DragonX/dragonx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

Fixes #1497 ZCA-009 by restricting data exporting to user defined folder.

Browse Source 
Previously the RPC interface allowed z_exportwallet, backupwallet and
dumpwallet to write data to an arbitrary filename.  ZCA-009 demonstrates
how this is vulnerable.  The resolution is to only allow data to
written when the -exportdir has been configured.  Also filenames are
restricted to alphanumeric characters.
This commit is contained in:
Simon
2017-01-09 21:25:42 -08:00
parent 57a0725ae1
commit 9064d73bf8
8 changed files with 104 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/utilstrencodings.h
View File

@@ -22,6 +22,7 @@
/** This is needed because the foreach macro can't get over the comma in pair<t1, t2> */
#define PAIRTYPE(t1, t2) std::pair<t1, t2>
std::string SanitizeFilename(const std::string& str);
std::string SanitizeString(const std::string& str);
std::vector<unsigned char> ParseHex(const char* psz);
std::vector<unsigned char> ParseHex(const std::string& str);