From 68f7d1d7af39a8ea6510f888e8e058e8e8faa007 Mon Sep 17 00:00:00 2001
From: Peter Todd <pete@petertodd.org>
Date: Mon, 10 Mar 2014 17:31:46 -0400
Subject: Create (MANDATORY|STANDARD)_SCRIPT_VERIFY_FLAGS constants

---
 src/script.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/script.cpp')

diff --git a/src/script.cpp b/src/script.cpp
index 810ba16d2..dc0cd28bf 100644
--- a/src/script.cpp
+++ b/src/script.cpp
@@ -1670,7 +1670,7 @@ bool SignSignature(const CKeyStore &keystore, const CScript& fromPubKey, CTransa
     }
 
     // Test solution
-    return VerifyScript(txin.scriptSig, fromPubKey, txTo, nIn, SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_STRICTENC, 0);
+    return VerifyScript(txin.scriptSig, fromPubKey, txTo, nIn, STANDARD_SCRIPT_VERIFY_FLAGS, 0);
 }
 
 bool SignSignature(const CKeyStore &keystore, const CTransaction& txFrom, CTransaction& txTo, unsigned int nIn, int nHashType)
-- 
cgit v1.2.3


From 6380180821917c22ecfd89128ee60aae6f4cac33 Mon Sep 17 00:00:00 2001
From: Peter Todd <pete@petertodd.org>
Date: Mon, 10 Mar 2014 17:36:35 -0400
Subject: Add rejection of non-null CHECKMULTISIG dummy values

This is a source of transaction mutability as the dummy value was
previously not checked and could be modified to something other than the
usual OP_0 value.
---
 src/script.cpp | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

(limited to 'src/script.cpp')

diff --git a/src/script.cpp b/src/script.cpp
index dc0cd28bf..a5cdc9712 100644
--- a/src/script.cpp
+++ b/src/script.cpp
@@ -934,8 +934,22 @@ bool EvalScript(vector<vector<unsigned char> >& stack, const CScript& script, co
                             fSuccess = false;
                     }
 
-                    while (i-- > 0)
+                    // Clean up stack of actual arguments
+                    while (i-- > 1)
                         popstack(stack);
+
+                    // A bug causes CHECKMULTISIG to consume one extra argument
+                    // whose contents were not checked in any way.
+                    //
+                    // Unfortunately this is a potential source of mutability,
+                    // so optionally verify it is exactly equal to zero prior
+                    // to removing it from the stack.
+                    if (stack.size() < 1)
+                        return false;
+                    if ((flags & SCRIPT_VERIFY_NULLDUMMY) && stacktop(-1).size())
+                        return error("CHECKMULTISIG dummy argument not null");
+                    popstack(stack);
+
                     stack.push_back(fSuccess ? vchTrue : vchFalse);
 
                     if (opcode == OP_CHECKMULTISIGVERIFY)
-- 
cgit v1.2.3