Skip to content

Error if rpcpassword contains hash in conf sections#15087

Merged
laanwj merged 1 commit intobitcoin:masterfrom
meshcollider:201901_pass_hash_fix
Jan 9, 2019
Merged

Error if rpcpassword contains hash in conf sections#15087
laanwj merged 1 commit intobitcoin:masterfrom
meshcollider:201901_pass_hash_fix

Conversation

@meshcollider
Copy link
Contributor

@meshcollider meshcollider commented Jan 3, 2019

Fixes #15075

laanwj
laanwj reviewed Jan 3, 2019
View reviewed changes
@laanwj
Copy link
Member

laanwj commented Jan 3, 2019

utACK

@promag
Copy link
Contributor

promag commented Jan 3, 2019
edited
Loading

Tested ACK 170523f.

I prefer this version though:

diff --git a/src/util/system.cpp b/src/util/system.cpp
index ffe4d21ee..8da476289 100644
--- a/src/util/system.cpp
+++ b/src/util/system.cpp
@@ -863,12 +863,13 @@ static bool GetConfigOptions(std::istream& stream, std::string& error, std::vect
                 error = strprintf("parse error on line %i: %s, options in configuration file must be specified without leading -", linenr, str);
                 return false;
             } else if ((pos = str.find('=')) != std::string::npos) {
-                std::string name = prefix + TrimString(str.substr(0, pos), pattern);
-                std::string value = TrimString(str.substr(pos + 1), pattern);
-                if (used_hash && name.find("rpcpassword") != std::string::npos) {
+                std::string name = TrimString(str.substr(0, pos), pattern);
+                if (used_hash && name == "rpcpassword") {
                     error = strprintf("parse error on line %i, using # in rpcpassword can be ambiguous and should be avoided", linenr);
                     return false;
                 }
+                name = prefix + name;
+                std::string value = TrimString(str.substr(pos + 1), pattern);
                 options.emplace_back(name, value);
                 if ((pos = name.rfind('.')) != std::string::npos) {
                     sections.insert(name.substr(0, pos));

Since Unless regtest.rpcpassword=foo is a valid line?

The above suggestion wouldn't catch lines like regtest.rpcpassword=foo.

@DrahtBot
Copy link
Contributor

DrahtBot commented Jan 3, 2019

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Conflicts

Reviewers, this pull request conflicts with the following ones:

  • #14866 (Improve property evaluation way in bitcoin.conf by AkioNak)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

@laanwj
Copy link
Member

laanwj commented Jan 4, 2019
edited
Loading

@promag huh, yes, I hadn't noticed that the prefix was added there, I tend to agree that's better than a fuzzy query like .find(), I didn't consider it important enough to remark as I thought it involved increasing the amount/complexity of string parsing, but that doesn't seem too bad.

Edit after IRC discussion: wrong, this would mean regtest.rpcpassword=foo is no longer detected, better stick to the current code.

@laanwj
Copy link
Member

laanwj commented Jan 9, 2019

re-utACK 8cff831

@laanwj laanwj merged commit 8cff831 into bitcoin:master Jan 9, 2019
laanwj added a commit that referenced this pull request Jan 9, 2019
@laanwj
Merge #15087: Error if rpcpassword contains hash in conf sections
ff7f736 
8cff831 Error if rpcpassword contains hash in conf sections (MeshCollider)

Pull request description:

  Fixes #15075

Tree-SHA512: 08ba2a2e9a7ea228fc0e0ff9aa76da1fecbe079e3b388304a28b6399e338a4b3a38b03ab03aca880e75f14a8d2ba75ceb31a385d7989cd66db5193a79f32c4e5
@jnewbery
Copy link
Contributor

jnewbery commented Jan 9, 2019

tested ACK 8cff831

@promag
Copy link
Contributor

promag commented Jan 9, 2019

post merge ACK 8cff831.

@AkioNak
Copy link
Contributor

AkioNak commented Jan 10, 2019

Sorry for my late commet.
Is "rrrpcpassworddd=foo#bar" an error?
I think that the unknown configuration file options will be ignored.
( as a compromise. - #13799)

@meshcollider meshcollider deleted the 201901_pass_hash_fix branch January 10, 2019 18:33
deadalnix pushed a commit to Bitcoin-ABC/bitcoin-abc that referenced this pull request Apr 17, 2020
@laanwj @majcosta
[backport#15087] Error if rpcpassword contains hash in conf sections
cd52fd6 
Summary:
8cff83124bcac936ecc6add6dca72b125a79a08f Error if rpcpassword contains hash in conf sections (MeshCollider)

Pull request description:

  Fixes #15075

Tree-SHA512: 08ba2a2e9a7ea228fc0e0ff9aa76da1fecbe079e3b388304a28b6399e338a4b3a38b03ab03aca880e75f14a8d2ba75ceb31a385d7989cd66db5193a79f32c4e5

---

Depends on D5756

This is a backport of Core [[bitcoin/bitcoin#15087 | PR15087]]

Test Plan:
  ninja
  test_runner.py feature_config_args.py

Reviewers: deadalnix, #bitcoin_abc, Fabien

Reviewed By: #bitcoin_abc, Fabien

Differential Revision: https://reviews.bitcoinabc.org/D5757
ftrader pushed a commit to bitcoin-cash-node/bitcoin-cash-node that referenced this pull request Aug 17, 2020
@laanwj @ftrader
[backport#15087] Error if rpcpassword contains hash in conf sections
f0d5817 
Summary:
8cff83124bcac936ecc6add6dca72b125a79a08f Error if rpcpassword contains hash in conf sections (MeshCollider)

Pull request description:

  Fixes #15075

Tree-SHA512: 08ba2a2e9a7ea228fc0e0ff9aa76da1fecbe079e3b388304a28b6399e338a4b3a38b03ab03aca880e75f14a8d2ba75ceb31a385d7989cd66db5193a79f32c4e5

---

Depends on D5756

This is a backport of Core [[bitcoin/bitcoin#15087 | PR15087]]

Test Plan:
  ninja
  test_runner.py feature_config_args.py

Reviewers: deadalnix, #bitcoin_abc, Fabien

Reviewed By: #bitcoin_abc, Fabien

Differential Revision: https://reviews.bitcoinabc.org/D5757
@PastaPastaPasta PastaPastaPasta mentioned this pull request Sep 10, 2021
Closed
PastaPastaPasta pushed a commit to PastaPastaPasta/dash that referenced this pull request Sep 11, 2021
@laanwj @PastaPastaPasta
Merge bitcoin#15087: Error if rpcpassword contains hash in conf sections
39db8fe 
8cff831 Error if rpcpassword contains hash in conf sections (MeshCollider)

Pull request description:

  Fixes bitcoin#15075

Tree-SHA512: 08ba2a2e9a7ea228fc0e0ff9aa76da1fecbe079e3b388304a28b6399e338a4b3a38b03ab03aca880e75f14a8d2ba75ceb31a385d7989cd66db5193a79f32c4e5
@bitcoin bitcoin locked as resolved and limited conversation to collaborators Dec 16, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@laanwj laanwj laanwj left review comments

Assignees

No one assigned

Labels

Utils/log/libs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Expected error not printed if rpcpassword contains hash character but is in a [section]

6 participants

@meshcollider @laanwj @promag @DrahtBot @jnewbery @AkioNak