diff options
| author | Wladimir J. van der Laan <[email protected]> | 2018-11-22 10:51:39 +0100 |
|---|---|---|
| committer | Wladimir J. van der Laan <[email protected]> | 2018-11-22 10:53:16 +0100 |
| commit | e77a2258e4daff20202178bba6b9fb8c757823de (patch) | |
| tree | a36f683ea7b0d388bf8e6c6d470b7923e554f93f /src/httpserver.cpp | |
| parent | Merge #14715: Drop defunct prevector compat handling (diff) | |
| parent | rpcbind: Warn about exposing RPC to untrusted networks (diff) | |
| download | discoin-e77a2258e4daff20202178bba6b9fb8c757823de.tar.xz discoin-e77a2258e4daff20202178bba6b9fb8c757823de.zip | |
Merge #14532: Never bind INADDR_ANY by default, and warn when doing so explicitly
27c44ef9c61f64d941ab82ec232a68141a2fde90 rpcbind: Warn about exposing RPC to untrusted networks (Luke Dashjr)
d6a1287481428d982dc03be3a6d9aeef8398f468 CNetAddr: Add IsBindAny method to check for INADDR_ANY (Luke Dashjr)
3615003952ffbc814bdb53d9d0e45790f152bd2f net: Always default rpcbind to localhost, never "all interfaces" (Luke Dashjr)
Pull request description:
A disturbingly large number of listening nodes appear to be also exposing their RPC server to the public internet. To attempt to mitigate this:
* Only ever bind localhost by default, even if `rpcallowip` is specified. (A warning is given if `rpcallowip` is specified without `rpcbind`, since it doesn't really make sense to do.)
* Warn about exposing the RPC server to untrusted networks if the user explicitly binds to any INADDR_ANY address.
* Include a warning about untrusted networks in the `--help` documentation for `rpcbind`.
Tree-SHA512: 755bbca3db416a31393672eccf6675a5ee4d1eb1812cba73ebb4ff8c6b855ecc5df4c692566e9aa7b0f7d4dce6fedb9c0e9f3c265b9663aca36c4a6ba5efdbd4
Diffstat (limited to 'src/httpserver.cpp')
| -rw-r--r-- | src/httpserver.cpp | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/src/httpserver.cpp b/src/httpserver.cpp index 91ebc4680..00434169c 100644 --- a/src/httpserver.cpp +++ b/src/httpserver.cpp @@ -300,9 +300,12 @@ static bool HTTPBindAddresses(struct evhttp* http) std::vector<std::pair<std::string, uint16_t> > endpoints; // Determine what addresses to bind to - if (!gArgs.IsArgSet("-rpcallowip")) { // Default to loopback if not allowing external IPs + if (!(gArgs.IsArgSet("-rpcallowip") && gArgs.IsArgSet("-rpcbind"))) { // Default to loopback if not allowing external IPs endpoints.push_back(std::make_pair("::1", http_port)); endpoints.push_back(std::make_pair("127.0.0.1", http_port)); + if (gArgs.IsArgSet("-rpcallowip")) { + LogPrintf("WARNING: option -rpcallowip was specified without -rpcbind; this doesn't usually make sense\n"); + } if (gArgs.IsArgSet("-rpcbind")) { LogPrintf("WARNING: option -rpcbind was ignored because -rpcallowip was not specified, refusing to allow everyone to connect\n"); } @@ -313,9 +316,6 @@ static bool HTTPBindAddresses(struct evhttp* http) SplitHostPort(strRPCBind, port, host); endpoints.push_back(std::make_pair(host, port)); } - } else { // No specific bind address specified, bind to any - endpoints.push_back(std::make_pair("::", http_port)); - endpoints.push_back(std::make_pair("0.0.0.0", http_port)); } // Bind addresses @@ -323,6 +323,10 @@ static bool HTTPBindAddresses(struct evhttp* http) LogPrint(BCLog::HTTP, "Binding RPC on address %s port %i\n", i->first, i->second); evhttp_bound_socket *bind_handle = evhttp_bind_socket_with_handle(http, i->first.empty() ? nullptr : i->first.c_str(), i->second); if (bind_handle) { + CNetAddr addr; + if (i->first.empty() || (LookupHost(i->first.c_str(), addr, false) && addr.IsBindAny())) { + LogPrintf("WARNING: the RPC server is not safe to expose to untrusted networks such as the public internet\n"); + } boundSockets.push_back(bind_handle); } else { LogPrintf("Binding RPC on address %s port %i failed.\n", i->first, i->second); |