From a591c7ec03530aa80ebcb63bc1808708eabddc22 Mon Sep 17 00:00:00 2001 From: David Hill Date: Tue, 27 May 2014 13:59:24 -0400 Subject: [PATCH] Add new ScriptFlag ScriptStrictMultiSig. ScriptStrictMultiSig verifies that the stack item used by CHECKMULTISIG is zero length. --- opcode.go | 7 ++++++- script.go | 8 ++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/opcode.go b/opcode.go index 998fc953..d63860bb 100644 --- a/opcode.go +++ b/opcode.go @@ -1891,11 +1891,16 @@ func opcodeCheckMultiSig(op *parsedOpcode, s *Script) error { } // bug in bitcoind mean we pop one more stack value than should be used. - _, err = s.dstack.PopByteArray() + dummy, err := s.dstack.PopByteArray() if err != nil { return err } + if s.strictMultiSig && len(dummy) != 0 { + return fmt.Errorf("multisig dummy argument is not zero length: %d", + len(dummy)) + } + if len(signatures) == 0 { s.dstack.PushBool(nsig == 0) return nil diff --git a/script.go b/script.go index 945f3b4f..74df6fe7 100644 --- a/script.go +++ b/script.go @@ -207,6 +207,7 @@ type Script struct { numOps int bip16 bool // treat execution as pay-to-script-hash der bool // enforce DER encoding + strictMultiSig bool // verify multisig stack item is zero length savedFirstStack [][]byte // stack from first script for bip16 scripts } @@ -508,6 +509,10 @@ const ( // recognized by creator of the transaction. Performing a canonical // check enforces script signatures use a unique DER format. ScriptCanonicalSignatures + + // ScriptStrictMultiSig defines whether to verify the stack item + // used by CHECKMULTISIG is zero length. + ScriptStrictMultiSig ) // NewScript returns a new script engine for the provided tx and input idx with @@ -550,6 +555,9 @@ func NewScript(scriptSig []byte, scriptPubKey []byte, txidx int, tx *btcwire.Msg if flags&ScriptCanonicalSignatures == ScriptCanonicalSignatures { m.der = true } + if flags&ScriptStrictMultiSig == ScriptStrictMultiSig { + m.strictMultiSig = true + } m.tx = *tx m.txidx = txidx