prevent peer flooding request queue for an inv

mapAlreadyAskedFor does not keep track of which peer has a request queued for a
particular tx. As a result, a peer can blind a node to a tx indefinitely by
sending many invs for the same tx, and then never replying to getdatas for it.
Each inv received will be placed 2 minutes farther back in mapAlreadyAskedFor,
so a short message containing 10 invs would render that tx unavailable for 20
minutes.

This is fixed by disallowing a peer from having more than one entry for a
particular inv in mapAlreadyAskedFor at a time.

3 files changed, 6 insertions, 0 deletions

diff --git a/src/main.cpp b/src/main.cpp
index 2579b642b8..05dedb5631 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -5226,6 +5226,7 @@ bool SendMessages(CNode* pto, bool fSendTrickle)
                     vGetData.clear();
                 }
             }
+            pto->setAskFor.erase(inv.hash);
             pto->mapAskFor.erase(pto->mapAskFor.begin());
         }
         if (!vGetData.empty())
diff --git a/src/net.cpp b/src/net.cpp
index cff4c54505..04119e9ddd 100644
--- a/src/net.cpp
+++ b/src/net.cpp
@@ -2410,6 +2410,10 @@ void CNode::AskFor(const CInv& inv)
 {
     if (mapAskFor.size() > MAPASKFOR_MAX_SZ)
         return;
+    // a peer may not occupy multiple positions in an inv's request queue
+    if (!setAskFor.insert(inv.hash).second)
+        return;
+
     // We're using mapAskFor as a priority queue,
     // the key is the earliest time the request can be sent
     int64_t nRequestTime;
diff --git a/src/net.h b/src/net.h
index 559cdf0878..046811d54c 100644
--- a/src/net.h
+++ b/src/net.h
@@ -382,6 +382,7 @@ public:
     mruset<CInv> setInventoryKnown;
     std::vector<CInv> vInventoryToSend;
     CCriticalSection cs_inventory;
+    std::set<uint256> setAskFor;
     std::multimap<int64_t, CInv> mapAskFor;
 
     // Ping time measurement: