Browse Source

Return early in IsBanned.

I am not aware of any reason that we'd try to stop a ban-list timing
 side-channel and the prior code wouldn't be enough if we were.
0.15
Gregory Maxwell 8 years ago
parent
commit
bf376eaccc
  1. 32
      src/net.cpp

32
src/net.cpp

@ -469,35 +469,31 @@ void CConnman::ClearBanned() @@ -469,35 +469,31 @@ void CConnman::ClearBanned()
bool CConnman::IsBanned(CNetAddr ip)
{
bool fResult = false;
LOCK(cs_setBanned);
for (banmap_t::iterator it = setBanned.begin(); it != setBanned.end(); it++)
{
LOCK(cs_setBanned);
for (banmap_t::iterator it = setBanned.begin(); it != setBanned.end(); it++)
{
CSubNet subNet = (*it).first;
CBanEntry banEntry = (*it).second;
CSubNet subNet = (*it).first;
CBanEntry banEntry = (*it).second;
if(subNet.Match(ip) && GetTime() < banEntry.nBanUntil)
fResult = true;
if (subNet.Match(ip) && GetTime() < banEntry.nBanUntil) {
return true;
}
}
return fResult;
return false;
}
bool CConnman::IsBanned(CSubNet subnet)
{
bool fResult = false;
LOCK(cs_setBanned);
banmap_t::iterator i = setBanned.find(subnet);
if (i != setBanned.end())
{
LOCK(cs_setBanned);
banmap_t::iterator i = setBanned.find(subnet);
if (i != setBanned.end())
{
CBanEntry banEntry = (*i).second;
if (GetTime() < banEntry.nBanUntil)
fResult = true;
CBanEntry banEntry = (*i).second;
if (GetTime() < banEntry.nBanUntil) {
return true;
}
}
return fResult;
return false;
}
void CConnman::Ban(const CNetAddr& addr, const BanReason &banReason, int64_t bantimeoffset, bool sinceUnixEpoch) {

Loading…
Cancel
Save