pub const MAX_BLOCK_LOCATOR_LENGTH: u64 = 101;Expand description
The maximum number of block::Hash entries Zebra will preallocate for in
a single peer-deserialized vector.
In the P2P protocol, Vec<block::Hash> appears as the known_blocks block
locator in getblocks and getheaders messages. The Bitcoin/Zcash
convention encodes locators with exponentially-spaced heights (1, 2, 3, …,
10, 20, 40, …, genesis), giving ~log2(N) + 10 entries for chain length N.
For current Zcash chain heights (~3M blocks) a legitimate locator has ~32
entries.
We cap at 101 to match Bitcoin Core’s MAX_LOCATOR_SZ constant
(net_processing.cpp), which zcashd inherits. This avoids any risk of
rejecting legitimate locators sent by compatible nodes that follow the
existing Bitcoin/Zcash protocol convention.
Without this cap, Hash::max_allocation was previously derived from
MAX_PROTOCOL_MESSAGE_LEN / 32 = 65,535, which allowed a remote peer to
force ~2 MiB heap preallocation per crafted getblocks/getheaders message
before any payload was read. This is the same class as
GHSA-xr93-pcq3-pxf8 (addr_limit), fixed for AddrV1/V2 in PR #10494.