gitea-mirror/monero
1
0
Fork 0
mirror of https://github.com/monero-project/monero.git synced 2026-01-04 16:57:44 -08:00
Code Issues Packages Projects Releases Wiki Activity

Protect node privacy by proper filtering in restricted-mode RPC answers

Browse Source 
This patch allows to filter out sensitive information for queries that rely on the pool state, when running in restricted mode.
This filtering is only applied to data sent back to RPC queries. Results of inline commands typed locally in the daemon are not affected.
In practice, when running with `--restricted-rpc`:
* get_transaction_pool will list relayed transactions with the fields "last relayed time" and "received time" set to zero.
* get_transaction_pool will not list transaction that have do_not_relay set to true, and will not list key images that are used only for such transactions
* get_transaction_pool_hashes.bin will not list such transaction
* get_transaction_pool_stats will not count such transactions in any of the aggregated values that are computed

The implementation does not make filtering the default, so developers should be mindful of this if they add new RPC functionality.
Fixes #2590.
This commit is contained in:
binaryFate
2017-11-08 13:06:41 +01:00
parent a2c2f4e4b0
commit 10013e9434
13 changed files with 140 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
src/cryptonote_core/tx_pool.cpp
View File

@@ -432,7 +432,7 @@ namespace cryptonote
remove.insert(txid);
}
return true;
});
}, false);
if (!remove.empty())
{
@@ -494,7 +494,7 @@ namespace cryptonote
}
}
return true;
});
}, false);
return true;
}
//---------------------------------------------------------------------------------
@@ -521,14 +521,14 @@ namespace cryptonote
}
}
//---------------------------------------------------------------------------------
size_t tx_memory_pool::get_transactions_count() const
size_t tx_memory_pool::get_transactions_count(bool include_unrelayed_txes) const
{
CRITICAL_REGION_LOCAL(m_transactions_lock);
CRITICAL_REGION_LOCAL1(m_blockchain);
return m_blockchain.get_txpool_tx_count();
return m_blockchain.get_txpool_tx_count(include_unrelayed_txes);
}
//---------------------------------------------------------------------------------
void tx_memory_pool::get_transactions(std::list<transaction>& txs) const
void tx_memory_pool::get_transactions(std::list<transaction>& txs, bool include_unrelayed_txes) const
{
CRITICAL_REGION_LOCAL(m_transactions_lock);
CRITICAL_REGION_LOCAL1(m_blockchain);
@@ -542,20 +542,20 @@ namespace cryptonote
}
txs.push_back(tx);
return true;
}, true);
}, true, include_unrelayed_txes);
}
//------------------------------------------------------------------
void tx_memory_pool::get_transaction_hashes(std::vector<crypto::hash>& txs) const
void tx_memory_pool::get_transaction_hashes(std::vector<crypto::hash>& txs, bool include_unrelayed_txes) const
{
CRITICAL_REGION_LOCAL(m_transactions_lock);
CRITICAL_REGION_LOCAL1(m_blockchain);
m_blockchain.for_all_txpool_txes([&txs](const crypto::hash &txid, const txpool_tx_meta_t &meta, const cryptonote::blobdata *bd){
txs.push_back(txid);
return true;
});
}, false, include_unrelayed_txes);
}
//------------------------------------------------------------------
void tx_memory_pool::get_transaction_backlog(std::vector<tx_backlog_entry>& backlog) const
void tx_memory_pool::get_transaction_backlog(std::vector<tx_backlog_entry>& backlog, bool include_unrelayed_txes) const
{
CRITICAL_REGION_LOCAL(m_transactions_lock);
CRITICAL_REGION_LOCAL1(m_blockchain);
@@ -563,16 +563,16 @@ namespace cryptonote
m_blockchain.for_all_txpool_txes([&backlog, now](const crypto::hash &txid, const txpool_tx_meta_t &meta, const cryptonote::blobdata *bd){
backlog.push_back({meta.blob_size, meta.fee, meta.receive_time - now});
return true;
});
}, false, include_unrelayed_txes);
}
//------------------------------------------------------------------
void tx_memory_pool::get_transaction_stats(struct txpool_stats& stats) const
void tx_memory_pool::get_transaction_stats(struct txpool_stats& stats, bool include_unrelayed_txes) const
{
CRITICAL_REGION_LOCAL(m_transactions_lock);
CRITICAL_REGION_LOCAL1(m_blockchain);
const uint64_t now = time(NULL);
std::map<uint64_t, txpool_histo> agebytes;
stats.txs_total = m_blockchain.get_txpool_tx_count();
stats.txs_total = m_blockchain.get_txpool_tx_count(include_unrelayed_txes);
std::vector<uint32_t> sizes;
sizes.reserve(stats.txs_total);
m_blockchain.for_all_txpool_txes([&stats, &sizes, now, &agebytes](const crypto::hash &txid, const txpool_tx_meta_t &meta, const cryptonote::blobdata *bd){
@@ -595,7 +595,7 @@ namespace cryptonote
agebytes[age].txs++;
agebytes[age].bytes += meta.blob_size;
return true;
});
}, false, include_unrelayed_txes);
stats.bytes_med = epee::misc_utils::median(sizes);
if (stats.txs_total > 1)
{
@@ -642,11 +642,11 @@ namespace cryptonote
}
//------------------------------------------------------------------
//TODO: investigate whether boolean return is appropriate
bool tx_memory_pool::get_transactions_and_spent_keys_info(std::vector<tx_info>& tx_infos, std::vector<spent_key_image_info>& key_image_infos) const
bool tx_memory_pool::get_transactions_and_spent_keys_info(std::vector<tx_info>& tx_infos, std::vector<spent_key_image_info>& key_image_infos, bool include_sensitive_data) const
{
CRITICAL_REGION_LOCAL(m_transactions_lock);
CRITICAL_REGION_LOCAL1(m_blockchain);
m_blockchain.for_all_txpool_txes([&tx_infos, key_image_infos](const crypto::hash &txid, const txpool_tx_meta_t &meta, const cryptonote::blobdata *bd){
m_blockchain.for_all_txpool_txes([&tx_infos, key_image_infos, include_sensitive_data](const crypto::hash &txid, const txpool_tx_meta_t &meta, const cryptonote::blobdata *bd){
tx_info txi;
txi.id_hash = epee::string_tools::pod_to_hex(txid);
transaction tx;
@@ -664,14 +664,17 @@ namespace cryptonote
txi.max_used_block_id_hash = epee::string_tools::pod_to_hex(meta.max_used_block_id);
txi.last_failed_height = meta.last_failed_height;
txi.last_failed_id_hash = epee::string_tools::pod_to_hex(meta.last_failed_id);
txi.receive_time = meta.receive_time;
// In restricted mode we do not include this data:
txi.receive_time = include_sensitive_data ? meta.receive_time : 0;
txi.relayed = meta.relayed;
txi.last_relayed_time = meta.last_relayed_time;
// In restricted mode we do not include this data:
txi.last_relayed_time = include_sensitive_data ? meta.last_relayed_time : 0;
txi.do_not_relay = meta.do_not_relay;
tx_infos.push_back(txi);
return true;
}, true);
}, true, include_sensitive_data);
txpool_tx_meta_t meta;
for (const key_images_container::value_type& kee : m_spent_key_images) {
const crypto::key_image& k_image = kee.first;
const std::unordered_set<crypto::hash>& kei_image_set = kee.second;
@@ -679,9 +682,26 @@ namespace cryptonote
ki.id_hash = epee::string_tools::pod_to_hex(k_image);
for (const crypto::hash& tx_id_hash : kei_image_set)
{
if (!include_sensitive_data)
{
try
{
meta = m_blockchain.get_txpool_tx_meta(tx_id_hash);
if (!meta.relayed)
// Do not include that transaction if in restricted mode and it's not relayed
continue;
}
catch (const std::exception &e)
{
MERROR("Failed to get tx meta from txpool: " << e.what());
return false;
}
}
ki.txs_hashes.push_back(epee::string_tools::pod_to_hex(tx_id_hash));
}
key_image_infos.push_back(ki);
// Only return key images for which we have at least one tx that we can show for them
if (!ki.txs_hashes.empty())
key_image_infos.push_back(ki);
}
return true;
}
@@ -714,7 +734,7 @@ namespace cryptonote
txi.do_not_relay = meta.do_not_relay;
tx_infos.push_back(txi);
return true;
}, true);
}, true, false);
for (const key_images_container::value_type& kee : m_spent_key_images) {
std::vector<crypto::hash> tx_hashes;
@@ -1044,7 +1064,7 @@ namespace cryptonote
remove.insert(txid);
}
return true;
});
}, false);
size_t n_removed = 0;
if (!remove.empty())