diff options
| author | Andrew Chow <github@achow101.com> | 2023-01-10 17:22:21 -0500 |
|---|---|---|
| committer | Andrew Chow <github@achow101.com> | 2023-01-10 17:31:19 -0500 |
| commit | 68f88bc03f2d4c908a064394795a045b1ac67c37 (patch) | |
| tree | 7ae97cd8ea88751b5a313cec90eac09c864a564c /src/wallet/rpc/backup.cpp | |
| parent | b264410e012a61b103e1a03c43df4e17b9b75452 (diff) | |
| parent | 65e78bda7cd23ad7b6ede63c6bf5ffe6f552c71d (diff) | |
Merge bitcoin/bitcoin#26186: rpc: Sanitize label name in various RPCs with tests
65e78bda7cd23ad7b6ede63c6bf5ffe6f552c71d test: Invalid label name coverage (Aurèle Oulès)
552b51e682b5a52d9e2fbe64e44e623451692bd3 refactor: Add sanity checks in LabelFromValue (Aurèle Oulès)
67e7ba8e1aea58fc864f9bb1fc0e56b70777185e rpc: Sanitize label name in various RPCs (Aurèle Oulès)
Pull request description:
The following RPCs did not sanitize the optional label name:
- importprivkey
- importaddress
- importpubkey
- importmulti
- importdescriptors
- listsinceblock
Thus is was possible to import an address with a label `*` which should not be possible.
The wildcard label is used for backwards compatibility in the `listtransactions` rpc.
I added test coverage for these RPCs.
ACKs for top commit:
ajtowns:
ACK 65e78bda7cd23ad7b6ede63c6bf5ffe6f552c71d
achow101:
ACK 65e78bda7cd23ad7b6ede63c6bf5ffe6f552c71d
furszy:
diff ACK 65e78bd
stickies-v:
re-ACK 65e78bda7cd23ad7b6ede63c6bf5ffe6f552c71d
theStack:
re-ACK 65e78bda7cd23ad7b6ede63c6bf5ffe6f552c71d
Tree-SHA512: ad99f2824d4cfae352166b76da4ca0069b7c2eccf81aaa0654be25bbb3c6e5d6b005d93960f3f4154155f80e12be2d0cebd5529922ae3d2a36ee4eed82440b31
Diffstat (limited to 'src/wallet/rpc/backup.cpp')
| -rw-r--r-- | src/wallet/rpc/backup.cpp | 16 |
1 files changed, 5 insertions, 11 deletions
diff --git a/src/wallet/rpc/backup.cpp b/src/wallet/rpc/backup.cpp index 95117b6c19..64253789ec 100644 --- a/src/wallet/rpc/backup.cpp +++ b/src/wallet/rpc/backup.cpp @@ -156,9 +156,7 @@ RPCHelpMan importprivkey() EnsureWalletIsUnlocked(*pwallet); std::string strSecret = request.params[0].get_str(); - std::string strLabel; - if (!request.params[1].isNull()) - strLabel = request.params[1].get_str(); + const std::string strLabel{LabelFromValue(request.params[1])}; // Whether to perform rescan after import if (!request.params[2].isNull()) @@ -249,9 +247,7 @@ RPCHelpMan importaddress() EnsureLegacyScriptPubKeyMan(*pwallet, true); - std::string strLabel; - if (!request.params[1].isNull()) - strLabel = request.params[1].get_str(); + const std::string strLabel{LabelFromValue(request.params[1])}; // Whether to perform rescan after import bool fRescan = true; @@ -442,9 +438,7 @@ RPCHelpMan importpubkey() EnsureLegacyScriptPubKeyMan(*pwallet, true); - std::string strLabel; - if (!request.params[1].isNull()) - strLabel = request.params[1].get_str(); + const std::string strLabel{LabelFromValue(request.params[1])}; // Whether to perform rescan after import bool fRescan = true; @@ -1170,7 +1164,7 @@ static UniValue ProcessImport(CWallet& wallet, const UniValue& data, const int64 if (internal && data.exists("label")) { throw JSONRPCError(RPC_INVALID_PARAMETER, "Internal addresses should not have a label"); } - const std::string& label = data.exists("label") ? data["label"].get_str() : ""; + const std::string label{LabelFromValue(data["label"])}; const bool add_keypool = data.exists("keypool") ? data["keypool"].get_bool() : false; // Add to keypool only works with privkeys disabled @@ -1464,7 +1458,7 @@ static UniValue ProcessDescriptorImport(CWallet& wallet, const UniValue& data, c const std::string& descriptor = data["desc"].get_str(); const bool active = data.exists("active") ? data["active"].get_bool() : false; const bool internal = data.exists("internal") ? data["internal"].get_bool() : false; - const std::string& label = data.exists("label") ? data["label"].get_str() : ""; + const std::string label{LabelFromValue(data["label"])}; // Parse descriptor string FlatSigningProvider keys; |