rpcbind: Warn about exposing RPC to untrusted networks

author: Luke Dashjr <luke-jr+git@utopios.org> 2018-10-20 14:56:58 +0000
committer: Luke Dashjr <luke-jr+git@utopios.org> 2018-11-22 01:44:59 +0000
commit: 27c44ef9c61f64d941ab82ec232a68141a2fde90 (patch)
tree: 366dfe469ae92b2e32312d66afb048a108951473 /src/httpserver.cpp
parent: d6a1287481428d982dc03be3a6d9aeef8398f468 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/src/httpserver.cpp b/src/httpserver.cpp
index cf365f4638..00434169cd 100644
--- a/src/httpserver.cpp
+++ b/src/httpserver.cpp
@@ -323,6 +323,10 @@ static bool HTTPBindAddresses(struct evhttp* http)
         LogPrint(BCLog::HTTP, "Binding RPC on address %s port %i\n", i->first, i->second);
         evhttp_bound_socket *bind_handle = evhttp_bind_socket_with_handle(http, i->first.empty() ? nullptr : i->first.c_str(), i->second);
         if (bind_handle) {
+            CNetAddr addr;
+            if (i->first.empty() || (LookupHost(i->first.c_str(), addr, false) && addr.IsBindAny())) {
+                LogPrintf("WARNING: the RPC server is not safe to expose to untrusted networks such as the public internet\n");
+            }
             boundSockets.push_back(bind_handle);
         } else {
             LogPrintf("Binding RPC on address %s port %i failed.\n", i->first, i->second);
author	Luke Dashjr <luke-jr+git@utopios.org>	2018-10-20 14:56:58 +0000
committer	Luke Dashjr <luke-jr+git@utopios.org>	2018-11-22 01:44:59 +0000
commit	27c44ef9c61f64d941ab82ec232a68141a2fde90 (patch)
tree	366dfe469ae92b2e32312d66afb048a108951473 /src/httpserver.cpp
parent	d6a1287481428d982dc03be3a6d9aeef8398f468 (diff)