LBRYCommunity/lbrycrd
1
0
Fork 0
Code Issues 29 Pull requests 1 Projects Releases 32 Packages Wiki Activity

Add a SECURE style flag for ThreadSafeMessageBox, which indicates that the message contains sensitive information. This keeps the message from being output to the debug log by bitcoind. Fixes a possible security risk when starting bitcoind in server mode without the 'rpcpassword' option configured, resulting in the "suggested" password being output to the debug log.

Browse source
This commit is contained in:
Mark Friedenbach 2014-10-16 16:16:29 -07:00
parent e8f6d54f1f
commit d4746d56c0
4 changed files with 12 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/noui.cpp
View file

@ -14,6 +14,9 @@
static bool noui_ThreadSafeMessageBox(const std::string& message, const std::string& caption, unsigned int style) static bool noui_ThreadSafeMessageBox(const std::string& message, const std::string& caption, unsigned int style)
{ {
bool fSecure = style & CClientUIInterface::SECURE;
style &= ~CClientUIInterface::SECURE;
std::string strCaption; std::string strCaption;
// Check for usage of predefined caption // Check for usage of predefined caption
switch (style) { switch (style) {
@ -30,7 +33,8 @@ static bool noui_ThreadSafeMessageBox(const std::string& message, const std::str
strCaption += caption; // Use supplied caption (can be empty) strCaption += caption; // Use supplied caption (can be empty)
} }
LogPrintf("%s: %s\n", strCaption, message); if (!fSecure)
LogPrintf("%s: %s\n", strCaption, message);
fprintf(stderr, "%s: %s\n", strCaption.c_str(), message.c_str()); fprintf(stderr, "%s: %s\n", strCaption.c_str(), message.c_str());
return false; return false;
} }

3
src/qt/bitcoingui.cpp
View file

@ -992,6 +992,9 @@ void BitcoinGUI::showProgress(const QString &title, int nProgress)
static bool ThreadSafeMessageBox(BitcoinGUI *gui, const std::string& message, const std::string& caption, unsigned int style) static bool ThreadSafeMessageBox(BitcoinGUI *gui, const std::string& message, const std::string& caption, unsigned int style)
{ {
bool modal = (style & CClientUIInterface::MODAL); bool modal = (style & CClientUIInterface::MODAL);
// The SECURE flag has no effect in the Qt GUI.
// bool secure = (style & CClientUIInterface::SECURE);
style &= ~CClientUIInterface::SECURE;
bool ret = false; bool ret = false;
// In case of modal message, use blocking connection to wait for user to click a button // In case of modal message, use blocking connection to wait for user to click a button
QMetaObject::invokeMethod(gui, "message", QMetaObject::invokeMethod(gui, "message",

2
src/rpcserver.cpp
View file

@ -581,7 +581,7 @@ void StartRPCThreads()
strWhatAmI, strWhatAmI,
GetConfigFile().string(), GetConfigFile().string(),
EncodeBase58(&rand_pwd[0],&rand_pwd[0]+32)), EncodeBase58(&rand_pwd[0],&rand_pwd[0]+32)),
"", CClientUIInterface::MSG_ERROR); "", CClientUIInterface::MSG_ERROR | CClientUIInterface::SECURE);
StartShutdown(); StartShutdown();
return; return;
} }

3
src/ui_interface.h
View file

@ -63,6 +63,9 @@ public:
/** Force blocking, modal message box dialog (not just OS notification) */ /** Force blocking, modal message box dialog (not just OS notification) */
MODAL = 0x10000000U, MODAL = 0x10000000U,
/** Do not print contents of message to debug log */
SECURE = 0x40000000U,
/** Predefined combinations for certain default usage cases */ /** Predefined combinations for certain default usage cases */
MSG_INFORMATION = ICON_INFORMATION, MSG_INFORMATION = ICON_INFORMATION,
MSG_WARNING = (ICON_WARNING | BTN_OK | MODAL), MSG_WARNING = (ICON_WARNING | BTN_OK | MODAL),