From a43be5bcdb27a68abe9bb5fec57185a1b6652479 Mon Sep 17 00:00:00 2001
From: "Wladimir J. van der Laan" <laanwj@gmail.com>
Date: Tue, 7 Mar 2017 09:50:41 +0100
Subject: rpc: Prevent `dumpwallet` from overwriting files

Prevent arbitrary files from being overwritten. There have been reports
that users have overwritten wallet files this way. It may also avoid
other security issues.

Fixes #9934. Adds mention to release notes and adds a test.

Github-Pull: #9937
Rebased-From: 0cd9273fd959c6742574259d026039f7da0309a2
---
 test/functional/wallet-dump.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'test/functional/wallet-dump.py')

diff --git a/test/functional/wallet-dump.py b/test/functional/wallet-dump.py
index 569cc46e6c..016bd95925 100755
--- a/test/functional/wallet-dump.py
+++ b/test/functional/wallet-dump.py
@@ -7,7 +7,7 @@
 import os
 
 from test_framework.test_framework import BitcoinTestFramework
-from test_framework.util import assert_equal
+from test_framework.util import (assert_equal, assert_raises_jsonrpc)
 
 
 def read_dump(file_name, addrs, hd_master_addr_old):
@@ -108,5 +108,8 @@ class WalletDumpTest(BitcoinTestFramework):
         assert_equal(found_addr_chg, 90*2 + 50)  # old reserve keys are marked as change now
         assert_equal(found_addr_rsv, 90*2) 
 
+        # Overwriting should fail
+        assert_raises_jsonrpc(-8, "already exists", self.nodes[0].dumpwallet, tmpdir + "/node0/wallet.unencrypted.dump")
+
 if __name__ == '__main__':
     WalletDumpTest().main ()
-- 
cgit v1.2.3