Merge pull request #689 from whitj00/patch-4

New issue Don't reveal whether password is <20 or >20 characters in RPC
2014-08-31 18:33:13 +02:00 · 2014-08-31 18:33:13 +02:00 · ba4e0d315c
parent 0431ed5881 ef119aad68
commit ba4e0d315c
1 changed files with 2 additions and 3 deletions
--- a/src/rpcserver.cpp
+++ b/src/rpcserver.cpp
@ -827,11 +827,10 @@ void ServiceConnection(AcceptedConnection *conn)
        if (!HTTPAuthorized(mapHeaders))
        {
            LogPrintf("ThreadRPCServer incorrect password attempt from %s\n", conn->peer_address_to_string());
-            /* Deter brute-forcing short passwords.
+            /* Deter brute-forcing
               If this results in a DoS the user really
               shouldn't have their RPC port exposed. */
-            if (mapArgs["-rpcpassword"].size() < 20)
-                MilliSleep(250);
+            MilliSleep(250);

            conn->stream() << HTTPReply(HTTP_UNAUTHORIZED, "", false) << std::flush;
            break;