process: sleep for 2 seconds on wrong password

To make guessing the password of the webserver more expensive wait for two seconds before accepting the next password. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-09-12 05:06:31 +02:00 · 2020-09-12 05:06:31 +02:00 · c49a0dd6fa
parent 2e3320dbdd
commit c49a0dd6fa
1 changed files with 3 additions and 0 deletions
--- a/src/process.c
+++ b/src/process.c
@ -30,6 +30,7 @@
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <sys/socket.h>
+#include <unistd.h>
 #include <usb.h>
 #include "config.h"
 #include "sispm_ctl.h"
@ -66,6 +67,8 @@ static void unauthorized(int out)
 {
  char xbuffer[BSIZE+2];

+  /* Sleep here to make password guessing more expensive */
+  usleep(2000000);
  sprintf(xbuffer,
          "HTTP/1.1 401 Unauthorized\nServer: SisPM\n"
          "WWW-Authenticate: Basic realm=\"SisPM\n\""