Merge pull request #2886 from gavinandresen/rpctiming

Make RPC password resistant to timing attacks
author: Gavin Andresen <gavinandresen@gmail.com> 2013-08-15 18:53:26 -0700
committer: Gavin Andresen <gavinandresen@gmail.com> 2013-08-15 18:53:26 -0700
commit: a0bb0014312a558432a5192540f4a6c796559ea0 (patch)
tree: b195096cdb4cda507f7b818208fada62e0537378 /src/bitcoinrpc.cpp
parent: 9be4cff5f683d8d4b151a76c598e22e22ba63049 (diff)
parent: 42656ea2e552b027e174fdceab7348ffcb8245c4 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/bitcoinrpc.cpp b/src/bitcoinrpc.cpp
index a14f5e7060..d22809ce69 100644
--- a/src/bitcoinrpc.cpp
+++ b/src/bitcoinrpc.cpp
@@ -476,7 +476,7 @@ bool HTTPAuthorized(map<string, string>& mapHeaders)
         return false;
     string strUserPass64 = strAuth.substr(6); boost::trim(strUserPass64);
     string strUserPass = DecodeBase64(strUserPass64);
-    return strUserPass == strRPCUserColonPass;
+    return TimingResistantEqual(strUserPass, strRPCUserColonPass);
 }
 
 //
author	Gavin Andresen <gavinandresen@gmail.com>	2013-08-15 18:53:26 -0700
committer	Gavin Andresen <gavinandresen@gmail.com>	2013-08-15 18:53:26 -0700
commit	a0bb0014312a558432a5192540f4a6c796559ea0 (patch)
tree	b195096cdb4cda507f7b818208fada62e0537378 /src/bitcoinrpc.cpp
parent	9be4cff5f683d8d4b151a76c598e22e22ba63049 (diff)
parent	42656ea2e552b027e174fdceab7348ffcb8245c4 (diff)