gaspersic/go-ethereum
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

cmd/clef, signer: security fixes (#17554)

Browse Source 
* signer: remove local path disclosure from extapi

* signer: show more data in cli ui

* rpc: make http server forward UA and Origin via Context

* signer, clef/core: ui changes + display UA and Origin

* signer: cliui - indicate less trust in remote headers, see https://github.com/ethereum/go-ethereum/issues/17637

* signer: prevent possibility swap KV-entries in aes_gcm storage, fixes #17635

* signer: remove ecrecover from external API

* signer,clef: default reject instead of warn + valideate new passwords. fixes #17632 and #17631

* signer: check calldata length even if no ABI signature is present

* signer: fix failing testcase

* clef: remove account import from external api

* signer: allow space in passwords, improve error messsage

* signer/storage: fix typos
This commit is contained in:
Martin Holst Swende
2018-09-25 15:54:58 +02:00
committed by GitHub
parent a95a601f35
commit d3441ebb56
12 changed files with 307 additions and 133 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
signer/core/auditlog.go
View File

@ -33,11 +33,10 @@ type AuditLogger struct {
api ExternalAPI
}
func (l *AuditLogger) List(ctx context.Context) (Accounts, error) {
func (l *AuditLogger) List(ctx context.Context) ([]common.Address, error) {
l.log.Info("List", "type", "request", "metadata", MetadataFromContext(ctx).String())
res, e := l.api.List(ctx)
l.log.Info("List", "type", "response", "data", res.String())
l.log.Info("List", "type", "response", "data", res)
return res, e
}
@ -72,14 +71,6 @@ func (l *AuditLogger) Sign(ctx context.Context, addr common.MixedcaseAddress, da
return b, e
}
func (l *AuditLogger) EcRecover(ctx context.Context, data, sig hexutil.Bytes) (common.Address, error) {
l.log.Info("EcRecover", "type", "request", "metadata", MetadataFromContext(ctx).String(),
"data", common.Bytes2Hex(data))
a, e := l.api.EcRecover(ctx, data, sig)
l.log.Info("EcRecover", "type", "response", "addr", a.String(), "error", e)
return a, e
}
func (l *AuditLogger) Export(ctx context.Context, addr common.Address) (json.RawMessage, error) {
l.log.Info("Export", "type", "request", "metadata", MetadataFromContext(ctx).String(),
"addr", addr.Hex())
@ -89,14 +80,14 @@ func (l *AuditLogger) Export(ctx context.Context, addr common.Address) (json.Raw
return j, e
}
func (l *AuditLogger) Import(ctx context.Context, keyJSON json.RawMessage) (Account, error) {
// Don't actually log the json contents
l.log.Info("Import", "type", "request", "metadata", MetadataFromContext(ctx).String(),
"keyJSON size", len(keyJSON))
a, e := l.api.Import(ctx, keyJSON)
l.log.Info("Import", "type", "response", "addr", a.String(), "error", e)
return a, e
}
//func (l *AuditLogger) Import(ctx context.Context, keyJSON json.RawMessage) (Account, error) {
// // Don't actually log the json contents
// l.log.Info("Import", "type", "request", "metadata", MetadataFromContext(ctx).String(),
// "keyJSON size", len(keyJSON))
// a, e := l.api.Import(ctx, keyJSON)
// l.log.Info("Import", "type", "response", "addr", a.String(), "error", e)
// return a, e
//}
func NewAuditLogger(path string, api ExternalAPI) (*AuditLogger, error) {
l := log.New("api", "signer")