From cac23a5a0b7dc993ea1fb1513159db0af994d0ff Mon Sep 17 00:00:00 2001 From: Gregory Maxwell Date: Sun, 5 Feb 2012 02:30:43 -0500 Subject: [PATCH 1/2] Have bitcoind recommend a secure RPC password. Increase invalid password delay. Help users avoid insecure configurations a bit by recommending a secure RPC password and increasing the incorrect password delay. This may open up a RPC DOS for users with exposed RPC ports and short passwords. Since users shouldn't have exposed RPC ports OR short passwords, the DOS risk is preferable to the compromise risk. Also logs the client IP address for incorrect attempts. --- src/rpc.cpp | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/src/rpc.cpp b/src/rpc.cpp index a936edbbe47..a703334d6b1 100644 --- a/src/rpc.cpp +++ b/src/rpc.cpp @@ -2008,16 +2008,23 @@ void ThreadRPCServer2(void* parg) if (mapArgs["-rpcuser"] == "" && mapArgs["-rpcpassword"] == "") { + unsigned char rand_pwd[32]; + RAND_bytes(rand_pwd, 32); string strWhatAmI = "To use bitcoind"; if (mapArgs.count("-server")) strWhatAmI = strprintf(_("To use the %s option"), "\"-server\""); else if (mapArgs.count("-daemon")) strWhatAmI = strprintf(_("To use the %s option"), "\"-daemon\""); PrintConsole( - _("Warning: %s, you must set rpcpassword=\nin the configuration file: %s\n" + _("Warning: %s, you must set a rpcpassword in the configuration file:\n %s\n" + "It is recommended you use the following random password:\n" + "rpcuser=bitcoinrpc\n" + "rpcpassword=%s\n" + "(you do not need to remember this password)\n" "If the file does not exist, create it with owner-readable-only file permissions.\n"), strWhatAmI.c_str(), - GetConfigFile().c_str()); + GetConfigFile().c_str(), + EncodeBase58(&rand_pwd[0],&rand_pwd[0]+32).c_str()); CreateThread(Shutdown, NULL); return; } @@ -2104,12 +2111,14 @@ void ThreadRPCServer2(void* parg) } if (!HTTPAuthorized(mapHeaders)) { - // Deter brute-forcing short passwords - if (mapArgs["-rpcpassword"].size() < 15) - Sleep(50); + printf("ThreadRPCServer incorrect password attempt from %s\n",peer.address().to_string().c_str()); + /* Deter brute-forcing short passwords. + If this results in a DOS the user really + shouldn't have their RPC port exposed.*/ + if (mapArgs["-rpcpassword"].size() < 20) + Sleep(250); stream << HTTPReply(401, "") << std::flush; - printf("ThreadRPCServer incorrect password attempt\n"); continue; } From 4664aae3fe2eba4eec84d20f1e7e701ceeeb49bd Mon Sep 17 00:00:00 2001 From: Luke Dashjr Date: Tue, 7 Feb 2012 22:30:21 -0500 Subject: [PATCH 2/2] Update copyrights to 2012 for files modified this year --- COPYING | 2 +- doc/README | 2 +- doc/README_windows.txt | 2 +- src/checkpoints.cpp | 2 +- src/db.cpp | 2 +- src/headers.h | 2 +- src/init.cpp | 2 +- src/irc.cpp | 2 +- src/key.h | 2 +- src/main.cpp | 2 +- src/main.h | 2 +- src/net.cpp | 2 +- src/net.h | 2 +- src/rpc.cpp | 2 +- src/serialize.h | 2 +- src/util.cpp | 2 +- src/util.h | 2 +- src/wallet.h | 2 +- 18 files changed, 18 insertions(+), 18 deletions(-) diff --git a/COPYING b/COPYING index ab042014e82..0f9223ba6b5 100644 --- a/COPYING +++ b/COPYING @@ -1,4 +1,4 @@ -Copyright (c) 2009-2011 Bitcoin Developers +Copyright (c) 2009-2012 Bitcoin Developers Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/doc/README b/doc/README index 40bda47d9c8..197f03dd56b 100644 --- a/doc/README +++ b/doc/README @@ -1,6 +1,6 @@ Bitcoin 0.4.4 BETA -Copyright (c) 2009-2011 Bitcoin Developers +Copyright (c) 2009-2012 Bitcoin Developers Distributed under the MIT/X11 software license, see the accompanying file license.txt or http://www.opensource.org/licenses/mit-license.php. This product includes software developed by the OpenSSL Project for use in diff --git a/doc/README_windows.txt b/doc/README_windows.txt index f8f1c341886..ad357130c27 100644 --- a/doc/README_windows.txt +++ b/doc/README_windows.txt @@ -1,6 +1,6 @@ Bitcoin 0.4.4 BETA -Copyright (c) 2009-2011 Bitcoin Developers +Copyright (c) 2009-2012 Bitcoin Developers Distributed under the MIT/X11 software license, see the accompanying file license.txt or http://www.opensource.org/licenses/mit-license.php. This product includes software developed by the OpenSSL Project for use in diff --git a/src/checkpoints.cpp b/src/checkpoints.cpp index 508f72b3765..f78712ef4ba 100644 --- a/src/checkpoints.cpp +++ b/src/checkpoints.cpp @@ -1,4 +1,4 @@ -// Copyright (c) 2011 The Bitcoin developers +// Copyright (c) 2009-2012 The Bitcoin developers // Distributed under the MIT/X11 software license, see the accompanying // file license.txt or http://www.opensource.org/licenses/mit-license.php. diff --git a/src/db.cpp b/src/db.cpp index 600afe383d2..783b0799639 100644 --- a/src/db.cpp +++ b/src/db.cpp @@ -1,5 +1,5 @@ // Copyright (c) 2009-2010 Satoshi Nakamoto -// Copyright (c) 2011 The Bitcoin developers +// Copyright (c) 2009-2012 The Bitcoin developers // Distributed under the MIT/X11 software license, see the accompanying // file license.txt or http://www.opensource.org/licenses/mit-license.php. diff --git a/src/headers.h b/src/headers.h index 96db87db1ba..88a16d96d7b 100644 --- a/src/headers.h +++ b/src/headers.h @@ -1,5 +1,5 @@ // Copyright (c) 2009-2010 Satoshi Nakamoto -// Copyright (c) 2011 The Bitcoin developers +// Copyright (c) 2009-2012 The Bitcoin developers // Distributed under the MIT/X11 software license, see the accompanying // file license.txt or http://www.opensource.org/licenses/mit-license.php. diff --git a/src/init.cpp b/src/init.cpp index 12e890cbb4c..079e67b9363 100644 --- a/src/init.cpp +++ b/src/init.cpp @@ -1,5 +1,5 @@ // Copyright (c) 2009-2010 Satoshi Nakamoto -// Copyright (c) 2011 The Bitcoin developers +// Copyright (c) 2009-2012 The Bitcoin developers // Distributed under the MIT/X11 software license, see the accompanying // file license.txt or http://www.opensource.org/licenses/mit-license.php. #include "headers.h" diff --git a/src/irc.cpp b/src/irc.cpp index fe96a90a1cf..b632b965461 100644 --- a/src/irc.cpp +++ b/src/irc.cpp @@ -1,5 +1,5 @@ // Copyright (c) 2009-2010 Satoshi Nakamoto -// Copyright (c) 2011 The Bitcoin developers +// Copyright (c) 2009-2012 The Bitcoin developers // Distributed under the MIT/X11 software license, see the accompanying // file license.txt or http://www.opensource.org/licenses/mit-license.php. diff --git a/src/key.h b/src/key.h index 0d0b6d8bb47..8b033a029f0 100644 --- a/src/key.h +++ b/src/key.h @@ -1,5 +1,5 @@ // Copyright (c) 2009-2010 Satoshi Nakamoto -// Copyright (c) 2011 The Bitcoin developers +// Copyright (c) 2009-2012 The Bitcoin developers // Distributed under the MIT/X11 software license, see the accompanying // file license.txt or http://www.opensource.org/licenses/mit-license.php. #ifndef BITCOIN_KEY_H diff --git a/src/main.cpp b/src/main.cpp index dc8503d38f9..9f12829042b 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -1,5 +1,5 @@ // Copyright (c) 2009-2010 Satoshi Nakamoto -// Copyright (c) 2011 The Bitcoin developers +// Copyright (c) 2009-2012 The Bitcoin developers // Distributed under the MIT/X11 software license, see the accompanying // file license.txt or http://www.opensource.org/licenses/mit-license.php. #include "headers.h" diff --git a/src/main.h b/src/main.h index 8a8b3870ec7..25cf0790134 100644 --- a/src/main.h +++ b/src/main.h @@ -1,5 +1,5 @@ // Copyright (c) 2009-2010 Satoshi Nakamoto -// Copyright (c) 2011 The Bitcoin developers +// Copyright (c) 2009-2012 The Bitcoin developers // Distributed under the MIT/X11 software license, see the accompanying // file license.txt or http://www.opensource.org/licenses/mit-license.php. #ifndef BITCOIN_MAIN_H diff --git a/src/net.cpp b/src/net.cpp index f995ea9c2af..764246520ba 100644 --- a/src/net.cpp +++ b/src/net.cpp @@ -1,5 +1,5 @@ // Copyright (c) 2009-2010 Satoshi Nakamoto -// Copyright (c) 2011 The Bitcoin developers +// Copyright (c) 2009-2012 The Bitcoin developers // Distributed under the MIT/X11 software license, see the accompanying // file license.txt or http://www.opensource.org/licenses/mit-license.php. diff --git a/src/net.h b/src/net.h index 03d514ca909..52df06f1be5 100644 --- a/src/net.h +++ b/src/net.h @@ -1,5 +1,5 @@ // Copyright (c) 2009-2010 Satoshi Nakamoto -// Copyright (c) 2011 The Bitcoin developers +// Copyright (c) 2009-2012 The Bitcoin developers // Distributed under the MIT/X11 software license, see the accompanying // file license.txt or http://www.opensource.org/licenses/mit-license.php. #ifndef BITCOIN_NET_H diff --git a/src/rpc.cpp b/src/rpc.cpp index a703334d6b1..a67f7fc9471 100644 --- a/src/rpc.cpp +++ b/src/rpc.cpp @@ -1,5 +1,5 @@ // Copyright (c) 2010 Satoshi Nakamoto -// Copyright (c) 2011 The Bitcoin developers +// Copyright (c) 2009-2012 The Bitcoin developers // Distributed under the MIT/X11 software license, see the accompanying // file license.txt or http://www.opensource.org/licenses/mit-license.php. diff --git a/src/serialize.h b/src/serialize.h index 385c9ab8e93..2bc3a071d77 100644 --- a/src/serialize.h +++ b/src/serialize.h @@ -1,5 +1,5 @@ // Copyright (c) 2009-2010 Satoshi Nakamoto -// Copyright (c) 2011 The Bitcoin developers +// Copyright (c) 2009-2012 The Bitcoin developers // Distributed under the MIT/X11 software license, see the accompanying // file license.txt or http://www.opensource.org/licenses/mit-license.php. #ifndef BITCOIN_SERIALIZE_H diff --git a/src/util.cpp b/src/util.cpp index a3f1c9507d9..85ca02f0aae 100644 --- a/src/util.cpp +++ b/src/util.cpp @@ -1,5 +1,5 @@ // Copyright (c) 2009-2010 Satoshi Nakamoto -// Copyright (c) 2011 The Bitcoin developers +// Copyright (c) 2009-2012 The Bitcoin developers // Distributed under the MIT/X11 software license, see the accompanying // file license.txt or http://www.opensource.org/licenses/mit-license.php. #include "headers.h" diff --git a/src/util.h b/src/util.h index 9f9001e06eb..a48979c0ef8 100644 --- a/src/util.h +++ b/src/util.h @@ -1,5 +1,5 @@ // Copyright (c) 2009-2010 Satoshi Nakamoto -// Copyright (c) 2011 The Bitcoin developers +// Copyright (c) 2009-2012 The Bitcoin developers // Distributed under the MIT/X11 software license, see the accompanying // file license.txt or http://www.opensource.org/licenses/mit-license.php. #ifndef BITCOIN_UTIL_H diff --git a/src/wallet.h b/src/wallet.h index 3560a725801..4387e1a01fd 100644 --- a/src/wallet.h +++ b/src/wallet.h @@ -1,5 +1,5 @@ // Copyright (c) 2009-2010 Satoshi Nakamoto -// Copyright (c) 2011 The Bitcoin developers +// Copyright (c) 2009-2012 The Bitcoin developers // Distributed under the MIT/X11 software license, see the accompanying // file license.txt or http://www.opensource.org/licenses/mit-license.php. #ifndef BITCOIN_WALLET_H