mirror
/
oragono
mirror of https://github.com/oragono/oragono
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 70 Wiki Activity
Browse Source

explain why CheckPassword happens in client thread

tags/v0.1.0
Jeremy Latt 10 years ago
parent
b359d8c097
commit
7a9f1d750b
1 changed files with 5 additions and 0 deletions
Split View Show Diff Stats
  1. 5
    0
      irc/client.go

+ 5
- 0
irc/client.go View File 

@@ -67,6 +67,11 @@ func (client *Client) run() {
67 67 
 		checkPass, ok := command.(checkPasswordCommand)
68 68 
 		if ok {
69 69 
 			checkPass.LoadPassword(client.server)
70 
+			// Block the client thread while handling a potentially expensive
71 
+			// password bcrypt operation. Since the server is single-threaded
72 
+			// for commands, we don't want the server to perform the bcrypt,
73 
+			// blocking anyone else from sending commands until it
74 
+			// completes. This could be a form of DoS if handled naively.
70 75 
 			checkPass.CheckPassword()
71 76 
 		}
72 77

Write Preview
Loading…
Cancel
Save