Browse Source

Better fingerprinting protection for non-main-chain getdatas.

With headers-first we can compare against the best header timestamp, rather
than using checkpoints which require code updates to maintain.
0.13
Pieter Wuille 10 years ago
parent
commit
85da07a5a0
  1. 20
      src/main.cpp

20
src/main.cpp

@ -3355,19 +3355,17 @@ void static ProcessGetData(CNode* pfrom) @@ -3355,19 +3355,17 @@ void static ProcessGetData(CNode* pfrom)
BlockMap::iterator mi = mapBlockIndex.find(inv.hash);
if (mi != mapBlockIndex.end())
{
// If the requested block is at a height below our last
// checkpoint, only serve it if it's in the checkpointed chain
int nHeight = mi->second->nHeight;
CBlockIndex* pcheckpoint = Checkpoints::GetLastCheckpoint();
if (pcheckpoint && nHeight < pcheckpoint->nHeight) {
if (!chainActive.Contains(mi->second))
{
LogPrintf("ProcessGetData(): ignoring request for old block that isn't in the main chain\n");
} else {
if (chainActive.Contains(mi->second)) {
send = true;
}
} else {
send = true;
// To prevent fingerprinting attacks, only send blocks outside of the active
// chain if they are valid, and no more than a month older than the best header
// chain we know about.
send = mi->second->IsValid(BLOCK_VALID_SCRIPTS) && (pindexBestHeader != NULL) &&
(mi->second->GetBlockTime() > pindexBestHeader->GetBlockTime() - 30 * 24 * 60 * 60);
if (!send) {
LogPrintf("ProcessGetData(): ignoring request from peer=%i for old block that isn't in the main chain\n", pfrom->GetId());
}
}
}
if (send)

Loading…
Cancel
Save