From 474e4c00f0813070de4b85abc6c58ef5fe395df1 Mon Sep 17 00:00:00 2001
From: moneromooo-monero <moneromooo-monero@users.noreply.github.com>
Date: Sat, 12 Mar 2016 13:44:34 +0000
Subject: [PATCH 1/2] p2p: lock access to the blocked ips map

---
 src/p2p/net_node.h        | 2 +-
 src/p2p/net_node_common.h | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/p2p/net_node.h b/src/p2p/net_node.h
index 260dd813..5943c248 100644
--- a/src/p2p/net_node.h
+++ b/src/p2p/net_node.h
@@ -120,7 +120,7 @@ namespace nodetool
     void delete_connections(size_t count);
     virtual bool block_ip(uint32_t adress, time_t seconds = P2P_IP_BLOCKTIME);
     virtual bool unblock_ip(uint32_t address);
-    virtual std::map<uint32_t, time_t> get_blocked_ips() const { return m_blocked_ips; }
+    virtual std::map<uint32_t, time_t> get_blocked_ips() { CRITICAL_REGION_LOCAL(m_blocked_ips_lock); return m_blocked_ips; }
   private:
     const std::vector<std::string> m_seed_nodes_list =
     { "seeds.moneroseeds.se"
diff --git a/src/p2p/net_node_common.h b/src/p2p/net_node_common.h
index 68b0bd1e..5e764536 100644
--- a/src/p2p/net_node_common.h
+++ b/src/p2p/net_node_common.h
@@ -52,7 +52,7 @@ namespace nodetool
     virtual void for_each_connection(std::function<bool(t_connection_context&, peerid_type)> f)=0;
     virtual bool block_ip(uint32_t adress, time_t seconds = 0)=0;
     virtual bool unblock_ip(uint32_t adress)=0;
-    virtual std::map<uint32_t, time_t> get_blocked_ips()const=0;
+    virtual std::map<uint32_t, time_t> get_blocked_ips()=0;
     virtual bool add_ip_fail(uint32_t adress)=0;
   };
 
@@ -96,7 +96,7 @@ namespace nodetool
     {
       return true;
     }
-    virtual std::map<uint32_t, time_t> get_blocked_ips() const
+    virtual std::map<uint32_t, time_t> get_blocked_ips()
     {
       return std::map<uint32_t, time_t>();
     }

From 789e2755f75dbd2b297b3588404f283568cd8eec Mon Sep 17 00:00:00 2001
From: moneromooo-monero <moneromooo-monero@users.noreply.github.com>
Date: Sat, 12 Mar 2016 13:44:55 +0000
Subject: [PATCH 2/2] rpc: do not return bans if they're effectively spent

The blocked ip list will still hold them till next time
a connection attempt is made with that IP, so the effective
length of the ban may be negative.
---
 src/rpc/core_rpc_server.cpp | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/rpc/core_rpc_server.cpp b/src/rpc/core_rpc_server.cpp
index 3ce4e600..d9419b2b 100644
--- a/src/rpc/core_rpc_server.cpp
+++ b/src/rpc/core_rpc_server.cpp
@@ -950,13 +950,16 @@ namespace cryptonote
       return false;
     }
 
+    auto now = time(nullptr);
     std::map<uint32_t, time_t> blocked_ips = m_p2p.get_blocked_ips();
     for (std::map<uint32_t, time_t>::const_iterator i = blocked_ips.begin(); i != blocked_ips.end(); ++i)
     {
-      COMMAND_RPC_GETBANS::ban b;
-      b.ip = i->first;
-      b.seconds = i->second;
-      res.bans.push_back(b);
+      if (i->second > now) {
+        COMMAND_RPC_GETBANS::ban b;
+        b.ip = i->first;
+        b.seconds = i->second - now;
+        res.bans.push_back(b);
+      }
     }
 
     res.status = CORE_RPC_STATUS_OK;