hydrar/mistserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix anti-bruteforcing sleep to be outside of any locking

Browse source
This commit is contained in:
Thulinma 2022-01-31 23:18:40 +01:00
parent 5b1521c5c8
commit a71e81eee2
1 changed files with 7 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/controller/controller_api.cpp
View file

@ -409,12 +409,15 @@ int Controller::handleAPIConnection(Socket::Connection &conn){
} }
if (authorized){ if (authorized){
handleAPICommands(Request, Response); handleAPICommands(Request, Response);
}else{// unauthorized Controller::checkServerLimits(); /*LTS*/
Util::sleep(1000); // sleep a second to prevent bruteforcing
logins++;
} }
Controller::checkServerLimits(); /*LTS*/
}// config mutex lock }// config mutex lock
if (!authorized){
// sleep a second to prevent bruteforcing.
// We need to make sure this happens _after_ unlocking the mutex!
Util::sleep(1000);
logins++;
}
// send the response, either normally or through JSONP callback. // send the response, either normally or through JSONP callback.
std::string jsonp = ""; std::string jsonp = "";
if (H.GetVar("callback") != ""){jsonp = H.GetVar("callback");} if (H.GetVar("callback") != ""){jsonp = H.GetVar("callback");}