Browse Source

Return early in IsBanned.

I am not aware of any reason that we'd try to stop a ban-list timing
 side-channel and the prior code wouldn't be enough if we were.
0.15
Gregory Maxwell 8 years ago
parent
commit
bf376eaccc
  1. 32
      src/net.cpp

32
src/net.cpp

@ -469,35 +469,31 @@ void CConnman::ClearBanned()
bool CConnman::IsBanned(CNetAddr ip) bool CConnman::IsBanned(CNetAddr ip)
{ {
bool fResult = false; LOCK(cs_setBanned);
for (banmap_t::iterator it = setBanned.begin(); it != setBanned.end(); it++)
{ {
LOCK(cs_setBanned); CSubNet subNet = (*it).first;
for (banmap_t::iterator it = setBanned.begin(); it != setBanned.end(); it++) CBanEntry banEntry = (*it).second;
{
CSubNet subNet = (*it).first;
CBanEntry banEntry = (*it).second;
if(subNet.Match(ip) && GetTime() < banEntry.nBanUntil) if (subNet.Match(ip) && GetTime() < banEntry.nBanUntil) {
fResult = true; return true;
} }
} }
return fResult; return false;
} }
bool CConnman::IsBanned(CSubNet subnet) bool CConnman::IsBanned(CSubNet subnet)
{ {
bool fResult = false; LOCK(cs_setBanned);
banmap_t::iterator i = setBanned.find(subnet);
if (i != setBanned.end())
{ {
LOCK(cs_setBanned); CBanEntry banEntry = (*i).second;
banmap_t::iterator i = setBanned.find(subnet); if (GetTime() < banEntry.nBanUntil) {
if (i != setBanned.end()) return true;
{
CBanEntry banEntry = (*i).second;
if (GetTime() < banEntry.nBanUntil)
fResult = true;
} }
} }
return fResult; return false;
} }
void CConnman::Ban(const CNetAddr& addr, const BanReason &banReason, int64_t bantimeoffset, bool sinceUnixEpoch) { void CConnman::Ban(const CNetAddr& addr, const BanReason &banReason, int64_t bantimeoffset, bool sinceUnixEpoch) {

Loading…
Cancel
Save