From 3615003952ffbc814bdb53d9d0e45790f152bd2f Mon Sep 17 00:00:00 2001
From: Luke Dashjr <luke-jr+git@utopios.org>
Date: Sat, 20 Oct 2018 14:37:18 +0000
Subject: net: Always default rpcbind to localhost, never "all interfaces"

We don't support binding to untrusted networks, so avoid a default where that is typical
---
 src/httpserver.cpp | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'src/httpserver.cpp')

diff --git a/src/httpserver.cpp b/src/httpserver.cpp
index 91ebc4680..cf365f463 100644
--- a/src/httpserver.cpp
+++ b/src/httpserver.cpp
@@ -300,9 +300,12 @@ static bool HTTPBindAddresses(struct evhttp* http)
     std::vector<std::pair<std::string, uint16_t> > endpoints;
 
     // Determine what addresses to bind to
-    if (!gArgs.IsArgSet("-rpcallowip")) { // Default to loopback if not allowing external IPs
+    if (!(gArgs.IsArgSet("-rpcallowip") && gArgs.IsArgSet("-rpcbind"))) { // Default to loopback if not allowing external IPs
         endpoints.push_back(std::make_pair("::1", http_port));
         endpoints.push_back(std::make_pair("127.0.0.1", http_port));
+        if (gArgs.IsArgSet("-rpcallowip")) {
+            LogPrintf("WARNING: option -rpcallowip was specified without -rpcbind; this doesn't usually make sense\n");
+        }
         if (gArgs.IsArgSet("-rpcbind")) {
             LogPrintf("WARNING: option -rpcbind was ignored because -rpcallowip was not specified, refusing to allow everyone to connect\n");
         }
@@ -313,9 +316,6 @@ static bool HTTPBindAddresses(struct evhttp* http)
             SplitHostPort(strRPCBind, port, host);
             endpoints.push_back(std::make_pair(host, port));
         }
-    } else { // No specific bind address specified, bind to any
-        endpoints.push_back(std::make_pair("::", http_port));
-        endpoints.push_back(std::make_pair("0.0.0.0", http_port));
     }
 
     // Bind addresses
-- 
cgit v1.2.3


From 27c44ef9c61f64d941ab82ec232a68141a2fde90 Mon Sep 17 00:00:00 2001
From: Luke Dashjr <luke-jr+git@utopios.org>
Date: Sat, 20 Oct 2018 14:56:58 +0000
Subject: rpcbind: Warn about exposing RPC to untrusted networks

---
 src/httpserver.cpp | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/httpserver.cpp')

diff --git a/src/httpserver.cpp b/src/httpserver.cpp
index cf365f463..00434169c 100644
--- a/src/httpserver.cpp
+++ b/src/httpserver.cpp
@@ -323,6 +323,10 @@ static bool HTTPBindAddresses(struct evhttp* http)
         LogPrint(BCLog::HTTP, "Binding RPC on address %s port %i\n", i->first, i->second);
         evhttp_bound_socket *bind_handle = evhttp_bind_socket_with_handle(http, i->first.empty() ? nullptr : i->first.c_str(), i->second);
         if (bind_handle) {
+            CNetAddr addr;
+            if (i->first.empty() || (LookupHost(i->first.c_str(), addr, false) && addr.IsBindAny())) {
+                LogPrintf("WARNING: the RPC server is not safe to expose to untrusted networks such as the public internet\n");
+            }
             boundSockets.push_back(bind_handle);
         } else {
             LogPrintf("Binding RPC on address %s port %i failed.\n", i->first, i->second);
-- 
cgit v1.2.3