git://git.novaco.in
/
novacoin.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
Mitigate Timing Attacks On Basic RPC Authorization
[novacoin.git]
/
src
/
bitcoinrpc.cpp
diff --git
a/src/bitcoinrpc.cpp
b/src/bitcoinrpc.cpp
index
d9ed3ac
..
645fa97
100644
(file)
--- a/
src/bitcoinrpc.cpp
+++ b/
src/bitcoinrpc.cpp
@@
-490,7
+490,7
@@
bool HTTPAuthorized(map<string, string>& mapHeaders)
return false;
string strUserPass64 = strAuth.substr(6); boost::trim(strUserPass64);
string strUserPass = DecodeBase64(strUserPass64);
- return strUserPass == strRPCUserColonPass;
+ return TimingResistantEqual(strUserPass, strRPCUserColonPass);
}
//