From 27c44ef9c61f64d941ab82ec232a68141a2fde90 Mon Sep 17 00:00:00 2001
From: Luke Dashjr <luke-jr+git@utopios.org>
Date: Sat, 20 Oct 2018 14:56:58 +0000
Subject: rpcbind: Warn about exposing RPC to untrusted networks

---
 src/httpserver.cpp | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/httpserver.cpp')

diff --git a/src/httpserver.cpp b/src/httpserver.cpp
index cf365f4638..00434169cd 100644
--- a/src/httpserver.cpp
+++ b/src/httpserver.cpp
@@ -323,6 +323,10 @@ static bool HTTPBindAddresses(struct evhttp* http)
         LogPrint(BCLog::HTTP, "Binding RPC on address %s port %i\n", i->first, i->second);
         evhttp_bound_socket *bind_handle = evhttp_bind_socket_with_handle(http, i->first.empty() ? nullptr : i->first.c_str(), i->second);
         if (bind_handle) {
+            CNetAddr addr;
+            if (i->first.empty() || (LookupHost(i->first.c_str(), addr, false) && addr.IsBindAny())) {
+                LogPrintf("WARNING: the RPC server is not safe to expose to untrusted networks such as the public internet\n");
+            }
             boundSockets.push_back(bind_handle);
         } else {
             LogPrintf("Binding RPC on address %s port %i failed.\n", i->first, i->second);
-- 
cgit v1.2.3