diff options
| author | Gavin Andresen <[email protected]> | 2013-08-15 18:53:26 -0700 |
|---|---|---|
| committer | Gavin Andresen <[email protected]> | 2013-08-15 18:53:26 -0700 |
| commit | a0bb0014312a558432a5192540f4a6c796559ea0 (patch) | |
| tree | b195096cdb4cda507f7b818208fada62e0537378 /src/bitcoinrpc.cpp | |
| parent | Merge pull request #2876 from sipa/fixreorgcrash (diff) | |
| parent | Make RPC password resistant to timing attacks (diff) | |
| download | discoin-a0bb0014312a558432a5192540f4a6c796559ea0.tar.xz discoin-a0bb0014312a558432a5192540f4a6c796559ea0.zip | |
Merge pull request #2886 from gavinandresen/rpctiming
Make RPC password resistant to timing attacks
Diffstat (limited to 'src/bitcoinrpc.cpp')
| -rw-r--r-- | src/bitcoinrpc.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/bitcoinrpc.cpp b/src/bitcoinrpc.cpp index a14f5e706..d22809ce6 100644 --- a/src/bitcoinrpc.cpp +++ b/src/bitcoinrpc.cpp @@ -476,7 +476,7 @@ bool HTTPAuthorized(map<string, string>& mapHeaders) return false; string strUserPass64 = strAuth.substr(6); boost::trim(strUserPass64); string strUserPass = DecodeBase64(strUserPass64); - return strUserPass == strRPCUserColonPass; + return TimingResistantEqual(strUserPass, strRPCUserColonPass); } // |