From 46e7f800bd78aa4d4de5915b4a7e5a3234c507d6 Mon Sep 17 00:00:00 2001
From: e0 <ethan.r.heilman@gmail.com>
Date: Tue, 6 Mar 2018 18:26:29 -0500
Subject: [PATCH] Limit the number of IPs we use from each DNS seeder

A risk exists where a malicious DNS seeder eclipses a node by returning an enormous number of IP addresses. In this commit we mitigate this risk by limiting the number of IP addresses addrman learns to 256 per DNS seeder.
---
 src/net.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/net.cpp b/src/net.cpp
index f7e6c300b..33a60ac96 100644
--- a/src/net.cpp
+++ b/src/net.cpp
@@ -1631,7 +1631,8 @@ void CConnman::ThreadDNSAddressSeed()
             if (!resolveSource.SetInternal(host)) {
                 continue;
             }
-            if (LookupHost(host.c_str(), vIPs, 0, true))
+            unsigned int nMaxIPs = 256; // Limits number of IPs learned from a DNS seed
+            if (LookupHost(host.c_str(), vIPs, nMaxIPs, true))
             {
                 for (const CNetAddr& ip : vIPs)
                 {