From f60e84dba4723bc658ecc70f8b17db2619eb7e20 Mon Sep 17 00:00:00 2001
From: e0 <ethan.r.heilman@gmail.com>
Date: Tue, 6 Mar 2018 18:26:29 -0500
Subject: [PATCH] Limit the number of IPs we use from each DNS seeder

A risk exists where a malicious DNS seeder eclipses a node by returning an enormous number of IP addresses. In this commit we mitigate this risk by limiting the number of IP addresses addrman learns to 256 per DNS seeder.

GitHub-Pull: #12626
Rebased-From: 46e7f80
---
 src/net.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/net.cpp b/src/net.cpp
index 5f4c0eecab5..ff68b182f06 100644
--- a/src/net.cpp
+++ b/src/net.cpp
@@ -1619,7 +1619,8 @@ void CConnman::ThreadDNSAddressSeed()
             if (!resolveSource.SetInternal(host)) {
                 continue;
             }
-            if (LookupHost(host.c_str(), vIPs, 0, true))
+            unsigned int nMaxIPs = 256; // Limits number of IPs learned from a DNS seed
+            if (LookupHost(host.c_str(), vIPs, nMaxIPs, true))
             {
                 for (const CNetAddr& ip : vIPs)
                 {