User-facing string in GUI from untrusted source #16154

issue cculianu opened this issue on June 5, 2019
  1. cculianu commented at 5:54 PM on June 5, 2019: none

    See here: https://github.com/bitcoin/bitcoin/blob/758c6d784da0f191c408fda97b3071dd7e1fe8a0/src/qt/paymentserver.cpp#L718-L726

    This string ends up in the wallet UI on a failed response form the payment request server.

    IN light of recent phishing attempts on eg the Electrum network, it's probably not the best idea to show this error message in the GUI.

    Granted this is a corner case and the attack surface is exceedingly small -- it still probably should be handled.

    Best regards,

    -Calin

  2. fanquake added the label GUI on Jun 5, 2019
  3. bddap commented at 9:36 PM on June 26, 2019: none

    Is is it useful to check reply->errorString() against a whitelist of valid error messages? Should the message simply not be displayed?

  4. fanquake commented at 2:19 AM on February 4, 2020: member

    This code no longer exists.

  5. fanquake closed this on Feb 4, 2020
  6. DrahtBot locked this on Feb 15, 2022
Contributors
cculianubddapfanquake
Labels
GUI
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-21 18:14 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me