mirror of
https://github.com/qbittorrent/qBittorrent
synced 2025-07-16 02:03:07 -07:00
WEBUI: Protect against timing attacks. Closes #2108.
This commit is contained in:
sledgehammer999
parent
09ab5c37ce
commit
6f14b34470
3 changed files with 22 additions and 1 deletions
14
src/misc.cpp
14
src/misc.cpp
|
|
@ -645,6 +645,20 @@ QString misc::accurateDoubleToString(const double &n, const int &precision, bool
|
|||
return QString::number(std::floor(n*prec)/prec, 'f', precision);
|
||||
}
|
||||
|
||||
// Implements constant-time comparison to protect against timing attacks
|
||||
// Taken from https://crackstation.net/hashing-security.htm
|
||||
bool misc::slowEquals(const QByteArray &a, const QByteArray &b)
|
||||
{
|
||||
int lengthA = a.length();
|
||||
int lengthB = b.length();
|
||||
|
||||
int diff = lengthA ^ lengthB;
|
||||
for(int i = 0; i < lengthA && i < lengthB; i++)
|
||||
diff |= a[i] ^ b[i];
|
||||
|
||||
return (diff == 0);
|
||||
}
|
||||
|
||||
namespace {
|
||||
// Trick to get a portable sleep() function
|
||||
class SleeperThread : public QThread {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue