From e03409c70f7472d39e45d189df6c0cf6b676b761 Mon Sep 17 00:00:00 2001 From: Ryan Ofsky Date: Thu, 19 Dec 2019 18:00:04 -0500 Subject: [PATCH] Fix nonsensical -norpcbind and -norpcallowip behavior Treat specifying -norpcbind and -norpcallowip the same as not specifying -rpcbind or -rpcallowip, instead of failing to bind to localhost and failing to show warnings. Also add code comment to clarify what intent of existing code is. --- src/httpserver.cpp | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/httpserver.cpp b/src/httpserver.cpp index 88e640c377c..bd2dec19b97 100644 --- a/src/httpserver.cpp +++ b/src/httpserver.cpp @@ -362,16 +362,20 @@ static bool HTTPBindAddresses(struct evhttp* http) std::vector> endpoints; // Determine what addresses to bind to - if (!(gArgs.IsArgSet("-rpcallowip") && gArgs.IsArgSet("-rpcbind"))) { // Default to loopback if not allowing external IPs + // To prevent misconfiguration and accidental exposure of the RPC + // interface, require -rpcallowip and -rpcbind to both be specified + // together. If either is missing, ignore both values, bind to localhost + // instead, and log warnings. + if (gArgs.GetArgs("-rpcallowip").empty() || gArgs.GetArgs("-rpcbind").empty()) { // Default to loopback if not allowing external IPs endpoints.emplace_back("::1", http_port); endpoints.emplace_back("127.0.0.1", http_port); - if (gArgs.IsArgSet("-rpcallowip")) { + if (!gArgs.GetArgs("-rpcallowip").empty()) { LogPrintf("WARNING: option -rpcallowip was specified without -rpcbind; this doesn't usually make sense\n"); } - if (gArgs.IsArgSet("-rpcbind")) { + if (!gArgs.GetArgs("-rpcbind").empty()) { LogPrintf("WARNING: option -rpcbind was ignored because -rpcallowip was not specified, refusing to allow everyone to connect\n"); } - } else if (gArgs.IsArgSet("-rpcbind")) { // Specific bind address + } else { // Specific bind addresses for (const std::string& strRPCBind : gArgs.GetArgs("-rpcbind")) { uint16_t port{http_port}; std::string host;