diff options
| author | Wladimir J. van der Laan <laanwj@gmail.com> | 2014-10-20 11:25:54 +0200 |
|---|---|---|
| committer | Wladimir J. van der Laan <laanwj@gmail.com> | 2014-10-20 11:36:40 +0200 |
| commit | 64ffc995d685cf8a53ef868572e835ce42269ec6 (patch) | |
| tree | 379c2207b7818d2d4b2359fbf6bf2fb48f98f164 /src | |
| parent | 84d13eef883769451ba9f77b56d9738d24474d5c (diff) | |
| parent | d4746d56c0c45b8721da36bc19b2bdaba5d7d094 (diff) | |
Merge pull request #5095
d4746d5 Add a SECURE style flag for ThreadSafeMessageBox, which indicates that the message contains sensitive information. This keeps the message from being output to the debug log by bitcoind. Fixes a possible security risk when starting bitcoind in server mode without the 'rpcpassword' option configured, resulting in the "suggested" password being output to the debug log. (Mark Friedenbach)
Diffstat (limited to 'src')
| -rw-r--r-- | src/noui.cpp | 6 | ||||
| -rw-r--r-- | src/qt/bitcoingui.cpp | 3 | ||||
| -rw-r--r-- | src/rpcserver.cpp | 2 | ||||
| -rw-r--r-- | src/ui_interface.h | 3 |
4 files changed, 12 insertions, 2 deletions
diff --git a/src/noui.cpp b/src/noui.cpp index f786a20db5..8f3b0275b0 100644 --- a/src/noui.cpp +++ b/src/noui.cpp @@ -14,6 +14,9 @@ static bool noui_ThreadSafeMessageBox(const std::string& message, const std::string& caption, unsigned int style) { + bool fSecure = style & CClientUIInterface::SECURE; + style &= ~CClientUIInterface::SECURE; + std::string strCaption; // Check for usage of predefined caption switch (style) { @@ -30,7 +33,8 @@ static bool noui_ThreadSafeMessageBox(const std::string& message, const std::str strCaption += caption; // Use supplied caption (can be empty) } - LogPrintf("%s: %s\n", strCaption, message); + if (!fSecure) + LogPrintf("%s: %s\n", strCaption, message); fprintf(stderr, "%s: %s\n", strCaption.c_str(), message.c_str()); return false; } diff --git a/src/qt/bitcoingui.cpp b/src/qt/bitcoingui.cpp index 8a945606dc..9d6d07a56b 100644 --- a/src/qt/bitcoingui.cpp +++ b/src/qt/bitcoingui.cpp @@ -992,6 +992,9 @@ void BitcoinGUI::showProgress(const QString &title, int nProgress) static bool ThreadSafeMessageBox(BitcoinGUI *gui, const std::string& message, const std::string& caption, unsigned int style) { bool modal = (style & CClientUIInterface::MODAL); + // The SECURE flag has no effect in the Qt GUI. + // bool secure = (style & CClientUIInterface::SECURE); + style &= ~CClientUIInterface::SECURE; bool ret = false; // In case of modal message, use blocking connection to wait for user to click a button QMetaObject::invokeMethod(gui, "message", diff --git a/src/rpcserver.cpp b/src/rpcserver.cpp index 1a41344da5..9668c78831 100644 --- a/src/rpcserver.cpp +++ b/src/rpcserver.cpp @@ -581,7 +581,7 @@ void StartRPCThreads() strWhatAmI, GetConfigFile().string(), EncodeBase58(&rand_pwd[0],&rand_pwd[0]+32)), - "", CClientUIInterface::MSG_ERROR); + "", CClientUIInterface::MSG_ERROR | CClientUIInterface::SECURE); StartShutdown(); return; } diff --git a/src/ui_interface.h b/src/ui_interface.h index f5224ba57d..1231d5ed0b 100644 --- a/src/ui_interface.h +++ b/src/ui_interface.h @@ -63,6 +63,9 @@ public: /** Force blocking, modal message box dialog (not just OS notification) */ MODAL = 0x10000000U, + /** Do not print contents of message to debug log */ + SECURE = 0x40000000U, + /** Predefined combinations for certain default usage cases */ MSG_INFORMATION = ICON_INFORMATION, MSG_WARNING = (ICON_WARNING | BTN_OK | MODAL), |