Merge #9937: rpc: Prevent dumpwallet from overwriting files

0cd9273 rpc: Prevent `dumpwallet` from overwriting files (Wladimir J. van der Laan) Pull request description: Prevent arbitrary files from being overwritten by `dumpwallet`. There have been reports that users have overwritten wallet files this way. It may also avoid other security issues. Fixes #9934. Adds mention to release notes and adds a test. Tree-SHA512: 268c98636d40924d793b55a685a0b419bafd834ad369edaec08227ebe26ed4470ddea73008d1c4beb10ea445db1b0bb8e3546ba8fc2d1a411ebd4a0de8ce9120
2026-04-18 11:37:40 +02:00 · 2017-10-04 15:00:59 +02:00
parent a1f7f18709 0cd9273fd9
commit 7f11ef2608
3 changed files with 19 additions and 3 deletions
--- a/test/functional/wallet-dump.py
+++ b/test/functional/wallet-dump.py
@@ -7,7 +7,7 @@
 import os

 from test_framework.test_framework import BitcoinTestFramework
-from test_framework.util import assert_equal
+from test_framework.util import (assert_equal, assert_raises_jsonrpc)


 def read_dump(file_name, addrs, hd_master_addr_old):
@@ -105,5 +105,8 @@ class WalletDumpTest(BitcoinTestFramework):
        assert_equal(found_addr_chg, 90*2 + 50)  # old reserve keys are marked as change now
        assert_equal(found_addr_rsv, 90*2) 

+        # Overwriting should fail
+        assert_raises_jsonrpc(-8, "already exists", self.nodes[0].dumpwallet, tmpdir + "/node0/wallet.unencrypted.dump")
+
 if __name__ == '__main__':
    WalletDumpTest().main ()