From d4746d56c0c45b8721da36bc19b2bdaba5d7d094 Mon Sep 17 00:00:00 2001
From: Mark Friedenbach <mark@blockstream.io>
Date: Thu, 16 Oct 2014 16:16:29 -0700
Subject: Add a SECURE style flag for ThreadSafeMessageBox, which indicates
 that the message contains sensitive information. This keeps the message from
 being output to the debug log by bitcoind. Fixes a possible security risk
 when starting bitcoind in server mode without the 'rpcpassword' option
 configured, resulting in the "suggested" password being output to the debug
 log.

---
 src/noui.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'src/noui.cpp')

diff --git a/src/noui.cpp b/src/noui.cpp
index f786a20db..8f3b0275b 100644
--- a/src/noui.cpp
+++ b/src/noui.cpp
@@ -14,6 +14,9 @@
 
 static bool noui_ThreadSafeMessageBox(const std::string& message, const std::string& caption, unsigned int style)
 {
+    bool fSecure = style & CClientUIInterface::SECURE;
+    style &= ~CClientUIInterface::SECURE;
+
     std::string strCaption;
     // Check for usage of predefined caption
     switch (style) {
@@ -30,7 +33,8 @@ static bool noui_ThreadSafeMessageBox(const std::string& message, const std::str
         strCaption += caption; // Use supplied caption (can be empty)
     }
 
-    LogPrintf("%s: %s\n", strCaption, message);
+    if (!fSecure)
+        LogPrintf("%s: %s\n", strCaption, message);
     fprintf(stderr, "%s: %s\n", strCaption.c_str(), message.c_str());
     return false;
 }
-- 
cgit v1.2.3