Merge #12626: Limit the number of IPs addrman learns from each DNS seeder

46e7f800b Limit the number of IPs we use from each DNS seeder (e0) Pull request description: A risk exists where a malicious DNS seeder eclipses a node by returning an enormous number of IP addresses. In this commit we mitigate this risk by limiting the number of IP addresses addrman learns to 256 per DNS seeder. As discussed with @theuni Tree-SHA512: 949e870765b1470200f2c650341d9e3308a973a7d1a6e557b944b0a2b8ccda49226fc8c4ff7d2a05e5854c4014ec0b67e37a3f2287556fe7dfa2048ede1f2e6f
author: Wladimir J. van der Laan <laanwj@gmail.com> 2018-03-07 17:40:32 +0100
committer: Wladimir J. van der Laan <laanwj@gmail.com> 2018-03-07 17:43:35 +0100
commit: efa18a230d48745d9b357bf026592163716ffd7e (patch)
tree: 6b95380b17ff3c1a5767da57b350659ad6f817f2
parent: 842f61a675db014b3226c78d68a87b2de633d28c (diff)
parent: 46e7f800bd78aa4d4de5915b4a7e5a3234c507d6 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/src/net.cpp b/src/net.cpp
index f7e6c300b1..33a60ac96e 100644
--- a/src/net.cpp
+++ b/src/net.cpp
@@ -1631,7 +1631,8 @@ void CConnman::ThreadDNSAddressSeed()
             if (!resolveSource.SetInternal(host)) {
                 continue;
             }
-            if (LookupHost(host.c_str(), vIPs, 0, true))
+            unsigned int nMaxIPs = 256; // Limits number of IPs learned from a DNS seed
+            if (LookupHost(host.c_str(), vIPs, nMaxIPs, true))
             {
                 for (const CNetAddr& ip : vIPs)
                 {
author	Wladimir J. van der Laan <laanwj@gmail.com>	2018-03-07 17:40:32 +0100
committer	Wladimir J. van der Laan <laanwj@gmail.com>	2018-03-07 17:43:35 +0100
commit	efa18a230d48745d9b357bf026592163716ffd7e (patch)
tree	6b95380b17ff3c1a5767da57b350659ad6f817f2
parent	842f61a675db014b3226c78d68a87b2de633d28c (diff)
parent	46e7f800bd78aa4d4de5915b4a7e5a3234c507d6 (diff)