diff options
| author | e0 <ethan.r.heilman@gmail.com> | 2018-03-06 18:26:29 -0500 |
|---|---|---|
| committer | e0 <ethan.r.heilman@gmail.com> | 2018-03-06 18:26:29 -0500 |
| commit | 46e7f800bd78aa4d4de5915b4a7e5a3234c507d6 (patch) | |
| tree | 7ec920effa2c47f24f9a17d6f4fb9a3f6f96e211 /src/net.cpp | |
| parent | b225010a808d475cbb53aeed484295f8dc8751c4 (diff) | |
Limit the number of IPs we use from each DNS seeder
A risk exists where a malicious DNS seeder eclipses a node by returning an enormous number of IP addresses. In this commit we mitigate this risk by limiting the number of IP addresses addrman learns to 256 per DNS seeder.
Diffstat (limited to 'src/net.cpp')
| -rw-r--r-- | src/net.cpp | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/net.cpp b/src/net.cpp index f7e6c300b1..33a60ac96e 100644 --- a/src/net.cpp +++ b/src/net.cpp @@ -1631,7 +1631,8 @@ void CConnman::ThreadDNSAddressSeed() if (!resolveSource.SetInternal(host)) { continue; } - if (LookupHost(host.c_str(), vIPs, 0, true)) + unsigned int nMaxIPs = 256; // Limits number of IPs learned from a DNS seed + if (LookupHost(host.c_str(), vIPs, nMaxIPs, true)) { for (const CNetAddr& ip : vIPs) { |