diff options
author | Gregory Maxwell <greg@xiph.org> | 2017-06-09 02:05:53 +0000 |
---|---|---|
committer | Gregory Maxwell <greg@xiph.org> | 2017-06-09 02:05:53 +0000 |
commit | bf376eaccc892afb7ded1a56819a72dd50a7a2c1 (patch) | |
tree | 55928b6d33c61034dbbce6e846f38653a41bf9cc | |
parent | 29f80cd230c38d7e424810e986c160ddba9b53ac (diff) |
Return early in IsBanned.
I am not aware of any reason that we'd try to stop a ban-list timing
side-channel and the prior code wouldn't be enough if we were.
-rw-r--r-- | src/net.cpp | 32 |
1 files changed, 14 insertions, 18 deletions
diff --git a/src/net.cpp b/src/net.cpp index 14ac5618eb..75d1719e86 100644 --- a/src/net.cpp +++ b/src/net.cpp @@ -469,35 +469,31 @@ void CConnman::ClearBanned() bool CConnman::IsBanned(CNetAddr ip) { - bool fResult = false; + LOCK(cs_setBanned); + for (banmap_t::iterator it = setBanned.begin(); it != setBanned.end(); it++) { - LOCK(cs_setBanned); - for (banmap_t::iterator it = setBanned.begin(); it != setBanned.end(); it++) - { - CSubNet subNet = (*it).first; - CBanEntry banEntry = (*it).second; + CSubNet subNet = (*it).first; + CBanEntry banEntry = (*it).second; - if(subNet.Match(ip) && GetTime() < banEntry.nBanUntil) - fResult = true; + if (subNet.Match(ip) && GetTime() < banEntry.nBanUntil) { + return true; } } - return fResult; + return false; } bool CConnman::IsBanned(CSubNet subnet) { - bool fResult = false; + LOCK(cs_setBanned); + banmap_t::iterator i = setBanned.find(subnet); + if (i != setBanned.end()) { - LOCK(cs_setBanned); - banmap_t::iterator i = setBanned.find(subnet); - if (i != setBanned.end()) - { - CBanEntry banEntry = (*i).second; - if (GetTime() < banEntry.nBanUntil) - fResult = true; + CBanEntry banEntry = (*i).second; + if (GetTime() < banEntry.nBanUntil) { + return true; } } - return fResult; + return false; } void CConnman::Ban(const CNetAddr& addr, const BanReason &banReason, int64_t bantimeoffset, bool sinceUnixEpoch) { |