Better fingerprinting protection for non-main-chain getdatas.

With headers-first we can compare against the best header timestamp, rather than using checkpoints which require code updates to maintain. Rebased-From: 85da07a5a001a563488382435202b74a3e3e964a Github-Pull: #5820
author: Pieter Wuille <pieter.wuille@gmail.com> 2015-02-24 04:27:25 -0800
committer: Wladimir J. van der Laan <laanwj@gmail.com> 2015-02-26 17:14:14 +0100
commit: aeb92792281b4cb9958f3defc9e36f63e65b778a (patch)
tree: 7f3898b3672da432681855a2590749b58fdc4ce8
parent: 23126a0a09c26486937c18f75f7701b416ee20af (diff)
download: bitcoin-aeb92792281b4cb9958f3defc9e36f63e65b778a.tar.xz
1 files changed, 10 insertions, 12 deletions
diff --git a/src/main.cpp b/src/main.cpp
index ce7c1277ad..d77eb2877e 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -3312,19 +3312,17 @@ void static ProcessGetData(CNode* pfrom)
                 BlockMap::iterator mi = mapBlockIndex.find(inv.hash);
                 if (mi != mapBlockIndex.end())
                 {
-                    // If the requested block is at a height below our last
-                    // checkpoint, only serve it if it's in the checkpointed chain
-                    int nHeight = mi->second->nHeight;
-                    CBlockIndex* pcheckpoint = Checkpoints::GetLastCheckpoint();
-                    if (pcheckpoint && nHeight < pcheckpoint->nHeight) {
-                        if (!chainActive.Contains(mi->second))
-                        {
-                            LogPrintf("ProcessGetData(): ignoring request for old block that isn't in the main chain\n");
-                        } else {
-                            send = true;
-                        }
-                    } else {
+                    if (chainActive.Contains(mi->second)) {
                         send = true;
+                    } else {
+                        // To prevent fingerprinting attacks, only send blocks outside of the active
+                        // chain if they are valid, and no more than a month older than the best header
+                        // chain we know about.
+                        send = mi->second->IsValid(BLOCK_VALID_SCRIPTS) && (pindexBestHeader != NULL) &&
+                            (mi->second->GetBlockTime() > pindexBestHeader->GetBlockTime() - 30 * 24 * 60 * 60);
+                        if (!send) {
+                            LogPrintf("ProcessGetData(): ignoring request from peer=%i for old block that isn't in the main chain\n", pfrom->GetId());
+                        }
                     }
                 }
                 if (send)
author	Pieter Wuille <pieter.wuille@gmail.com>	2015-02-24 04:27:25 -0800
committer	Wladimir J. van der Laan <laanwj@gmail.com>	2015-02-26 17:14:14 +0100
commit	aeb92792281b4cb9958f3defc9e36f63e65b778a (patch)
tree	7f3898b3672da432681855a2590749b58fdc4ce8
parent	23126a0a09c26486937c18f75f7701b416ee20af (diff)
download	bitcoin-aeb92792281b4cb9958f3defc9e36f63e65b778a.tar.xz