diff options
| author | e0 <[email protected]> | 2018-03-06 18:26:29 -0500 |
|---|---|---|
| committer | e0 <[email protected]> | 2018-03-06 18:26:29 -0500 |
| commit | 46e7f800bd78aa4d4de5915b4a7e5a3234c507d6 (patch) | |
| tree | 7ec920effa2c47f24f9a17d6f4fb9a3f6f96e211 | |
| parent | Merge #11372: Address encoding cleanup (diff) | |
| download | discoin-46e7f800bd78aa4d4de5915b4a7e5a3234c507d6.tar.xz discoin-46e7f800bd78aa4d4de5915b4a7e5a3234c507d6.zip | |
Limit the number of IPs we use from each DNS seeder
A risk exists where a malicious DNS seeder eclipses a node by returning an enormous number of IP addresses. In this commit we mitigate this risk by limiting the number of IP addresses addrman learns to 256 per DNS seeder.
| -rw-r--r-- | src/net.cpp | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/net.cpp b/src/net.cpp index f7e6c300b..33a60ac96 100644 --- a/src/net.cpp +++ b/src/net.cpp @@ -1631,7 +1631,8 @@ void CConnman::ThreadDNSAddressSeed() if (!resolveSource.SetInternal(host)) { continue; } - if (LookupHost(host.c_str(), vIPs, 0, true)) + unsigned int nMaxIPs = 256; // Limits number of IPs learned from a DNS seed + if (LookupHost(host.c_str(), vIPs, nMaxIPs, true)) { for (const CNetAddr& ip : vIPs) { |