Do not send (potentially) invalid headers in response to getheaders #11580
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
promag
reviewed
Oct 30, 2017
src/net_processing.cpp
Outdated
| @@ -1986,8 +1982,7 @@ bool static ProcessMessage(CNode* pfrom, const std::string& strCommand, CDataStr | |||
| return true; | |||
| pindex = (*mi).second; | |||
|
|
|||
| if (!chainActive.Contains(pindex) && | |||
| !StaleBlockRequestAllowed(pindex, chainparams.GetConsensus())) { | |||
| if (!StaleBlockRequestAllowed(pindex, chainparams.GetConsensus())) { | |||
There was a problem hiding this comment.
So it was missing IsValid(BLOCK_VALID_SCRIPTS) here?
There was a problem hiding this comment.
"Missing" is a strong word given there isn't exactly a spec for the P2P protocol, but, yes, I'd say it should be there.
There was a problem hiding this comment.
Meh, dont think it matters too much.
jimpo
reviewed
Oct 30, 2017
src/net_processing.cpp
Outdated
| @@ -759,7 +759,8 @@ void Misbehaving(NodeId pnode, int howmuch) | |||
| static bool StaleBlockRequestAllowed(const CBlockIndex* pindex, const Consensus::Params& consensusParams) | |||
| { | |||
| AssertLockHeld(cs_main); | |||
| return (pindexBestHeader != nullptr) && | |||
| if (chainActive.Contains(pindex)) return true; | |||
There was a problem hiding this comment.
Now that this function is expected to accept main chain blocks, maybe change the function name to BlockRequestAllowed?
| @@ -759,7 +759,8 @@ void Misbehaving(NodeId pnode, int howmuch) | |||
| static bool StaleBlockRequestAllowed(const CBlockIndex* pindex, const Consensus::Params& consensusParams) | |||
| { | |||
| AssertLockHeld(cs_main); | |||
| return (pindexBestHeader != nullptr) && | |||
| if (chainActive.Contains(pindex)) return true; | |||
| return pindex->IsValid(BLOCK_VALID_SCRIPTS) && (pindexBestHeader != nullptr) && | |||
There was a problem hiding this comment.
Update the function comment to describe this condition.
Nowhere else in the protocol do we send headers which are for blocks we have not fully validated except in response to getheaders messages with a null locator. On my public node I have not seen any such request (whether for an invalid block or not) in at least two years of debug.log output, indicating that this should have minimal impact.
TheBlueMatt
force-pushed
the
2017-10-getheaders-valid-only
branch
2 times, most recently
from
7344795
to
3788a84
Compare
|
Addressed @jimpo's comments. |
|
utACK |
|
Thanks @ryanofsky! |
|
utACK 725b79a, thanks for adding the test @ryanofsky |
laanwj
added a commit
that referenced
this pull request
Nov 9, 2017
…o getheaders 725b79a [test] Verify node doesn't send headers that haven't been fully validated (Russell Yanofsky) 3788a84 Do not send (potentially) invalid headers in response to getheaders (Matt Corallo) Pull request description: Nowhere else in the protocol do we send headers which are for blocks we have not fully validated except in response to getheaders messages with a null locator. On my public node I have not seen any such request (whether for an invalid block or not) in at least two years of debug.log output, indicating that this should have minimal impact. Tree-SHA512: c1f6e0cdcdfb78ea577d555f9b3ceb1b4b60eff4f6cf313bfd8b576c9562d797bea73abc23f7011f249ae36dd539c715f3d20487ac03ace60e84e1b77c0c1e1a
laanwj
added a commit
that referenced
this pull request
Dec 11, 2017
…g entries be9f38c Do not make it trivial for inbound peers to generate log entries (Matt Corallo) Pull request description: Based on #11580 because I'm lazy. We should generally avoid writing to debug.log unconditionally for inbound peers which misbehave (the peer being about to be banned being an exception, since they cannot do this twice). Tree-SHA512: 8e59c8d08d00b1527951b30f4842d010a4c2fc440503ade112baa2c1b9afd0e0d1c5c2df83dde25183a242af45089cf9b9f873b71796771232ffb6c5fc6cc0cc
codablock
pushed a commit
to codablock/dash
that referenced
this pull request
Mar 12, 2019
…ponse to getheaders 725b79a [test] Verify node doesn't send headers that haven't been fully validated (Russell Yanofsky) 3788a84 Do not send (potentially) invalid headers in response to getheaders (Matt Corallo) Pull request description: Nowhere else in the protocol do we send headers which are for blocks we have not fully validated except in response to getheaders messages with a null locator. On my public node I have not seen any such request (whether for an invalid block or not) in at least two years of debug.log output, indicating that this should have minimal impact. Tree-SHA512: c1f6e0cdcdfb78ea577d555f9b3ceb1b4b60eff4f6cf313bfd8b576c9562d797bea73abc23f7011f249ae36dd539c715f3d20487ac03ace60e84e1b77c0c1e1a
codablock
pushed a commit
to codablock/dash
that referenced
this pull request
Mar 12, 2019
…ponse to getheaders 725b79a [test] Verify node doesn't send headers that haven't been fully validated (Russell Yanofsky) 3788a84 Do not send (potentially) invalid headers in response to getheaders (Matt Corallo) Pull request description: Nowhere else in the protocol do we send headers which are for blocks we have not fully validated except in response to getheaders messages with a null locator. On my public node I have not seen any such request (whether for an invalid block or not) in at least two years of debug.log output, indicating that this should have minimal impact. Tree-SHA512: c1f6e0cdcdfb78ea577d555f9b3ceb1b4b60eff4f6cf313bfd8b576c9562d797bea73abc23f7011f249ae36dd539c715f3d20487ac03ace60e84e1b77c0c1e1a
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Jan 26, 2020
…rate log entries be9f38c Do not make it trivial for inbound peers to generate log entries (Matt Corallo) Pull request description: Based on bitcoin#11580 because I'm lazy. We should generally avoid writing to debug.log unconditionally for inbound peers which misbehave (the peer being about to be banned being an exception, since they cannot do this twice). Tree-SHA512: 8e59c8d08d00b1527951b30f4842d010a4c2fc440503ade112baa2c1b9afd0e0d1c5c2df83dde25183a242af45089cf9b9f873b71796771232ffb6c5fc6cc0cc
gades
pushed a commit
to cosanta/cosanta-core
that referenced
this pull request
Jun 30, 2021
…rate log entries be9f38c Do not make it trivial for inbound peers to generate log entries (Matt Corallo) Pull request description: Based on bitcoin#11580 because I'm lazy. We should generally avoid writing to debug.log unconditionally for inbound peers which misbehave (the peer being about to be banned being an exception, since they cannot do this twice). Tree-SHA512: 8e59c8d08d00b1527951b30f4842d010a4c2fc440503ade112baa2c1b9afd0e0d1c5c2df83dde25183a242af45089cf9b9f873b71796771232ffb6c5fc6cc0cc
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Nowhere else in the protocol do we send headers which are for
blocks we have not fully validated except in response to getheaders
messages with a null locator. On my public node I have not seen any
such request (whether for an invalid block or not) in at least two
years of debug.log output, indicating that this should have minimal
impact.