 2578746e87f kerenl: Add chain params context option to C header REVERT: 21107de0ca7 kernel: Add kernel library context object REVERT: 83cc65c4911 kernel: Add logging to kernel library C header REVERT: 2f47169f91e kernel: Introduce initial kernel C header API git-subtree-dir: libbitcoinkernel-sys/bitcoin git-subtree-split: 1047757ea3b4b78b51d7338ea44e2123851143fe
This makes it easier to track which spots refer to an nId (as opposed to, for example, bucket index etc. which also use int) Co-authored-by: Pieter Wuille <pieter@wuille.net> Github-Pull: bitcoin#30568 Rebased-From: 051ba32
With nId being incremented for each addr received, an attacker could cause an overflow in the past. (https://bitcoincore.org/en/2024/07/31/disclose-addrman-int-overflow/) Even though that attack was made infeasible by rate-limiting (PR bitcoin#22387), to be on the safe side change the type to an int64_t. Github-Pull: bitcoin#30568 Rebased-From: 051ba32
With nId being incremented for each addr received, an attacker could cause an overflow in the past. (https://bitcoincore.org/en/2024/07/31/disclose-addrman-int-overflow/) Even though that attack was made infeasible by rate-limiting (PR bitcoin#22387), to be on the safe side change the type to an int64_t. Github-Pull: bitcoin#30568 Rebased-From: 51f7668
8fef83a doc: update manual pages for 28.1rc1 (fanquake) df77646 build: bump version to 28.1rc1 (fanquake) 9add853 doc: update release notes for 28.1rc1 (fanquake) 1025090 build: disable compiling fuzz/utxo_snapshot.cpp with MSVC (fanquake) 446f5d2 refactor: Drop deprecated space in operator""_mst (MarcoFalke) 9976162 addrman: change nid_type from int to int64_t (Martin Zumsande) 1d0411d addrman, refactor: introduce user-defined type for internal nId (Martin Zumsande) 7fec638 depends: For mingw cross compile use -gcc-posix to prevent library conflict (laanwj) f998ac6 key: clear out secret data in `DecodeExtKey` (Sebastian Falbesoner) 0773560 ci: add LLVM_SYMBOLIZER_PATH to Valgrind fuzz job (fanquake) b917334 test: add missing sync to feature_fee_estimation.py (Martin Zumsande) f072721 doc: add testnet4 section header for config file (Marnix) 6643fd2 doc: Archive 28.0 release notes (Ava Chow) Pull request description: Backports: * #30568 * #31007 * #31013 * #31016 * #31035 * #31166 Contains: * A commit to do the same as #31307. ACKs for top commit: willcl-ark: ACK 8fef83a Tree-SHA512: 58f0c6cb9e5b7ac17ad20141acdc5423dbe8e79cc3a2cf1c4e503d289b75940632c9838c64e3ac733b1a55e65723fc1071ccdd9a860a710256cc88e29f42ccdb
With
nIdCount
being incremented for each addr received, an attacker could cause an overflow in the past, see https://bitcoincore.org/en/2024/07/31/disclose-addrman-int-overflow/Even though that attack was made infeasible indirectly by addr rate-limiting (PR #22387), to be on the safe side and prevent any regressions change the
nId
s used internally toint64_t
.This is being done by first introducing a user-defined type for
nId
s in the first commit, and then updating it toint64_t
(thanks sipa for help with this!).Note that
nId
is only used internally, it is not part of the serialization, sopeers.dat
should not be affected by this.I assume that the only reason this was not done in the past is to not draw attention to this previously undisclosed issue.