diff options
author | John Moffett <john.moff@gmail.com> | 2023-02-09 10:53:54 -0500 |
---|---|---|
committer | John Moffett <john.moff@gmail.com> | 2023-02-21 14:40:59 -0500 |
commit | 00a0861181cc7f4771ac2690ca6be5731c30b005 (patch) | |
tree | 2ade76775bcbc94e93698a5eb92938017d323671 /src/wallet/rpc/wallet.cpp | |
parent | 80f4979322b574be29c684b2e106804432420ebf (diff) | |
download | bitcoin-00a0861181cc7f4771ac2690ca6be5731c30b005.tar.xz |
Pass all characters to SecureString including nulls
`SecureString` is a `std::string` specialization with
a secure allocator. However, it's treated like a C-
string (no explicit length and null-terminated). This
can cause unexpected behavior. For instance, if a user
enters a passphrase with an embedded null character
(which is possible through Qt and the JSON-RPC), it will
ignore any characters after the null, giving the user
a false sense of security.
Instead of assigning `SecureString` via `std::string::c_str()`,
assign it via a `std::string_view` of the original. This
explicitly captures the size and doesn't make any extraneous
copies in memory.
Diffstat (limited to 'src/wallet/rpc/wallet.cpp')
-rw-r--r-- | src/wallet/rpc/wallet.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/wallet/rpc/wallet.cpp b/src/wallet/rpc/wallet.cpp index 23a88cd51b..a6cdad6642 100644 --- a/src/wallet/rpc/wallet.cpp +++ b/src/wallet/rpc/wallet.cpp @@ -359,7 +359,7 @@ static RPCHelpMan createwallet() passphrase.reserve(100); std::vector<bilingual_str> warnings; if (!request.params[3].isNull()) { - passphrase = request.params[3].get_str().c_str(); + passphrase = std::string_view{request.params[3].get_str()}; if (passphrase.empty()) { // Empty string means unencrypted warnings.emplace_back(Untranslated("Empty string given as passphrase, wallet will not be encrypted.")); |