highperfocused/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2026-01-18 22:35:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

Make RPC password resistant to timing attacks

Browse Source 
Fixes issue#2838; this is a tweaked version of pull#2845 that
should not leak the length of the password and is more generic,
in case we run into other situations where we need
timing-attack-resistant comparisons.
This commit is contained in:
Gavin Andresen
2013-08-08 19:58:57 +10:00
parent 6cc766fa55
commit 42656ea2e5
3 changed files with 27 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/bitcoinrpc.cpp
View File

@@ -476,7 +476,7 @@ bool HTTPAuthorized(map<string, string>& mapHeaders)
return false;
string strUserPass64 = strAuth.substr(6); boost::trim(strUserPass64);
string strUserPass = DecodeBase64(strUserPass64);
return strUserPass == strRPCUserColonPass;
return TimingResistantEqual(strUserPass, strRPCUserColonPass);
}
//