Missing flood protection check for number of message IDs when handlin…

…g `Ihave` messages (#560) * check msgIDs in Ihave per topic * remove coments as suggested
libp2p · Jun 27, 2024 · 8e498e9 · 8e498e9
1 parent dbd1c9e
commit 8e498e9
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/gossipsub.go b/gossipsub.go
@@ -688,7 +688,6 @@ func (gs *GossipSubRouter) handleIHave(p peer.ID, ctl *pb.ControlMessage) []*pb.
 		log.Debugf("IHAVE: peer %s has advertised too many times (%d) within this heartbeat interval; ignoring", p, gs.peerhave[p])
 		return nil
 	}
-
 	if gs.iasked[p] >= gs.params.MaxIHaveLength {
 		log.Debugf("IHAVE: peer %s has already advertised too many messages (%d); ignoring", p, gs.iasked[p])
 		return nil
@@ -706,7 +705,14 @@ func (gs *GossipSubRouter) handleIHave(p peer.ID, ctl *pb.ControlMessage) []*pb.
 			continue
 		}
 
-		for _, mid := range ihave.GetMessageIDs() {
+	checkIwantMsgsLoop:
+		for msgIdx, mid := range ihave.GetMessageIDs() {
+			// prevent remote peer from sending too many msg_ids on a single IHAVE message
+			if msgIdx >= gs.params.MaxIHaveLength {
+				log.Debugf("IHAVE: peer %s has sent IHAVE on topic %s with too many messages (%d); ignoring remaining msgs", p, topic, len(ihave.MessageIDs))
+				break checkIwantMsgsLoop
+			}
+
 			if gs.p.seenMessage(mid) {
 				continue
 			}