diff options
| author | 2021-08-19 11:48:44 +0100 | |
|---|---|---|
| committer | 2021-08-19 11:53:06 +0100 | |
| commit | 49bce18d04c4002c6b2f0be1ce299bdb9c801319 (patch) | |
| tree | 81999d99a6a9600b21a43b0b5184af0870b49fb0 /src/modules/m_httpd_acl.cpp | |
| parent | Remove a bunch of unnecessary whitespace. (diff) | |
| parent | Use timing safe comparisons for the httpd_acl username and password. (diff) | |
Merge branch 'insp3' into master.
Diffstat (limited to 'src/modules/m_httpd_acl.cpp')
| -rw-r--r-- | src/modules/m_httpd_acl.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/modules/m_httpd_acl.cpp b/src/modules/m_httpd_acl.cpp index bad5ad2f0..7af591322 100644 --- a/src/modules/m_httpd_acl.cpp +++ b/src/modules/m_httpd_acl.cpp @@ -193,7 +193,7 @@ class ModuleHTTPAccessList : public Module, public HTTPACLEventListener userpasspair.GetToken(pass); /* Access granted if username and password are correct */ - if (user == acl.username && pass == acl.password) + if (InspIRCd::TimingSafeCompare(user, acl.username) && InspIRCd::TimingSafeCompare(pass, acl.password)) { ServerInstance->Logs.Log(MODNAME, LOG_DEBUG, "HTTP authorization: password and username match"); return true; |
