From b6186acfd02a58146084f47ba30fb3f0014b7ba1 Mon Sep 17 00:00:00 2001 From: Duke Date: Sun, 16 Jul 2023 11:28:09 -0700 Subject: [PATCH] Check wallet export file size and determine if it is a symlink vs other special files --- src/wallet/rpcdump.cpp | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/src/wallet/rpcdump.cpp b/src/wallet/rpcdump.cpp index 6021ea175..ac001ae69 100644 --- a/src/wallet/rpcdump.cpp +++ b/src/wallet/rpcdump.cpp @@ -482,11 +482,19 @@ UniValue importwallet_impl(const UniValue& params, bool fHelp, bool fImportZKeys struct stat s; if( stat(params[0].get_str(),&s) == 0 ) { if( s.st_mode & S_IFDIR ) { // it's a directory - throw JSONRPCError(RPC_WALLET_ERROR, "Invalid wallet export file"); + throw JSONRPCError(RPC_WALLET_ERROR, "Invalid wallet export file (directory)"); } else if( s.st_mode & S_IFREG ) { // it's a file - // TODO: check for a min file size - } else { // something else, maybe symlink or special file - // TODO: detect difference between symlinks and special files + // The absolute smallest valid export file is a single taddr privkey with no + // newline and no comments. In practice, autogenerated files will be much larger + if(s.st_size < 51) { + throw JSONRPCError(RPC_WALLET_ERROR, "Wallet export file is too small to be valid"); + } + } else if( s.st_mode & S_IFLINK ) { // it's a symbolic link + // TODO: check filesize of symbolicly linked file + // for symlinks, size the length in bytes of the pathname contained in the symbolic link + // which is not what we want + } else { // something else, either a block/char/FIFO special file or socket, none of which are valid + throw JSONRPCError(RPC_WALLET_ERROR, "Invalid wallet export file (special)"); } } else { throw JSONRPCError(RPC_WALLET_ERROR, "Wallet export file does not exist");