From 7e908c7b826cedbf29560ce7a668af809ee71524 Mon Sep 17 00:00:00 2001
From: Gregory Maxwell <greg@xiph.org>
Date: Fri, 20 May 2016 16:19:26 +0000
Subject: Do not use mempool for GETDATA for tx accepted after the last mempool
 req.

The ability to GETDATA a transaction which has not (yet) been relayed
 is a privacy loss vector.

The use of the mempool for this was added as part of the mempool p2p
 message and is only needed to fetch transactions returned by it.
---
 src/main.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'src/main.cpp')

diff --git a/src/main.cpp b/src/main.cpp
index 9ba90b4ea..2ee6bc531 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -4503,7 +4503,10 @@ void static ProcessGetData(CNode* pfrom, const Consensus::Params& consensusParam
                 }
                 if (!pushed && inv.type == MSG_TX) {
                     CTransaction tx;
-                    if (mempool.lookup(inv.hash, tx)) {
+                    int64_t txtime;
+                    // To protect privacy, do not answer getdata using the mempool when
+                    // that TX couldn't have been INVed in reply to a MEMPOOL request.
+                    if (mempool.lookup(inv.hash, tx, txtime) && txtime <= pfrom->timeLastMempoolReq) {
                         pfrom->PushMessage(NetMsgType::TX, tx);
                         pushed = true;
                     }
@@ -5902,6 +5905,7 @@ bool SendMessages(CNode* pto)
                         vInv.clear();
                     }
                 }
+                pto->timeLastMempoolReq = GetTime();
             }
 
             // Determine transactions to relay
-- 
cgit v1.2.3