highperfocused/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-06-30 10:42:23 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4728 from laanwj/2014_08_rpcserver_password_delay

Browse Source 
Don't reveal whether password is <20 or >20 characters in RPC
This commit is contained in:
Gavin Andresen
2014-08-19 13:32:40 -04:00
parent fb11427e54 01094bd01f
commit 10dcbc1be0
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/rpcserver.cpp
View File

@ -849,11 +849,10 @@ static bool HTTPReq_JSONRPC(AcceptedConnection *conn,
if (!HTTPAuthorized(mapHeaders)) if (!HTTPAuthorized(mapHeaders))
{ {
LogPrintf("ThreadRPCServer incorrect password attempt from %s\n", conn->peer_address_to_string()); LogPrintf("ThreadRPCServer incorrect password attempt from %s\n", conn->peer_address_to_string());
/* Deter brute-forcing short passwords. /* Deter brute-forcing
If this results in a DoS the user really If this results in a DoS the user really
shouldn't have their RPC port exposed. */ shouldn't have their RPC port exposed. */
if (mapArgs["-rpcpassword"].size() < 20) MilliSleep(250);
MilliSleep(250);
conn->stream() << HTTPError(HTTP_UNAUTHORIZED, false) << std::flush; conn->stream() << HTTPError(HTTP_UNAUTHORIZED, false) << std::flush;
return false; return false;