(Past issue) On Windows, pruned nodes could crash while deleting a block file #31193

1. 
   darosior commented at 3:17 pm on October 31, 2024: member

   This was reported by @andrewtoth to the security list on 2022-12-20 and fixed in #26533. The security team at the time determined it was indeed a bug but not a vulnerability.

   I’m opening this issue in public in order to leave a trace of this bug, which as far as i know wasn’t public yet.

   Original email from Andrew Toth on 2022-12-20:

   Hello,

   I have discovered a bug that can cause pruned nodes running on Windows to crash. Keeping an open file handle to a blk*.dat file on Windows can cause std::filesystem::remove to fail, but the version used at https://github.com/bitcoin/bitcoin/blob/master/src/node/blockstorage.cpp#L561-L562 is using the version that will throw on error https://en.cppreference.com/w/cpp/filesystem/remove. According to cppreference it will only return false if the file doesn’t exist, not if there was a problem deleting it.

   Discovered as I was implementing #26308 (review). Fix is in #2653. It doesn’t disclose that this causes a pruned node to crash, just that it won’t delete the block file.

   Regards, Andrew

2. darosior closed this on Oct 31, 2024

   ---

3. 
   andrewtoth commented at 3:28 pm on October 31, 2024: contributor

   Reason for reporting is that a user on the same system with only read access to the bitcoind datadir could cause bitcoind to crash. This could be seen as a form of privilege escalation. I thought it was low, but still reported in case there was something I was missing.
4. 
   darosior commented at 4:15 pm on October 31, 2024: member

   Of course, better safe than sorry with this matter!

Contributors
darosior andrewtoth