From ce8cd7a7da9174ab151172fc0ce97b5164637cf3 Mon Sep 17 00:00:00 2001 From: Suhas Daftuar Date: Fri, 6 Oct 2017 14:11:43 -0400 Subject: [PATCH] Don't process unrequested, low-work blocks A peer could try to waste our resources by sending us unrequested blocks with low work, eg to fill up our disk. Since e2652002b6011f793185d473f87f1730c625593b we no longer request blocks until we know we're on a chain with more than nMinimumChainWork (our anti-DoS threshold), but we would still process unrequested blocks that had more work than our tip. This commit fixes that behavior. --- src/validation.cpp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/validation.cpp b/src/validation.cpp index d19521bd3..866e0c9fb 100644 --- a/src/validation.cpp +++ b/src/validation.cpp @@ -3135,6 +3135,12 @@ static bool AcceptBlock(const std::shared_ptr& pblock, CValidation if (pindex->nTx != 0) return true; // This is a previously-processed block that was pruned if (!fHasMoreWork) return true; // Don't process less-work chains if (fTooFarAhead) return true; // Block height is too high + + // Protect against DoS attacks from low-work chains. + // If our tip is behind, a peer could try to send us + // low-work blocks on a fake chain that we would never + // request; don't process these. + if (pindex->nChainWork < nMinimumChainWork) return true; } if (fNewBlock) *fNewBlock = true;