error if invalid chars in wallet name #20393

pull ghost wants to merge 3 commits into bitcoin:master from changing 2 files +21 −0
  1. ghost commented at 12:39 AM on November 15, 2020: none

    check if wallet name begins with one of the below chars and give error:

    / \ . ? %

    Fixes https://github.com/bitcoin/bitcoin/issues/20128

  2. error if invalid chars in wallet name
    check if wallet name begins with one of the below chars and give error:

`/`
`.`
    d6ffaf1d9a
  3. ghost commented at 12:40 AM on November 15, 2020: none

    PR is still in draft mode and I am not sure if this is the right approach (concept ACK). Not even sure if I have used the if statement at the right place because I tried compiling (no errors), tests passed but I was still able to create wallet name with invalid characters.

    Any help in solving this problem will be appreciated. I referred to https://github.com/bitcoin/bitcoin/commit/ba1f128d6c117a63d5d904b3956551bd83405ec9 so assuming I will have to make few changes in src/wallet/wallet.cpp and write a test for it in functional/wallet_createwallet.py

    Or I can close this PR if someone has a better approach, code to solve this problem and has the time to work on a new PR

  4. ysangkok commented at 1:00 AM on November 15, 2020: none

    What about if it begins with -? That can happen accidentally using bitcoin-cli you e.g. try something like bitcoin-cli createwallet -descriptors instead of bitcoin-cli -named createwallet -descriptors true?

    Also, if you're just checking the first character, isn't regex a bit overkill?

  5. ysangkok commented at 1:09 AM on November 15, 2020: none

    What about waiting a few months and then you can use std::filesystem to check that std::filename::filename equals the original path, I think that would ensure it isn't traversing directories, which seems to be the goal.

  6. DrahtBot added the label RPC/REST/ZMQ on Nov 15, 2020
  7. DrahtBot added the label Wallet on Nov 15, 2020
  8. ghost commented at 1:16 AM on November 15, 2020: none

    What about waiting a few months and then you can use std::filesystem to check that std::filename::filename equals the original path, I think that would ensure it isn't traversing directories, which seems to be the goal.

    I am okay with it and don't consider it critical if thats a better approach.

    Also I am not sure why checks failed in CI but I get no errors on my local machine with same code.

    image

  9. ghost commented at 1:19 AM on November 15, 2020: none

    What about if it begins with -? That can happen accidentally using bitcoin-cli you e.g. try something like bitcoin-cli createwallet -descriptors instead of bitcoin-cli -named createwallet -descriptors true?

    Also, if you're just checking the first character, isn't regex a bit overkill?

    - character is not checked and considered valid. Only / and . are checked.

    I don't know any better way to do this in C++

  10. ysangkok commented at 1:22 AM on November 15, 2020: none

    what about string::front?

  11. ghost commented at 1:28 AM on November 15, 2020: none

    what about string::front?

    This can be used IMO. Any reasons to avoid regex?

  12. promag commented at 10:47 PM on November 15, 2020: member

    Going forward please add tests.

  13. luke-jr changes_requested
  14. luke-jr commented at 11:15 PM on November 24, 2020: member

    https://www.cplusplus.com/reference/string/string/find_first_of/

    Although it would be best if there's a filesystem-specific call, since this may vary by OS... (see test/functional/feature_notifications.py:FILE_CHARS_DISALLOWED)

  15. kristapsk commented at 11:32 PM on November 24, 2020: contributor

    Any reasons to avoid regex?

    Execution speed and readability of code.

    Agree with @luke-jr about filesystem specific call being the best solution. And as there is anyway a plan to use C++17 for the next major release after v0.21, std::filename::filename looks like a right solution to me.

  16. Replace regex with string::front
    - Used string::front as suggested by 'ysangkok' and removed regex as adviced by 'kristapsk' for execution speed and readability of code
- Added chars: `%` and `?` in `if` statement
    4fb238ee4b
  17. Add tests: Check invalid chars in wallet name c04c473845
  18. ghost commented at 10:24 PM on December 20, 2020: none

    @ysangkok replaced regex with string::front @promag added tests in https://github.com/bitcoin/bitcoin/pull/20393/commits/c04c47384533b15214859fc5e2f3d4d578da2ebe although I am not sure if they are correct and doing this for the first time @luke-jr

    Although it would be best if there's a filesystem-specific call, since this may vary by OS... (see test/functional/feature_notifications.py:FILE_CHARS_DISALLOWED)

    Thanks for sharing the link. I checked it, did some research and thought its best to avoid dependency on checking OS for this if statement because of two reasons:

    1. Some users might hide/change things so that attackers cannot identify OS
    2. We don't know how many types of OS are used for running bitcoin core, their characters usage and new updates. Also lot of OS are now supporting things that were only available on other OS in past. Example: Ubuntu in Windows @kristapsk Removed regex

    And as there is anyway a plan to use C++17 for the next major release after v0.21, std::filename::filename looks like a right solution to me.

    Maybe. I am not the best person to comment on things related to C++

    Also not sure why tests are failing in CI. Everything worked fine on my local machine and I tested with different wallet names.

    image

  19. ghost commented at 8:02 PM on December 29, 2020: none

    Closing this PR.

    Reasons:

    1. Not the best solution to solve this problem. Can also break few projects using bitcoin core.

    2. Better to add as an example and suggestion in docs which already got few ACKs in #20741

    If anyone interested to work on similar solution in future can always open new PR and also refer to this PR.

  20. unknown closed this on Dec 29, 2020
  21. laanwj referenced this in commit 5574e48963 on Jan 9, 2021
  22. sidhujag referenced this in commit 35842bbc32 on Jan 9, 2021
  23. PastaPastaPasta referenced this in commit 01188696b4 on Jun 27, 2021
  24. PastaPastaPasta referenced this in commit 2704e4185d on Jun 28, 2021
  25. PastaPastaPasta referenced this in commit c6864e2502 on Jun 29, 2021
  26. PastaPastaPasta referenced this in commit 88c5b5f7bd on Jul 1, 2021
  27. PastaPastaPasta referenced this in commit 0f62ac0abd on Jul 1, 2021
  28. PastaPastaPasta referenced this in commit a6643f4627 on Sep 17, 2021
  29. PastaPastaPasta referenced this in commit 66d6e52d13 on Sep 19, 2021
  30. thelazier referenced this in commit 108022ba62 on Sep 25, 2021
  31. DrahtBot locked this on Feb 15, 2022
Contributors
ghostysangkokpromagluke-jrkristapsk
Labels
WalletRPC/REST/ZMQ
Linked (view graph)
#20128 Validate user input and keep path in a separate argument for importwallet, createwallet and dumpwallet#20741 doc: Update 'Secure string handling'#21510 Special characters in `wallet_name`
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-13 15:14 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me