Commit graph

18935 commits

Author SHA1 Message Date
Wladimir J. van der Laan
2479b779aa
Merge #14728: fix uninitialized read when stringifying an addrLocal
b7b36decaf fix uninitialized read when stringifying an addrLocal (Kaz Wesley)
8ebbef0169 add test demonstrating addrLocal UB (Kaz Wesley)

Pull request description:

  Reachable from either place where SetIP is used when all of:
  - our best-guess addrLocal for a peer is IPv4
  - the peer tells us it's reaching us at an IPv6 address
  - NET logging is enabled

  In that case, SetIP turns an IPv4 address into an IPv6 address without
  setting the scopeId, which is subsequently read in GetSockAddr during
  CNetAddr::ToStringIP and passed to getnameinfo. Fix by ensuring every
  constructor initializes the scopeId field with something.

Tree-SHA512: 8f0159750995e08b985335ccf60a273ebd09003990bcf2c3838b550ed8dc2659552ac7611650e6dd8e29d786fe52ed57674f5880f2e18dc594a7a863134739e3
2018-11-23 09:53:20 +01:00
Wladimir J. van der Laan
a0d86815cd
Merge #14726: Use RPCHelpMan for all RPCs
fa5e0452e8 rpc: Documentation fixups (MarcoFalke)
fa91e8eda5 Use RPCHelpMan for all RPCs (MarcoFalke)
fa520e72f7 lint: Must use RPCHelpMan to generate the RPC docs (MarcoFalke)

Pull request description:

  The resulting documentation should not change unless the type in the oneline-summary was previously incorrect. (E.g. string vs bool)

Tree-SHA512: 4ff355b6a53178f02781e97a7aca7ee1d0d97ff348b6bf5a01caa1c96904ee33c704465fae54c2cd7445097427fd04c71ad3779bb7a7ed886055ef36c1b5a1d0
2018-11-23 09:42:33 +01:00
Wladimir J. van der Laan
d7fbe7d927
Merge #14778: A few minor formatting fixes and clarifications to descriptors.md
8284756705 A few minor formatting fixes and clarifications to descriptors.md (John Newbery)

Pull request description:

  Fixes some markdown formatting issues, and also adds a few clarifications.

Tree-SHA512: b12fc94035c075a990756e22fb60b95e6c851c80c8a60fc8fc46b07c6749df4d257401889be4d930996432ac08850770077e667fe48473140f38b94c8e9eacdc
2018-11-23 07:58:05 +01:00
João Barbosa
a0f8df365d qt: Call noui_connect to prevent boost::signals2::no_slots_error in early calls to InitWarning 2018-11-22 17:41:01 +00:00
MarcoFalke
3dda4c5f03
Merge #14777: tests: Add regtest for JSON-RPC batch calls
3d2c7d6f94 Add regtest for JSON-RPC batch calls. (Daniel Kraft)

Pull request description:

  This adds a new regtest file `interface_rpc.py`, containing a test for batch JSON-RPC requests.  Those were previously not tested at all.  Tests for basic requests are not really necessary, as those are used anyway in lots of other regtests.

  The existing `interface_http.py` file is more about the underlying HTTP connection, so adding a new interface file for the JSON-RPC specific things makes sense.

Tree-SHA512: 7c7576004c8474e23c98f4bf25fb655328ba6bb73ea06744ebee1c0ffbb26bc132e621ae52955d51dab0803b322f8d711667626a777ac9b26003339c2484502f
2018-11-22 12:14:51 -05:00
MarcoFalke
fa7d36b8e7
test: Move UBSAN suppressions to test/sanitizer_suppressions/ubsan 2018-11-22 11:55:53 -05:00
MarcoFalke
fa36d4e456
travis: --disable-hardening for xenial thread sanitizer
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67308
2018-11-22 11:48:58 -05:00
MarcoFalke
89bf196c88 travis: Run thread sanitizer 2018-11-22 11:47:36 -05:00
MarcoFalke
2a97f192ea
Merge #14771: test: Add BOOST_REQUIRE to getters returning optional
fa21ca09a8 test: Add BOOST_REQUIRE to getters returning optional (MarcoFalke)

Pull request description:

  Usually the returned value is already checked for equality, but for sanity we might as well require that the getter successfully returned.

Tree-SHA512: 0d613a9a721c61bd7a115ebc681a0890df09b8e5775f176ac18b3a586f2ca57bee0b5b816f5a7c314ff3ac6cbb2a4d9c434f8459e054a7c8a6934a75f0120c2a
2018-11-22 11:37:17 -05:00
Wladimir J. van der Laan
708cbb172d
Merge #14756: Improve rpcauth.py by using argparse and getpass modules
d6cde007db rpcauth: Improve by using argparse and getpass modules (João Barbosa)

Pull request description:

  This PR improves argument handling in `rpcauth.py` script by using `argparse` module. Specifying `-` as password makes it prompt securely with `getpass` module which prevents leaking passwords to bash history.

Tree-SHA512: 489d66c95f66b5618cb75fd8f07ea5647281226ab9e32b03051eb43f758b9334ac19b7c82c2ed4f8c7ffbb0bee949b3d389e1564ec7a6e372f2864233bc7cb88
2018-11-22 12:38:03 +01:00
Wladimir J. van der Laan
e77a2258e4
Merge #14532: Never bind INADDR_ANY by default, and warn when doing so explicitly
27c44ef9c6 rpcbind: Warn about exposing RPC to untrusted networks (Luke Dashjr)
d6a1287481 CNetAddr: Add IsBindAny method to check for INADDR_ANY (Luke Dashjr)
3615003952 net: Always default rpcbind to localhost, never "all interfaces" (Luke Dashjr)

Pull request description:

  A disturbingly large number of listening nodes appear to be also exposing their RPC server to the public internet. To attempt to mitigate this:

  * Only ever bind localhost by default, even if `rpcallowip` is specified. (A warning is given if `rpcallowip` is specified without `rpcbind`, since it doesn't really make sense to do.)
  * Warn about exposing the RPC server to untrusted networks if the user explicitly binds to any INADDR_ANY address.
  * Include a warning about untrusted networks in the `--help` documentation for `rpcbind`.

Tree-SHA512: 755bbca3db416a31393672eccf6675a5ee4d1eb1812cba73ebb4ff8c6b855ecc5df4c692566e9aa7b0f7d4dce6fedb9c0e9f3c265b9663aca36c4a6ba5efdbd4
2018-11-22 10:53:16 +01:00
Wladimir J. van der Laan
e736b67467
Merge #14715: Drop defunct prevector compat handling
69ca48717c Implement prevector::fill once (Ben Woosley)
7bad78c2c8 Drop defunct IS_TRIVIALLY_CONSTRUCTIBLE handling from prevector.h (Ben Woosley)

Pull request description:

  This is clean-up post #14651:
  * Use one implementation of `prevector::fill`, as it's possible now that the implementations are identical.
  * Only apply the `IS_TRIVIALLY_CONSTRUCTIBLE` handling to the bench file where it is used, and drop the now-unnecessary associated compat includes.

Tree-SHA512: 5930b3a17fccd39af10add40202ad97a297aebecc049af72ca920d0d55b3e4c3c30ce864c8a683355895f0196396d4ea56ba9f9637bdc7d16964cdf66c195485
2018-11-22 10:50:38 +01:00
John Newbery
8284756705 A few minor formatting fixes and clarifications to descriptors.md 2018-11-22 00:21:29 -05:00
Luke Dashjr
27c44ef9c6 rpcbind: Warn about exposing RPC to untrusted networks 2018-11-22 01:44:59 +00:00
Luke Dashjr
d6a1287481 CNetAddr: Add IsBindAny method to check for INADDR_ANY 2018-11-22 01:44:59 +00:00
Luke Dashjr
3615003952 net: Always default rpcbind to localhost, never "all interfaces"
We don't support binding to untrusted networks, so avoid a default where that is typical
2018-11-22 01:44:59 +00:00
João Barbosa
d6cde007db rpcauth: Improve by using argparse and getpass modules 2018-11-21 22:30:07 +00:00
Daniel Kraft
3d2c7d6f94 Add regtest for JSON-RPC batch calls.
This adds a new regtest file 'interface_rpc.py', containing a test for
batch JSON-RPC requests.  Those were previously not tested at all.  Tests
for basic requests are not really necessary, as those are used anyway
in lots of other regtests.

The existing interface_http.py file is more about the underlying HTTP
connection, so adding a new interface file for the JSON-RPC specific
things makes sense.
2018-11-21 19:43:06 +01:00
Wladimir J. van der Laan
d7b0258ff0
Merge #14708: Warn unrecognised sections in the config file
3fb09b9889 Warn unrecognized sections in the config file (Akio Nakamura)

Pull request description:

  This PR intends to resolve #14702.

  In the config file, sections are specified by square bracket pair "[]"$,
  or included in the option name itself which separated by a period"(.)".

  Typicaly, [testnet] is not a correct section name and specified options
  in that section are ignored but user cannot recognize what is happen.

  So, add some log-warning messages if unrecognized section names are
  present in the config file after checking section only args.

  note: Currentry, followings are out of scope of this PR.
  1) Empty section name or option name can describe.
  e.g. [] , .a=b, =c
  2) Multiple period characters can exist in the section name and option name.
  e.g. [c.d.e], [..], f.g.h.i=j, ..=k

Tree-SHA512: 2cea02a0525feb40320613989a75cd7b7b1bd12158d5e6f3174ca77e6a25bb84425dd8812f62483df9fc482045c7b5402d69bc714430518b1847d055a2dc304b
2018-11-21 19:37:22 +01:00
Wladimir J. van der Laan
1649886054
Merge #14719: qa: Check specific reject reasons in feature_block
fa7da0617c qa: Check specific reject reasons in feature_block (MarcoFalke)

Pull request description:

  There are some consensus checks that are essentially turned off because we never send the block, but only the header. It happens that the header was sufficient to determine the invalidity of the block according to our consensus rules in those cases. Fix that by forcing the full block on the node unsolicited.

Tree-SHA512: a5534318370367ea8de07d853de7e845c8f5637cd6d5457e932a9555af26cc212625e443c00c93586d556cc770f301248e7cabd68131a37791ae91706e7e40b2
2018-11-21 14:41:22 +01:00
Wladimir J. van der Laan
267793af8b
Merge #14742: Properly generate salt in rpcauth.py
6be7d14d24 Properly generate salt in rpcauth.py, update tests (Carl Dong)

Pull request description:

  Previously, when iterating over bytes of the generated salt to construct
  a hex string, only one character would be outputted when the byte is
  less than 0x10. Meaning that for a 16 byte salt, the hex string might be
  less than 32 characters and collisions would occur.

Tree-SHA512: 7038ecbbac846cd1851112396acd8a04475685f5b6f786e4e7316acba4a56cc711c275b7f52f0f2b6bc6cfdc0c0d9d39c3afeb2c0aff3a30fde516bf642fdf9f
2018-11-21 10:33:25 +01:00
MarcoFalke
fa71eb5196
Convert comments to thread safety annotations 2018-11-20 20:29:16 -05:00
MarcoFalke
fa21ca09a8
test: Add BOOST_REQUIRE to getters returning optional 2018-11-20 19:51:49 -05:00
Wladimir J. van der Laan
6b90a2a0e0
Merge #14770: travis: Do not specify sudo in .travis
feeef7d30e Do not specify sudo in .travis (Julian Fleischer)

Pull request description:

  Travis is deprecating the `sudo` keyword and moves everything to
  the same infrastructure (sudo really selects between two infrastructures).

  See https://blog.travis-ci.com/2018-11-19-required-linux-infrastructure-migration?utm_source=in-app&utm_medium=intercom for more info.

Tree-SHA512: 3364fbeaf7af5e91ef97cf7fbcc75427ecb4e10b02a31cbc17ccc46a6077bba7a000539717bb6a351c404a2b408af7de6c4587089b02367e67e1c8bfd8fe69d1
2018-11-20 18:51:07 +01:00
Julian Fleischer
feeef7d30e
Do not specify sudo in .travis
Travis is deprecating the `sudo` keyword and moves everything to
the same infrastructure (sudo really selects between two infrastructures).

See https://blog.travis-ci.com/2018-11-19-required-linux-infrastructure-migration?utm_source=in-app&utm_medium=intercom for more info.
2018-11-20 15:50:30 +01:00
Wladimir J. van der Laan
afa506f6eb
Merge #14552: wallet: detecting duplicate wallet by comparing the db filename.
591203149f wallet: Create IsDatabaseLoaded function (Chun Kuan Lee)
15c93f075a wallet: Add trailing wallet.dat when detecting duplicate wallet if it's a directory. (Chun Kuan Lee)
c456fbd8df Refactor: Move m_db pointers into BerkeleyDatabase (Russell Yanofsky)

Pull request description:

  Fix #14538

  Fix crash attempting to load the same wallet with different path strings that resolve to the same absolute path. The primary check which prevents loading the same wallet twice is:

  6b8d0a2164/src/wallet/db.cpp (L44)

  But this check is skipped if both wallet paths resolve to the same absolute path, due to caching here:

  6b8d0a2164/src/wallet/db.cpp (L467)

  Meanwhile a secondary check for duplicate wallets is not reliable because it based on a literal comparison, instead of comparison using absolute paths:

  6b8d0a2164/src/wallet/wallet.cpp (L3853)

  This PR fixes the latter check to compare the absolute path of a new wallet being loaded to absolute paths of wallets already loaded, so there should no longer be any way to load the same wallet more than once.

Tree-SHA512: 2fa01811c160b57be3b76c6b4983556a04bbce71a3f8202429987ec020664a062e897deedcd9248bc04e9baaa2fc7b464e2595dcaeff2af0818387bf1fcdbf6f
2018-11-20 15:15:59 +01:00
Akio Nakamura
3fb09b9889 Warn unrecognized sections in the config file
In the config file, sections are specified by square bracket pair "[]"$,
or included in the option name itself which separated by a period"(.)".

Typicaly, [testnet] is not a correct section name and specified options
in that section are ignored but user cannot recognize what is happen.

So, add some log/stderr-warning messages if unrecognized section names
are present in the config file after checking section only args.
2018-11-20 18:28:16 +09:00
Wladimir J. van der Laan
1b99d153d0
Merge #14768: revert removal of fstream.hpp header in fs.h
e816b341ab revert removal of fstream.hpp header in fs.h (Karl-Johan Alm)

Pull request description:

  We cannot (yet) remove the EXPECTED_BOOST_INCLUDES entry as this header is still needed in `fs.h` (see #14763).

  Partially reverts #14718.

Tree-SHA512: e94d8d6208bee14af20a7a529e60a4898358ec8c070a8bf0701e589a2ae33df1305deac83cee619f103c24be0eb3c12a2f490209c125b247acf21561c7de456e
2018-11-20 10:06:25 +01:00
Karl-Johan Alm
e816b341ab
revert removal of fstream.hpp header in fs.h
This is required for some architectures.
2018-11-20 14:41:12 +09:00
MarcoFalke
09f1d7fe72
Merge #14718: Remove unreferenced boost headers
c54e5a41c4 Remove unreferenced boost headers (Murray Nesbitt)

Pull request description:

  Building with clang (e.g. on FreeBSD) is very noisy due to `-Wthread-safety-analysis` warnings regarding boost. This change removes a number of unnecessary boost includes, and silences the rest of the warnings when building with clang. This allows more potentially interesting warnings to surface from the noise.

  Tested on FreeBSD 11.2

Tree-SHA512: 5e6a0623188b9be59aeae52866799aefb4c3c9ab5e569b07ee8d43fc92e0b5f1f76b96bb54c35c7043148df84641b4a96927fb71f6eb00460c20cd19cf250900
2018-11-19 13:50:16 -05:00
João Barbosa
4674610300 Log env path in BerkeleyEnvironment::Flush 2018-11-19 16:02:06 +00:00
Wladimir J. van der Laan
6d58a5c3b0
Merge #14685: fix a deserialization overflow edge case
b08af10fb2 disallow oversized CBlockHeaderAndShortTxIDs (Kaz Wesley)
6bed4b374d fix a deserialization overflow edge case (Kaz Wesley)
051faf7e9d add a test demonstrating an overflow in a deserialization edge case (Kaz Wesley)

Pull request description:

  A specially-constructed BlockTransactionsRequest can cause `offset` to wrap in deserialization. In the current code, there is not any way this could be dangerous; but disallowing it reduces the potential for future surprises.

Tree-SHA512: 1aaf7636e0801a905ed8807d0d1762132ac8b4421a600c35fb6d5e5033c6bfb587d8668cd9f48c7a08a2ae793a677b7649661e3ae248ab4f8499ab7b6ede483c
2018-11-18 10:15:18 +01:00
Carl Dong
6be7d14d24 Properly generate salt in rpcauth.py, update tests
Previously, when iterating over bytes of the generated salt to construct
a hex string, only one character would be outputted when the byte is
less than 0x10. Meaning that for a 16 byte salt, the hex string might be
less than 32 characters and collisions would occur.
2018-11-17 01:26:49 -08:00
MarcoFalke
35739976c1
Merge #14731: doc: Improve scripted-diff developer docs
07e286d940 Improve scripted-diff developer docs (Carl Dong)

Pull request description:

  Instead of verifying all scripted-diffs, provide an example that only verifies all scripted-diffs in commits since `origin/master`.

Tree-SHA512: 2faecfd1df04046c77ca2b7426675265f7ed656b2b7e2714ae61c0a38b3ea239f35d2be6d615c5191a21f3a453e37f6a4622bd4558173b768cb73183b56c4d62
2018-11-16 11:21:28 -05:00
Murray Nesbitt
c54e5a41c4 Remove unreferenced boost headers 2018-11-16 03:20:44 +00:00
Carl Dong
07e286d940 Improve scripted-diff developer docs
Instead of verifying all scripted-diffs, provide an example that only verifies all scripted-diffs in commits since `origin/master.
2018-11-15 15:45:48 -08:00
Kaz Wesley
b7b36decaf fix uninitialized read when stringifying an addrLocal
Reachable from either place where SetIP is used when our best-guess
addrLocal for a peer is IPv4, but the peer tells us it's reaching us at
an IPv6 address.

In that case, SetIP turns an IPv4 address into an IPv6 address without
setting the scopeId, which is subsequently read in GetSockAddr during
CNetAddr::ToStringIP and passed to getnameinfo. Fix by ensuring every
constructor initializes the scopeId field with something.
2018-11-15 13:47:53 -08:00
Kaz Wesley
8ebbef0169 add test demonstrating addrLocal UB 2018-11-15 13:47:53 -08:00
MarcoFalke
384967f311
Merge #13815: util: Add [[nodiscard]] to all {Decode,Parse}[...](...) functions returning bool
9cc0230cfc Add NODISCARD to all {Decode,Parse}[...](...) functions returning bool. Sort includes. (practicalswift)
579497e77a tests: Explicitly ignore the return value of DecodeBase58(...) (practicalswift)
145fe95ec7 tests: Check return value of ParseParameters(...) (practicalswift)
7c5bc2a523 miner: Default to DEFAULT_BLOCK_MIN_TX_FEE if unable to parse -blockmintxfee (practicalswift)

Pull request description:

  Changes in this PR:
  * ~~Add linter to make sure the return value of `Parse[...](...)` is checked~~
  * Add `__attribute__((warn_unused_result))` to all `{Decode,Parse}[...](...)` functions returning `bool`
  * Fix violations

  Context:
  * #13712: `wallet: Fix non-determinism in ParseHDKeypath(...). Avoid using an uninitialized variable in path calculation.` would have been prevented by this

Tree-SHA512: 41a97899f2d5a26584235fa02b1ebfb4faacd81ea97e927022955a658fa7e15d07a1443b4b7635151a43259a1adf8f2f4de3c1c75d7b5f09f0d5496463a1dae6
2018-11-15 14:39:37 -05:00
MarcoFalke
fa5e0452e8
rpc: Documentation fixups 2018-11-15 12:19:11 -05:00
Pieter Wuille
109699dd33 Add release notes 2018-11-14 14:21:42 -08:00
Pieter Wuille
b65326b562 Add matching descriptors to scantxoutset output + tests 2018-11-14 14:21:42 -08:00
Pieter Wuille
16203d5df7 Add descriptors to listunspent and getaddressinfo + tests 2018-11-14 14:21:42 -08:00
MarcoFalke
fa91e8eda5
Use RPCHelpMan for all RPCs 2018-11-14 15:33:15 -05:00
Ben Woosley
69ca48717c
Implement prevector::fill once
Now that the implementation is identical, we can use a default value to
distinguish them.
2018-11-14 12:19:28 -05:00
Ben Woosley
7bad78c2c8
Drop defunct IS_TRIVIALLY_CONSTRUCTIBLE handling from prevector.h
It's now only referenced from the bench, so leave it there. This allows us to
drop the associated includes as well.
2018-11-14 12:19:04 -05:00
MarcoFalke
fa520e72f7
lint: Must use RPCHelpMan to generate the RPC docs 2018-11-14 12:11:06 -05:00
MarcoFalke
e74649e951
Merge #14411: [wallet] Restore ability to list incoming transactions by label
da427dbd48 Rename ListTransactions filter variable (Russell Yanofsky)
65b740f92b [wallet] Restore ability to list incoming transactions by label (Russell Yanofsky)

Pull request description:

  This change partially reverts #13075 and #14023.

  Fixes #14382

Tree-SHA512: 8c4e56104b3a45784cdc06bae8e5facdfff04fe3545b63a35e0ec2e440a41b79d84833ca4c4e728d8af7ebb8a519303a9eda7bee4bbfb92bd50c58587a33eb30
2018-11-14 11:59:41 -05:00
MarcoFalke
c7366d2399
Merge #14478: Show error to user when corrupt wallet unlock fails
b4f6e58ca5 Better error message for user when corrupt wallet unlock fails (MeshCollider)

Pull request description:

  Mentioned here: https://github.com/bitcoin/bitcoin/issues/14461#issuecomment-429183503

  Current behavior is to assert(false) and crash, only info is printed in the log. This shows the message to the user before abort() instead.

Tree-SHA512: 526f9ed9262257fca55caf7153ab913ed958b13b079d2f01db797485614d8c375815a1554276e8cf73d3838104b2691a9cf85c8d097973127ae8de9e111446bf
2018-11-14 11:27:01 -05:00
Wladimir J. van der Laan
2e8f9dc2bb
Merge #14704: doc: add detached release notes for #14060
86cddf0856 doc: add detached release notes for #14060 (mruddy)

Pull request description:

  Adding detached release notes for #14060 in order to assist with https://github.com/bitcoin/bitcoin/pull/14688.

Tree-SHA512: 170cd0b6ac27237f58875f301132e0695dee36eec5d90a0c1234c0fa9db125151e6cebd94e63e634ddc4ddcfb77d7a4a07434ffd3725cb0dfa13fc4ccfbde2a0
2018-11-14 13:44:02 +01:00