[rpcwallet] Clamp walletpassphrase value at 100M seconds #12905

sdaftuar · 2018-04-06T18:28:30Z

Larger values seem to trigger a bug on macos+libevent (resulting in the rpc server stopping).

sdaftuar · 2018-04-06T18:29:59Z

This is a quick fix for #12375. Not sure if further reducing this value as I've proposed here is acceptable, or if we should be trying to solve this problem at a different level?

maflcko

utACK, just a ton of style nits.

Also, since you are touching the walletpassphrase code anyway, you might want to change the boost::bind into std::bind to preempt future pull request from doing that.

maflcko · 2018-04-06T18:43:12Z

src/wallet/rpcwallet.cpp

            "1. \"passphrase\"     (string, required) The wallet passphrase\n"
-            "2. timeout            (numeric, required) The time to keep the decryption key in seconds. Limited to at most 1073741824 (2^30) seconds.\n"
-            "                                          Any value greater than 1073741824 seconds will be set to 1073741824 seconds.\n"
+            "2. timeout            (numeric, required) The time to keep the decryption key in seconds; capped at 100000000.\n"


nit: Could add a comment that the constant is about 3 years.

maflcko · 2018-04-06T18:44:00Z

src/wallet/rpcwallet.cpp

-    if (nSleepTime > (int64_t)1 << 30) {
-        nSleepTime = (int64_t)1 << 30;
+    // Clamp timeout
+    int64_t max_sleep_time = 100000000; // larger values trigger a macos/libevent bug?


I think we currently use constexpr (without static) and UPPER_CASE for compile time constants.

maflcko · 2018-04-06T18:44:44Z

test/functional/wallet_encryption.py

        # Check a time less than the limit
-        expected_time = int(time.time()) + (1 << 30) - 600
-        self.nodes[0].walletpassphrase(passphrase2, (1 << 30) - 600)
+        max_value = 100000000


nit: Constants should be UPPER_CASE

maflcko · 2018-04-06T18:47:08Z

test/functional/wallet_encryption.py

-        expected_time = int(time.time()) + (1 << 30) - 1
-        self.nodes[0].walletpassphrase(passphrase2, (1 << 33))
+        expected_time = int(time.time()) + max_value - 1
+        self.nodes[0].walletpassphrase(passphrase2, max_value + 1)


Might want to be off by more than 1, since we have a "buffer" of 5? Maybe try off by 1000 or something?

sdaftuar · 2018-04-06T19:00:57Z

Thanks @MarcoFalke, nits fixed in latest commit.

promag · 2018-04-06T23:29:30Z

utACK, also add release note?

sipa · 2018-04-06T23:35:36Z

Is the fact that wallets get locked after 3+ years really observable?

laanwj · 2018-04-08T08:38:03Z

From a principled point of view I'd still prefer to never unlock if a value higher than defined threshold is given, instead of clamping.
Because that's what users intend if they give a huge number like this. They don't expect the wallet to ever re-lock.
But I also agree with @sipa that no one is going to notice this in practice.

utACK - don't think this requires specific mention in the release notes.

PierreRochard · 2018-04-08T09:14:27Z

Tested ACK 93e1798 (on macOS).

My view is that we should throw an error if the value provided is > MAX_SLEEP_TIME and we should have an explicit boolean never_timeout parameter. But in terms of fixing this macOS-related bug the PR lgtm.

promag · 2018-04-08T09:41:32Z

Tested ACK 93e1798.

jonasschnelli · 2018-04-08T13:50:22Z

utACK 93e1798

maflcko · 2018-04-08T14:14:56Z

Please squash your commits according to https://github.com/bitcoin/bitcoin/blob/master/CONTRIBUTING.md#squashing-commits

Larger values seem to trigger a bug on macos+libevent (resulting in the rpc server stopping).

Change suggested by Marco Falke.

sdaftuar · 2018-04-08T14:46:41Z

Squashed 93e1798 -> 2b2b96c

PierreRochard · 2018-04-08T15:08:40Z

src/wallet/rpcwallet.cpp


 #include <univalue.h>

+#include <functional>


Why is this include needed?

According to http://en.cppreference.com/w/cpp/utility/functional/bind, std::bind is "[d]efined in header <functional>".

maflcko · 2018-04-08T16:30:01Z

utACK 2b2b96c (Checked that it is the same code as the previous 93e1798)

PierreRochard · 2018-04-08T16:37:19Z

reACK 2b2b96c

2b2b96c Use std::bind instead of boost::bind to re-lock the wallet (Suhas Daftuar) 662d19f [rpcwallet] Clamp walletpassphrase value at 100M seconds (Suhas Daftuar) Pull request description: Larger values seem to trigger a bug on macos+libevent (resulting in the rpc server stopping). Tree-SHA512: 890f3b641f6c586e2f8f629a9d23bca6ceb8b237b285561aad488cb7adf941a21177d3129d0c2b8293c0a673cd8e401957dbe2b6b3b7c8c4e991bb411d260102

Larger values seem to trigger a bug on macos+libevent (resulting in the rpc server stopping). Github-Pull: bitcoin#12905 Rebased-From: 662d19f

… seconds 2b2b96c Use std::bind instead of boost::bind to re-lock the wallet (Suhas Daftuar) 662d19f [rpcwallet] Clamp walletpassphrase value at 100M seconds (Suhas Daftuar) Pull request description: Larger values seem to trigger a bug on macos+libevent (resulting in the rpc server stopping). Tree-SHA512: 890f3b641f6c586e2f8f629a9d23bca6ceb8b237b285561aad488cb7adf941a21177d3129d0c2b8293c0a673cd8e401957dbe2b6b3b7c8c4e991bb411d260102

maflcko reviewed Apr 6, 2018

View reviewed changes

fanquake added Wallet RPC/REST/ZMQ labels Apr 6, 2018

maflcko added Needs backport and removed Needs backport labels Apr 7, 2018

sdaftuar added 2 commits April 8, 2018 10:44

[rpcwallet] Clamp walletpassphrase value at 100M seconds

662d19f

Larger values seem to trigger a bug on macos+libevent (resulting in the rpc server stopping).

Use std::bind instead of boost::bind to re-lock the wallet

2b2b96c

Change suggested by Marco Falke.

sdaftuar force-pushed the 2018-04-wallet-encryption-timeout branch from 93e1798 to 2b2b96c Compare April 8, 2018 14:45

PierreRochard reviewed Apr 8, 2018

View reviewed changes

maflcko merged commit 2b2b96c into bitcoin:master Apr 8, 2018

bitcoin locked as resolved and limited conversation to collaborators Sep 8, 2021

[rpcwallet] Clamp walletpassphrase value at 100M seconds #12905

[rpcwallet] Clamp walletpassphrase value at 100M seconds #12905

Uh oh!

Conversation

sdaftuar commented Apr 6, 2018

Uh oh!

sdaftuar commented Apr 6, 2018

Uh oh!

maflcko left a comment

Choose a reason for hiding this comment

Uh oh!

maflcko Apr 6, 2018

Choose a reason for hiding this comment

Uh oh!

maflcko Apr 6, 2018

Choose a reason for hiding this comment

Uh oh!

maflcko Apr 6, 2018

Choose a reason for hiding this comment

Uh oh!

maflcko Apr 6, 2018

Choose a reason for hiding this comment

Uh oh!

sdaftuar commented Apr 6, 2018

Uh oh!

promag commented Apr 6, 2018

Uh oh!

sipa commented Apr 6, 2018

Uh oh!

laanwj commented Apr 8, 2018

Uh oh!

PierreRochard commented Apr 8, 2018

Uh oh!

promag commented Apr 8, 2018

Uh oh!

jonasschnelli commented Apr 8, 2018

Uh oh!

maflcko commented Apr 8, 2018

Uh oh!

sdaftuar commented Apr 8, 2018

Uh oh!

PierreRochard Apr 8, 2018

Choose a reason for hiding this comment

Uh oh!

maflcko Apr 8, 2018

Choose a reason for hiding this comment

Uh oh!

maflcko commented Apr 8, 2018

Uh oh!

PierreRochard commented Apr 8, 2018

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

8 participants