diff options
| author | Ryan Ofsky <ryan@ofsky.org> | 2019-12-19 18:00:04 -0500 |
|---|---|---|
| committer | Ryan Ofsky <ryan@ofsky.org> | 2025-02-13 12:30:15 -0500 |
| commit | e03409c70f7472d39e45d189df6c0cf6b676b761 (patch) | |
| tree | 287533c76cccb69a4e804566ea29d5425528ef9b | |
| parent | 40c4899bc209921fb4bde02840359c3253663766 (diff) | |
Fix nonsensical -norpcbind and -norpcallowip behavior
Treat specifying -norpcbind and -norpcallowip the same as not specifying
-rpcbind or -rpcallowip, instead of failing to bind to localhost and failing to
show warnings.
Also add code comment to clarify what intent of existing code is.
| -rw-r--r-- | src/httpserver.cpp | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/src/httpserver.cpp b/src/httpserver.cpp index 88e640c377..bd2dec19b9 100644 --- a/src/httpserver.cpp +++ b/src/httpserver.cpp @@ -362,16 +362,20 @@ static bool HTTPBindAddresses(struct evhttp* http) std::vector<std::pair<std::string, uint16_t>> endpoints; // Determine what addresses to bind to - if (!(gArgs.IsArgSet("-rpcallowip") && gArgs.IsArgSet("-rpcbind"))) { // Default to loopback if not allowing external IPs + // To prevent misconfiguration and accidental exposure of the RPC + // interface, require -rpcallowip and -rpcbind to both be specified + // together. If either is missing, ignore both values, bind to localhost + // instead, and log warnings. + if (gArgs.GetArgs("-rpcallowip").empty() || gArgs.GetArgs("-rpcbind").empty()) { // Default to loopback if not allowing external IPs endpoints.emplace_back("::1", http_port); endpoints.emplace_back("127.0.0.1", http_port); - if (gArgs.IsArgSet("-rpcallowip")) { + if (!gArgs.GetArgs("-rpcallowip").empty()) { LogPrintf("WARNING: option -rpcallowip was specified without -rpcbind; this doesn't usually make sense\n"); } - if (gArgs.IsArgSet("-rpcbind")) { + if (!gArgs.GetArgs("-rpcbind").empty()) { LogPrintf("WARNING: option -rpcbind was ignored because -rpcallowip was not specified, refusing to allow everyone to connect\n"); } - } else if (gArgs.IsArgSet("-rpcbind")) { // Specific bind address + } else { // Specific bind addresses for (const std::string& strRPCBind : gArgs.GetArgs("-rpcbind")) { uint16_t port{http_port}; std::string host; |