Previously, when an invalid port was specified in -rpcbind, the SplitHostPort() return value in HTTPBindAddresses() was ignored and attempt would be made to bind to the default rpcbind port (with the host/port treated as a host).
This rearranges port checking code in AppInitMain() to handle the invalid port before reaching HTTPBindAddresses(). Also adds a check in HTTPBindAddresses() as a defensive measure for future changes.
Adds then updates associated functional tests as well.
<!--e57a25ab6845829454e8d69fc972939a-->
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.
<!--006a51241073e994b41acfe9ec718e94-->
For detailed information about the code coverage, see the test coverage report.
<!--021abf342d371248e50ceaed478a90ca-->
See the guideline for information on the review process.
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.
<!--174a7506f384e20aa4161008e828411d-->
Reviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.
Existing behavior:
src/bitcoind -rpcallowip=127.0.0.1 -rpcbind=127.0.0.1:18000 -rpcbind=[::1]:18001 -rpcbind=127.0.0.1:notaport -rpcbind=127.0.0.1:-18002 -rpcbind=[::1]:-18003
...
2024-08-21T02:44:13Z Command-line arg: rpcallowip="127.0.0.1"
2024-08-21T02:44:13Z Command-line arg: rpcbind="127.0.0.1:18000"
2024-08-21T02:44:13Z Command-line arg: rpcbind="[::1]:18001"
2024-08-21T02:44:13Z Command-line arg: rpcbind="127.0.0.1:notaport"
2024-08-21T02:44:13Z Command-line arg: rpcbind="127.0.0.1:-18002"
2024-08-21T02:44:13Z Command-line arg: rpcbind="[::1]:-18003"
2024-08-21T02:44:13Z Using at most 125 automatic connections (1024 file descriptors available)
2024-08-21T02:44:13Z scheduler thread start
2024-08-21T02:44:13Z Binding RPC on address 127.0.0.1 port 18000
2024-08-21T02:44:13Z Binding RPC on address ::1 port 18001
2024-08-21T02:44:13Z Binding RPC on address 127.0.0.1:notaport port 18443
2024-08-21T02:44:13Z [libevent:warning] getaddrinfo: nodename nor servname provided, or not known
2024-08-21T02:44:13Z Binding RPC on address 127.0.0.1:notaport port 18443 failed.
2024-08-21T02:44:13Z Binding RPC on address 127.0.0.1:-18002 port 18443
2024-08-21T02:44:13Z [libevent:warning] getaddrinfo: nodename nor servname provided, or not known
2024-08-21T02:44:13Z Binding RPC on address 127.0.0.1:-18002 port 18443 failed.
2024-08-21T02:44:13Z Binding RPC on address [::1]:-18003 port 18443
2024-08-21T02:44:13Z [libevent:warning] getaddrinfo: nodename nor servname provided, or not known
2024-08-21T02:44:13Z Binding RPC on address [::1]:-18003 port 18443 failed.
2024-08-21T02:44:13Z Using random cookie authentication.
2024-08-21T02:44:13Z Generated RPC authentication cookie /home/dev/.bitcoin/regtest/.cookie
2024-08-21T02:44:13Z Permissions used for cookie: rw-------
2024-08-21T02:44:13Z Starting HTTP server with 4 worker threads
2024-08-21T02:44:13Z Using wallet directory /home/dev/.bitcoin/regtest/wallets
2024-08-21T02:44:13Z init message: Verifying wallet(s)…
2024-08-21T02:44:13Z Using /16 prefix for IP bucketing
2024-08-21T02:44:13Z init message: Loading P2P addresses…
2024-08-21T02:44:13Z Loaded 0 addresses from peers.dat 0ms
2024-08-21T02:44:13Z init message: Loading banlist…
2024-08-21T02:44:13Z SetNetworkActive: true
2024-08-21T02:44:13Z [error] Invalid port specified in -rpcbind: '127.0.0.1:notaport'
Error: Invalid port specified in -rpcbind: '127.0.0.1:notaport'
2024-08-21T02:44:13Z Shutdown: In progress...
2024-08-21T02:44:13Z scheduler thread exit
2024-08-21T02:44:13Z Flushed fee estimates to fee_estimates.dat.
2024-08-21T02:44:13Z Shutdown: done
New behavior:
src/bitcoind -rpcallowip=127.0.0.1 -rpcbind=127.0.0.1:18000 -rpcbind=[::1]:18001 -rpcbind=127.0.0.1:notaport -rpcbind=127.0.0.1:-18002 -rpcbind=[::1]:-18003
...
2024-08-21T02:40:24Z Bitcoin Core version v27.99.0-fbb03ba76f72-dirty (release build)
2024-08-21T02:40:24Z Script verification uses 15 additional threads
2024-08-21T02:40:24Z Using the 'standard' SHA256 implementation
2024-08-21T02:40:24Z Default data directory /home/dev/.bitcoin
2024-08-21T02:40:24Z Using data directory /home/dev/.bitcoin/regtest
2024-08-21T02:40:24Z Config file: /home/dev/.bitcoin/bitcoin.conf
2024-08-21T02:40:24Z Config file arg: coinstatsindex="1"
2024-08-21T02:40:24Z Config file arg: regtest="1"
2024-08-21T02:40:24Z Config file arg: txindex="1"
2024-08-21T02:40:24Z Command-line arg: rpcallowip="127.0.0.1"
2024-08-21T02:40:24Z Command-line arg: rpcbind="127.0.0.1:18000"
2024-08-21T02:40:24Z Command-line arg: rpcbind="[::1]:18001"
2024-08-21T02:40:24Z Command-line arg: rpcbind="127.0.0.1:notaport"
2024-08-21T02:40:24Z Command-line arg: rpcbind="127.0.0.1:-18002"
2024-08-21T02:40:24Z Command-line arg: rpcbind="[::1]:-18003"
2024-08-21T02:40:24Z Using at most 125 automatic connections (1024 file descriptors available)
2024-08-21T02:40:24Z scheduler thread start
2024-08-21T02:40:24Z [error] Invalid port specified in -rpcbind: '127.0.0.1:notaport'
Error: Invalid port specified in -rpcbind: '127.0.0.1:notaport'
2024-08-21T02:40:24Z Shutdown: In progress...
2024-08-21T02:40:24Z scheduler thread exit
2024-08-21T02:40:24Z Shutdown: done
<!--85328a0da195eb286784d51f73fa0af9-->
🚧 At least one of the CI tasks failed. <sub>Debug: https://github.com/bitcoin/bitcoin/runs/28977110960</sub>
<details><summary>Hints</summary>
Make sure to run all tests locally, according to the documentation.
The failure may happen due to a number of reasons, for example:
Possibly due to a silent merge conflict (the changes in this pull request being incompatible with the current code in the target branch). If so, make sure to rebase on the latest commit of the target branch.
A sanitizer issue, which can only be found by compiling with the sanitizer and running the affected test.
An intermittent issue.
Leave a comment here, if you need help tracking down a confusing failure.
</details>
Code review 9f19d10922d615c1e313eb7348fcc536642ad2e4.
I'm not sure this fix is ideal. For example if the GUI is used I believe this will change the error message from:
to just:
I think it would be good to keep the new return false and error log in HTTPBindAddresses. But a more direct fix for this issue might be to just move the code that checks port numbers on line 1304 above the code that starts the http server on line 1219 in AppInitMain:
I think it would be good to keep the new
return falseand error log inHTTPBindAddresses. But a more direct fix for this issue might be to just move the code that checks port numbers on line 1304 above the code that starts the http server on line 1219 inAppInitMain:
Thank you for taking a look. Agreed, rearranging in AppInitMain seems to be the better approach. Updated.
Also rearranged the commits such that the tests are introduced in the first commit and adjusted with the introduction of the fix.
1210 | @@ -1211,6 +1211,50 @@ bool AppInitMain(NodeContext& node, interfaces::BlockAndHeaderTipInfo* tip_info) 1211 | RegisterZMQRPCCommands(tableRPC); 1212 | #endif 1213 | 1214 | + // Check port numbers
In commit "fix: handle invalid rpcbind port earlier" (8892150c2d8ea9e09046e288cecd4c35472c0267)
Not important, but to make AppInitMain function shorter and make the bugfix commit fix more readable you could consider adding an earlier refactoring commit the moves these for loops into a CheckHostPortOptions function, and have AppinitMain call it like if (!CheckHostPortOptions(args)) return false;
Thanks, good suggestion. Makes things cleaner. Added.
Was also thinking about updating ParseUint16() to ToIntegral(), but that could be left for a follow-up, since we would also want to ensure adequate tests for -port and -rpcport with that update.
Code review ACK 8892150c2d8ea9e09046e288cecd4c35472c0267. Looks good! Nice to have earlier feedback and clearer checking for these options. I left a suggestion, but it's not important, so feel free to ignore
376 | @@ -374,7 +377,11 @@ static bool HTTPBindAddresses(struct evhttp* http) 377 | for (const std::string& strRPCBind : gArgs.GetArgs("-rpcbind")) { 378 | uint16_t port{http_port}; 379 | std::string host; 380 | - SplitHostPort(strRPCBind, port, host); 381 | + if (!SplitHostPort(strRPCBind, port, host)) {
In commit "fix: handle invalid rpcbind port earlier" (51ba0e61273bec02833329ee6ac8fa219679cefa)
(Not important, but another idea to make this commit smaller and clearer: I think it would be good to move the change in src/httpserver.cpp to a separate followup commit, because while it's a good change that improves code quality and error reporting, it is not really a part of the bugfix, and is more tangentially related to it.)
Thanks. Yes, that's correct (movement of CheckHostPortOptions() handles the bug before HTTPBindAddresses()). It's cleaner to break this out into its own commit. Updated.
Code review ACK 51ba0e61273bec02833329ee6ac8fa219679cefa. Since last review, just split up the change and moved some code so this should be a little easier to review now.
I had another idea and left a suggestion but it is not important so please feel free to ignore.
Code review ACK 590d2fb0d8548d6d55fd1c738c8bcbe71a57aaf2
Just split up the last commit since the previous review to separate bugfix from cleanup
Hey, I'm reviewing this PR, and I saw that the test run_invalid_bind_test you implemented in rpc_bind.py is not invoking without explicitly providing the --ipv4 or --ipv6 flags, so is there any particular reason for that?
Hey, I'm reviewing this PR, and I saw that the test
run_invalid_bind_testyou implemented inrpc_bind.pyis not invoking without explicitly providing the--ipv4or--ipv6flags, so is there any particular reason for that?
Thank you for the review!
In test/functional/test_runner.py, rpc_bind.py is run with three variations (--ipv4, --ipv6, and --nonloopback), so there is coverage for parsing rpcbind with both IPv4 and IPv6 addresses/port binds (loopback).
ACK 590d2fb I have reviewed and tested by manual and dry running the code to detect any edge cases and coding related erros. I also performed manual fuzzing by passing arguments in the CLI using bitcoind to check for any unexpected behaviours and to check whether the new code giving the updated results without any bypass or failure.Â
Reduces the size of AppInitMain() by moving
checks to CheckHostPortOptions()
Co-Authored-By: Ryan Ofsky <ryan@ofsky.org>
Previously, when an invalid port was specified
in `-rpcbind`, the `SplitHostPort()` return value
in `HTTPBindAddresses()` was ignored and attempt
would be made to bind to the default rpcbind port
(with the host/port treated as a host).
This rearranges port checking code in
`AppInitMain()` to handle the invalid
port before reaching `HTTPBindAddresses()`.
Also adjusts associated functional tests.
Adds invalid rpcbind port checking to
`HTTPBindAddresses()`. While movement of
`CheckHostPortOptions()` in the previous
commit handles rcpbind port errors, updating
`HTTPBindAddresses()` port checking adds
a defensive measure for potential future
changes.
<!--85328a0da195eb286784d51f73fa0af9-->
🚧 At least one of the CI tasks failed. <sub>Debug: https://github.com/bitcoin/bitcoin/runs/30290727636</sub>
<details><summary>Hints</summary>
Make sure to run all tests locally, according to the documentation.
The failure may happen due to a number of reasons, for example:
Possibly due to a silent merge conflict (the changes in this pull request being incompatible with the current code in the target branch). If so, make sure to rebase on the latest commit of the target branch.
A sanitizer issue, which can only be found by compiling with the sanitizer and running the affected test.
An intermittent issue.
Leave a comment here, if you need help tracking down a confusing failure.
</details>
Code review ACK e6994efe08b282dd9e46602bcbad69567fe91dcd
No changes since last review, just rebased due to conflict
ACK e6994efe08b282dd9e46602bcbad69567fe91dcd