Better fingerprinting protection for non-main-chain getdatas.

With headers-first we can compare against the best header timestamp, rather
than using checkpoints which require code updates to maintain.
This commit is contained in:
Pieter Wuille 2015-02-24 04:27:25 -08:00
parent 8b298ca7d7
commit 85da07a5a0

View File

@ -3355,19 +3355,17 @@ void static ProcessGetData(CNode* pfrom)
BlockMap::iterator mi = mapBlockIndex.find(inv.hash); BlockMap::iterator mi = mapBlockIndex.find(inv.hash);
if (mi != mapBlockIndex.end()) if (mi != mapBlockIndex.end())
{ {
// If the requested block is at a height below our last if (chainActive.Contains(mi->second)) {
// checkpoint, only serve it if it's in the checkpointed chain
int nHeight = mi->second->nHeight;
CBlockIndex* pcheckpoint = Checkpoints::GetLastCheckpoint();
if (pcheckpoint && nHeight < pcheckpoint->nHeight) {
if (!chainActive.Contains(mi->second))
{
LogPrintf("ProcessGetData(): ignoring request for old block that isn't in the main chain\n");
} else {
send = true; send = true;
} else {
// To prevent fingerprinting attacks, only send blocks outside of the active
// chain if they are valid, and no more than a month older than the best header
// chain we know about.
send = mi->second->IsValid(BLOCK_VALID_SCRIPTS) && (pindexBestHeader != NULL) &&
(mi->second->GetBlockTime() > pindexBestHeader->GetBlockTime() - 30 * 24 * 60 * 60);
if (!send) {
LogPrintf("ProcessGetData(): ignoring request from peer=%i for old block that isn't in the main chain\n", pfrom->GetId());
} }
} else {
send = true;
} }
} }
if (send) if (send)