rpc: check for irregular files in dumptxoutset#17615
rpc: check for irregular files in dumptxoutset#17615brakmic wants to merge 0 commit intobitcoin:masterfrom brakmic:dumptxoutset-invalid-file-error
Conversation
|
Hi @brakmic The functional tests fail for me on:
|
These are tests that are already included in rpc_dumptxoutset.py. The test I added executes when you comment out the other, failing, tests. As those haven't been coded by me, I didn't touch them. |
|
It throws for the example input:
|
Thanks, will look into it. |
|
As already suspected in my pre-PR message the standard is_regular_file wasn't enough and we had to switch to boost's portable_file_name. However, this function is actually much more powerful, because it helps a lot regarding portability. |
|
Just to clarify the problem mentioned above by @petterhs The previously used is_regular_file checks if a path is valid. Like: is this a file, or a pipe, a dir etc. This of course wasn't enough as we actually need to check for validity of a given string, before it becomes a path object. Therefore, I switched to boost's portable_file_name. --EDIT: Not sure, if this could become a problem, but portable_file_name forces you to use only those file names that are acceptable by various operating systems. In this case Linux, Windows, Mac. In a way, it disciplines you to use only "portable" names. |
|
Is there an advantage to using |
I'd say, it doesn't use raw pointers and C constructs like FILE. |
|
Would make sense to have a RPC utility function (in
We have a similar check in fs::path filepath = request.params[0].get_str();
filepath = fs::absolute(filepath);
/* Prevent arbitrary files from being overwritten. There have been reports
* that users have overwritten wallet files this way:
* https://github.com/bitcoin/bitcoin/issues/9934
* It may also avoid other security issues.
*/
if (fs::exists(filepath)) {
throw JSONRPCError(RPC_INVALID_PARAMETER, filepath.string() + " already exists. If you are sure this is what you want, move it out of the way first");
}As this function has the same risks, it'd make sense to share the same code. |
|
@laanwj Indeed! I'll then write such a utility function and substitute current checks with it. Should I open a new PR, or is it OK to continue with it here? |
Thanks!
I'd prefer updating this one, it's close enough. |
|
Moved to #17623 |
5 participants
This PR fixes the problem with handling of irregular file names described in #17612
It also defines a helper function CanWriteFile that is used by dumptxoutset and dumpwallet.
This function checks for:
The already existing JSON return objects and their messages have been preserved to prevent failing of tests and/or 3rd party tools whose parsers maybe rely on them.
Two tests have been added: in rpc_tests.cpp and test/functional/rpc_dumptxoutset.py
Closes: #17612