lightningd: obscure sensitive bitcoin args when bitcoind unreachable.

It's less helpful, sure, but it's far better than someone sending me their output and leaking this information. Fixes: #3242 Reported-by: @JavierRSobrino Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
5 years ago · f4d888ec7e
1 changed files with 8 additions and 16 deletions
--- a/lightningd/bitcoind.c
+++ b/lightningd/bitcoind.c
@ -111,11 +111,8 @@ static struct io_plan *output_init(struct io_conn *conn, struct bitcoin_cli *bcl

 static void next_bcli(struct bitcoind *bitcoind, enum bitcoind_prio prio);

-/* For printing: simple string of args. */
-/* bcli_args_direct() will be used in wat_for_bitcoind(), where
- * we send bitcoin-cli a "getblockchaininfo" command without
- * struct bitcoin_cli */
-static char *bcli_args_direct(const tal_t *ctx, const char **args)
+/* For printing: simple string of args (no secrets!) */
+static char *args_string(const tal_t *ctx, const char **args)
 {
 	size_t i;
 	char *ret = tal_strdup(ctx, args[0]);
@ -135,7 +132,7 @@ static char *bcli_args_direct(const tal_t *ctx, const char **args)

 static char *bcli_args(const tal_t *ctx, struct bitcoin_cli *bcli)
 {
-    return bcli_args_direct(ctx, bcli->args);
+    return args_string(ctx, bcli->args);
 }

 static void retry_bcli(struct bitcoin_cli *bcli)
@ -1135,17 +1132,12 @@ static const char **cmdarr(const tal_t *ctx, const struct bitcoind *bitcoind,

 static void fatal_bitcoind_failure(struct bitcoind *bitcoind, const char *error_message)
 {
-	size_t i;
 	const char **cmd = cmdarr(bitcoind, bitcoind, "echo", NULL);

 	fprintf(stderr, "%s\n\n", error_message);
 	fprintf(stderr, "Make sure you have bitcoind running and that bitcoin-cli is able to connect to bitcoind.\n\n");
 	fprintf(stderr, "You can verify that your Bitcoin Core installation is ready for use by running:\n\n");
-	fprintf(stderr, "    $ ");
-	for (i = 0; cmd[i]; i++) {
-		fprintf(stderr, "%s ", cmd[i]);
-	}
-	fprintf(stderr, "'hello world'\n");
+	fprintf(stderr, "    $ %s 'hello world'\n", args_string(cmd, cmd));
 	tal_free(cmd);
 	exit(1);
 }
@ -1162,7 +1154,7 @@ static char* check_blockchain_from_bitcoincli(const tal_t *ctx,

 	if (!output)
 		return tal_fmt(ctx, "Reading from %s failed: %s",
-			       bcli_args_direct(tmpctx, cmd), strerror(errno));
+			       args_string(tmpctx, cmd), strerror(errno));

 	output_bytes = tal_count(output);

@ -1171,18 +1163,18 @@ static char* check_blockchain_from_bitcoincli(const tal_t *ctx,

 	if (!tokens)
 		return tal_fmt(ctx, "%s: %s response",
-			       bcli_args_direct(tmpctx, cmd),
+			       args_string(tmpctx, cmd),
 			       valid ? "partial" : "invalid");

 	if (tokens[0].type != JSMN_OBJECT)
 		return tal_fmt(ctx, "%s: gave non-object (%.*s)?",
-			       bcli_args_direct(tmpctx, cmd),
+			       args_string(tmpctx, cmd),
 			       (int)output_bytes, output);

 	valuetok = json_get_member(output, tokens, "chain");
 	if (!valuetok)
 		return tal_fmt(ctx, "%s: had no chain member (%.*s)?",
-			       bcli_args_direct(tmpctx, cmd),
+			       args_string(tmpctx, cmd),
 			       (int)output_bytes, output);

 	if(!json_tok_streq(output, valuetok,