Better fingerprinting protection for non-main-chain getdatas.
With headers-first we can compare against the best header timestamp, rather than using checkpoints which require code updates to maintain.
This commit is contained in:
parent
8b298ca7d7
commit
85da07a5a0
1 changed files with 10 additions and 12 deletions
22
src/main.cpp
22
src/main.cpp
|
@ -3355,19 +3355,17 @@ void static ProcessGetData(CNode* pfrom)
|
||||||
BlockMap::iterator mi = mapBlockIndex.find(inv.hash);
|
BlockMap::iterator mi = mapBlockIndex.find(inv.hash);
|
||||||
if (mi != mapBlockIndex.end())
|
if (mi != mapBlockIndex.end())
|
||||||
{
|
{
|
||||||
// If the requested block is at a height below our last
|
if (chainActive.Contains(mi->second)) {
|
||||||
// checkpoint, only serve it if it's in the checkpointed chain
|
|
||||||
int nHeight = mi->second->nHeight;
|
|
||||||
CBlockIndex* pcheckpoint = Checkpoints::GetLastCheckpoint();
|
|
||||||
if (pcheckpoint && nHeight < pcheckpoint->nHeight) {
|
|
||||||
if (!chainActive.Contains(mi->second))
|
|
||||||
{
|
|
||||||
LogPrintf("ProcessGetData(): ignoring request for old block that isn't in the main chain\n");
|
|
||||||
} else {
|
|
||||||
send = true;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
send = true;
|
send = true;
|
||||||
|
} else {
|
||||||
|
// To prevent fingerprinting attacks, only send blocks outside of the active
|
||||||
|
// chain if they are valid, and no more than a month older than the best header
|
||||||
|
// chain we know about.
|
||||||
|
send = mi->second->IsValid(BLOCK_VALID_SCRIPTS) && (pindexBestHeader != NULL) &&
|
||||||
|
(mi->second->GetBlockTime() > pindexBestHeader->GetBlockTime() - 30 * 24 * 60 * 60);
|
||||||
|
if (!send) {
|
||||||
|
LogPrintf("ProcessGetData(): ignoring request from peer=%i for old block that isn't in the main chain\n", pfrom->GetId());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (send)
|
if (send)
|
||||||
|
|
Loading…
Add table
Reference in a new issue