Merge pull request #2279

359517c7 wallet_rpc_server: fix possible privacy leak in on_import_key_images() (Jaquee) 20495b27 simplewallet: fix possible privacy leak in import_key_images() (Jaquee)
2017-08-15 20:53:58 +02:00 · 2017-08-15 20:53:58 +02:00 · a861cbb465
parent 53dde37ceb 359517c7f5
commit a861cbb465
2 changed files with 12 additions and 1 deletions
--- a/src/simplewallet/simplewallet.cpp
+++ b/src/simplewallet/simplewallet.cpp
@ -4542,6 +4542,12 @@ bool simple_wallet::export_key_images(const std::vector<std::string> &args)
 //----------------------------------------------------------------------------------------------------
 bool simple_wallet::import_key_images(const std::vector<std::string> &args)
 {
+  if (!m_trusted_daemon)
+  {
+    fail_msg_writer() << tr("this command requires a trusted daemon. Enable with --trusted-daemon");
+    return true;
+  }
+
  if (args.size() != 1)
  {
    fail_msg_writer() << tr("usage: import_key_images <filename>");
--- a/src/wallet/wallet_rpc_server.cpp
+++ b/src/wallet/wallet_rpc_server.cpp
@ -1364,7 +1364,12 @@ namespace tools
      er.message = "Command unavailable in restricted mode.";
      return false;
    }
-
+    if (!m_trusted_daemon)
+    {
+      er.code = WALLET_RPC_ERROR_CODE_UNKNOWN_ERROR;
+      er.message = "This command requires a trusted daemon.";
+      return false;
+    }
    try
    {
      std::vector<std::pair<crypto::key_image, crypto::signature>> ski;