aboutsummaryrefslogtreecommitdiff
path: root/src/modules/m_httpd_acl.cpp
diff options
context:
space:
mode:
authorGravatar Sadie Powell2021-08-19 11:48:44 +0100
committerGravatar Sadie Powell2021-08-19 11:53:06 +0100
commit49bce18d04c4002c6b2f0be1ce299bdb9c801319 (patch)
tree81999d99a6a9600b21a43b0b5184af0870b49fb0 /src/modules/m_httpd_acl.cpp
parentRemove a bunch of unnecessary whitespace. (diff)
parentUse timing safe comparisons for the httpd_acl username and password. (diff)
Merge branch 'insp3' into master.
Diffstat (limited to 'src/modules/m_httpd_acl.cpp')
-rw-r--r--src/modules/m_httpd_acl.cpp2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/modules/m_httpd_acl.cpp b/src/modules/m_httpd_acl.cpp
index bad5ad2f0..7af591322 100644
--- a/src/modules/m_httpd_acl.cpp
+++ b/src/modules/m_httpd_acl.cpp
@@ -193,7 +193,7 @@ class ModuleHTTPAccessList : public Module, public HTTPACLEventListener
userpasspair.GetToken(pass);
/* Access granted if username and password are correct */
- if (user == acl.username && pass == acl.password)
+ if (InspIRCd::TimingSafeCompare(user, acl.username) && InspIRCd::TimingSafeCompare(pass, acl.password))
{
ServerInstance->Logs.Log(MODNAME, LOG_DEBUG, "HTTP authorization: password and username match");
return true;