Mitigate Timing Attacks On Basic RPC Authorization

[novacoin.git] / src / bitcoinrpc.cpp

diff --git a/src/bitcoinrpc.cpp b/src/bitcoinrpc.cpp
index d9ed3ac..645fa97 100644 (file)
--- a/src/bitcoinrpc.cpp
+++ b/src/bitcoinrpc.cpp
@@ -490,7 +490,7 @@ bool HTTPAuthorized(map<string, string>& mapHeaders)
         return false;
     string strUserPass64 = strAuth.substr(6); boost::trim(strUserPass64);
     string strUserPass = DecodeBase64(strUserPass64);
-    return strUserPass == strRPCUserColonPass;
+    return TimingResistantEqual(strUserPass, strRPCUserColonPass);
 }
 
 //