aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregory Maxwell <greg@xiph.org>2017-06-09 02:05:53 +0000
committerGregory Maxwell <greg@xiph.org>2017-06-09 02:05:53 +0000
commitbf376eaccc892afb7ded1a56819a72dd50a7a2c1 (patch)
tree55928b6d33c61034dbbce6e846f38653a41bf9cc
parent29f80cd230c38d7e424810e986c160ddba9b53ac (diff)
Return early in IsBanned.
I am not aware of any reason that we'd try to stop a ban-list timing side-channel and the prior code wouldn't be enough if we were.
-rw-r--r--src/net.cpp32
1 files changed, 14 insertions, 18 deletions
diff --git a/src/net.cpp b/src/net.cpp
index 14ac5618eb..75d1719e86 100644
--- a/src/net.cpp
+++ b/src/net.cpp
@@ -469,35 +469,31 @@ void CConnman::ClearBanned()
bool CConnman::IsBanned(CNetAddr ip)
{
- bool fResult = false;
+ LOCK(cs_setBanned);
+ for (banmap_t::iterator it = setBanned.begin(); it != setBanned.end(); it++)
{
- LOCK(cs_setBanned);
- for (banmap_t::iterator it = setBanned.begin(); it != setBanned.end(); it++)
- {
- CSubNet subNet = (*it).first;
- CBanEntry banEntry = (*it).second;
+ CSubNet subNet = (*it).first;
+ CBanEntry banEntry = (*it).second;
- if(subNet.Match(ip) && GetTime() < banEntry.nBanUntil)
- fResult = true;
+ if (subNet.Match(ip) && GetTime() < banEntry.nBanUntil) {
+ return true;
}
}
- return fResult;
+ return false;
}
bool CConnman::IsBanned(CSubNet subnet)
{
- bool fResult = false;
+ LOCK(cs_setBanned);
+ banmap_t::iterator i = setBanned.find(subnet);
+ if (i != setBanned.end())
{
- LOCK(cs_setBanned);
- banmap_t::iterator i = setBanned.find(subnet);
- if (i != setBanned.end())
- {
- CBanEntry banEntry = (*i).second;
- if (GetTime() < banEntry.nBanUntil)
- fResult = true;
+ CBanEntry banEntry = (*i).second;
+ if (GetTime() < banEntry.nBanUntil) {
+ return true;
}
}
- return fResult;
+ return false;
}
void CConnman::Ban(const CNetAddr& addr, const BanReason &banReason, int64_t bantimeoffset, bool sinceUnixEpoch) {