dash/blackcoin-more
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #2886 from gavinandresen/rpctiming

Browse Source 
Make RPC password resistant to timing attacks
This commit is contained in:
Gavin Andresen
2013-08-15 18:53:26 -07:00
parent 9be4cff5f6 42656ea2e5
commit a0bb001431
3 changed files with 27 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/bitcoinrpc.cpp
View File

@@ -476,7 +476,7 @@ bool HTTPAuthorized(map<string, string>& mapHeaders)
return false;
string strUserPass64 = strAuth.substr(6); boost::trim(strUserPass64);
string strUserPass = DecodeBase64(strUserPass64);
return strUserPass == strRPCUserColonPass;
return TimingResistantEqual(strUserPass, strRPCUserColonPass);
}
//