Better fingerprinting protection for non-main-chain getdatas.
With headers-first we can compare against the best header timestamp, rather than using checkpoints which require code updates to maintain.
This commit is contained in:
parent
8b298ca7d7
commit
85da07a5a0
1 changed files with 10 additions and 12 deletions
22
src/main.cpp
22
src/main.cpp
|
@ -3355,19 +3355,17 @@ void static ProcessGetData(CNode* pfrom)
|
|||
BlockMap::iterator mi = mapBlockIndex.find(inv.hash);
|
||||
if (mi != mapBlockIndex.end())
|
||||
{
|
||||
// If the requested block is at a height below our last
|
||||
// checkpoint, only serve it if it's in the checkpointed chain
|
||||
int nHeight = mi->second->nHeight;
|
||||
CBlockIndex* pcheckpoint = Checkpoints::GetLastCheckpoint();
|
||||
if (pcheckpoint && nHeight < pcheckpoint->nHeight) {
|
||||
if (!chainActive.Contains(mi->second))
|
||||
{
|
||||
LogPrintf("ProcessGetData(): ignoring request for old block that isn't in the main chain\n");
|
||||
} else {
|
||||
send = true;
|
||||
}
|
||||
} else {
|
||||
if (chainActive.Contains(mi->second)) {
|
||||
send = true;
|
||||
} else {
|
||||
// To prevent fingerprinting attacks, only send blocks outside of the active
|
||||
// chain if they are valid, and no more than a month older than the best header
|
||||
// chain we know about.
|
||||
send = mi->second->IsValid(BLOCK_VALID_SCRIPTS) && (pindexBestHeader != NULL) &&
|
||||
(mi->second->GetBlockTime() > pindexBestHeader->GetBlockTime() - 30 * 24 * 60 * 60);
|
||||
if (!send) {
|
||||
LogPrintf("ProcessGetData(): ignoring request from peer=%i for old block that isn't in the main chain\n", pfrom->GetId());
|
||||
}
|
||||
}
|
||||
}
|
||||
if (send)
|
||||
|
|
Loading…
Reference in a new issue