Missing flood protection check for number of message IDs when handling Ihave
messages
#560
+8
−2
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
After looking at the gossipsub
Iwant
/Ihave
handlers, I realised that there is a missing spam prevention check when opening theIhave
messages from a receivedControlMessage
.To give some context, the spec defines that each Ihave message should have an upper limit of aggregated message IDs, which in this go implementation is defined by
maxMessageLength = 5_000
message IDs per Ihave and topic, asIhave
messages can be aggregated in a single RPC call.This spam check is already done at the moment of emitting the Gossips. However, I can't see a similar check at the moment of handling each of the message IDs within the
Ihave
messages.We do checked that the remote peer stayed within the number of
Ihave
messages, and that we didn't exceed the message ID count for asked messages, but it doesn't check anything related to the size of the array of message IDs per each topic I have.This PR adds that missing spam protection step, ensuring that we only read the first
maxMessageLength
messages of eachIhave
as @MarcoPolo suggested.Let me know if there is anything else that should be added or modified.