aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWladimir J. van der Laan <laanwj@gmail.com>2017-10-04 15:00:59 +0200
committerWladimir J. van der Laan <laanwj@gmail.com>2017-10-04 15:01:24 +0200
commit7f11ef26085549664a911fe00807a199bbd1f041 (patch)
tree5daa935eac148294295c23507e703b67818a8f11
parenta1f7f1870931fe978069482ec0f7dc7d59456966 (diff)
parent0cd9273fd959c6742574259d026039f7da0309a2 (diff)
Merge #9937: rpc: Prevent `dumpwallet` from overwriting files
0cd9273 rpc: Prevent `dumpwallet` from overwriting files (Wladimir J. van der Laan) Pull request description: Prevent arbitrary files from being overwritten by `dumpwallet`. There have been reports that users have overwritten wallet files this way. It may also avoid other security issues. Fixes #9934. Adds mention to release notes and adds a test. Tree-SHA512: 268c98636d40924d793b55a685a0b419bafd834ad369edaec08227ebe26ed4470ddea73008d1c4beb10ea445db1b0bb8e3546ba8fc2d1a411ebd4a0de8ce9120
-rw-r--r--doc/release-notes.md3
-rw-r--r--src/wallet/rpcdump.cpp14
-rwxr-xr-xtest/functional/wallet-dump.py5
3 files changed, 19 insertions, 3 deletions
diff --git a/doc/release-notes.md b/doc/release-notes.md
index 04fb0f333b..4ecca7897c 100644
--- a/doc/release-notes.md
+++ b/doc/release-notes.md
@@ -83,6 +83,9 @@ Low-level RPC changes
* `getwalletinfo`
* `getmininginfo`
+- `dumpwallet` no longer allows overwriting files. This is a security measure
+ as well as prevents dangerous user mistakes.
+
Credits
=======
diff --git a/src/wallet/rpcdump.cpp b/src/wallet/rpcdump.cpp
index 9539cc9f42..1123fd6dbb 100644
--- a/src/wallet/rpcdump.cpp
+++ b/src/wallet/rpcdump.cpp
@@ -600,7 +600,7 @@ UniValue dumpwallet(const JSONRPCRequest& request)
if (request.fHelp || request.params.size() != 1)
throw std::runtime_error(
"dumpwallet \"filename\"\n"
- "\nDumps all wallet keys in a human-readable format.\n"
+ "\nDumps all wallet keys in a human-readable format to a server-side file. This does not allow overwriting existing files.\n"
"\nArguments:\n"
"1. \"filename\" (string, required) The filename with path (either absolute or relative to bitcoind)\n"
"\nResult:\n"
@@ -616,9 +616,19 @@ UniValue dumpwallet(const JSONRPCRequest& request)
EnsureWalletIsUnlocked(pwallet);
- std::ofstream file;
boost::filesystem::path filepath = request.params[0].get_str();
filepath = boost::filesystem::absolute(filepath);
+
+ /* Prevent arbitrary files from being overwritten. There have been reports
+ * that users have overwritten wallet files this way:
+ * https://github.com/bitcoin/bitcoin/issues/9934
+ * It may also avoid other security issues.
+ */
+ if (boost::filesystem::exists(filepath)) {
+ throw JSONRPCError(RPC_INVALID_PARAMETER, filepath.string() + " already exists. If you are sure this is what you want, move it out of the way first");
+ }
+
+ std::ofstream file;
file.open(filepath.string().c_str());
if (!file.is_open())
throw JSONRPCError(RPC_INVALID_PARAMETER, "Cannot open wallet dump file");
diff --git a/test/functional/wallet-dump.py b/test/functional/wallet-dump.py
index e4757c8c03..12db95e5d9 100755
--- a/test/functional/wallet-dump.py
+++ b/test/functional/wallet-dump.py
@@ -7,7 +7,7 @@
import os
from test_framework.test_framework import BitcoinTestFramework
-from test_framework.util import assert_equal
+from test_framework.util import (assert_equal, assert_raises_jsonrpc)
def read_dump(file_name, addrs, hd_master_addr_old):
@@ -105,5 +105,8 @@ class WalletDumpTest(BitcoinTestFramework):
assert_equal(found_addr_chg, 90*2 + 50) # old reserve keys are marked as change now
assert_equal(found_addr_rsv, 90*2)
+ # Overwriting should fail
+ assert_raises_jsonrpc(-8, "already exists", self.nodes[0].dumpwallet, tmpdir + "/node0/wallet.unencrypted.dump")
+
if __name__ == '__main__':
WalletDumpTest().main ()