Merge pull request #4728 from laanwj/2014_08_rpcserver_password_delay

Don't reveal whether password is <20 or >20 characters in RPC
author: Gavin Andresen <gavinandresen@gmail.com> 2014-08-19 13:32:40 -0400
committer: Gavin Andresen <gavinandresen@gmail.com> 2014-08-19 13:32:40 -0400
commit: 10dcbc1be0d3e81853b6106510480ee43d87db29 (patch)
tree: 31d660a434132d4b5d93d70fe0a2376f908b2f3e /src
parent: fb11427e54a787c26b48ebe192868d3aec16f80c (diff)
parent: 01094bd01f5d999b7da698c0e655cf723afa8ebb (diff)
download: bitcoin-10dcbc1be0d3e81853b6106510480ee43d87db29.tar.xz
1 files changed, 2 insertions, 3 deletions
diff --git a/src/rpcserver.cpp b/src/rpcserver.cpp
index 3b51c91e7c..524627e2de 100644
--- a/src/rpcserver.cpp
+++ b/src/rpcserver.cpp
@@ -849,11 +849,10 @@ static bool HTTPReq_JSONRPC(AcceptedConnection *conn,
     if (!HTTPAuthorized(mapHeaders))
     {
         LogPrintf("ThreadRPCServer incorrect password attempt from %s\n", conn->peer_address_to_string());
-        /* Deter brute-forcing short passwords.
+        /* Deter brute-forcing
            If this results in a DoS the user really
            shouldn't have their RPC port exposed. */
-        if (mapArgs["-rpcpassword"].size() < 20)
-            MilliSleep(250);
+        MilliSleep(250);
 
         conn->stream() << HTTPError(HTTP_UNAUTHORIZED, false) << std::flush;
         return false;
author	Gavin Andresen <gavinandresen@gmail.com>	2014-08-19 13:32:40 -0400
committer	Gavin Andresen <gavinandresen@gmail.com>	2014-08-19 13:32:40 -0400
commit	10dcbc1be0d3e81853b6106510480ee43d87db29 (patch)
tree	31d660a434132d4b5d93d70fe0a2376f908b2f3e /src
parent	fb11427e54a787c26b48ebe192868d3aec16f80c (diff)
parent	01094bd01f5d999b7da698c0e655cf723afa8ebb (diff)
download	bitcoin-10dcbc1be0d3e81853b6106510480ee43d87db29.tar.xz