Skip to content

Commit

Permalink
Merge bitcoin#12626: Limit the number of IPs addrman learns from each…
Browse files Browse the repository at this point in the history 
… DNS seeder

46e7f80 Limit the number of IPs we use from each DNS seeder (e0)

Pull request description:

  A risk exists where a malicious DNS seeder eclipses a node by returning an enormous number of IP addresses. In this commit we mitigate this risk by limiting the number of IP addresses addrman learns to 256 per DNS seeder.

  As discussed with @theuni

Tree-SHA512: 949e870765b1470200f2c650341d9e3308a973a7d1a6e557b944b0a2b8ccda49226fc8c4ff7d2a05e5854c4014ec0b67e37a3f2287556fe7dfa2048ede1f2e6f
  • Loading branch information
@laanwj @PastaPastaPasta
laanwj authored and PastaPastaPasta committed Jan 26, 2020
1 parent f920fa0 commit 72f7287
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion src/net.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1765,7 +1765,8 @@ void CConnman::ThreadDNSAddressSeed()
if (!resolveSource.SetInternal(host)) {
continue;
}
if (LookupHost(host.c_str(), vIPs, 0, true))
unsigned int nMaxIPs = 256; // Limits number of IPs learned from a DNS seed
if (LookupHost(host.c_str(), vIPs, nMaxIPs, true))
{
for (const CNetAddr& ip : vIPs)
{
Expand Down

0 comments on commit 72f7287

Please sign in to comment.