Commit graph

946 commits

Author SHA1 Message Date
Wladimir J. van der Laan
7e74c54fed
Merge #13452: rpc: have verifytxoutproof check the number of txns in proof structure
d280617bf5 [qa] Add a test for merkle proof malleation (Suhas Daftuar)
ed82f17000 have verifytxoutproof check the number of txns in proof structure (Gregory Sanders)

Pull request description:

  Recent publication of a weakness in Bitcoin's merkle tree construction demonstrates many SPV applications vulnerable to an expensive to pull off yet still plausible attack: https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/

  This change would at least allow `verifytxoutproof` to properly validate that the proof matches a known block, with known number of transactions any time after the full block is processed. This should neuter the attack entirely.

  The negative is that a header-only processed block/future syncing mode would cause this to fail until the node has imported the data required.

  related: #13451

  `importprunedfunds` needs this check as well. Can expand it to cover this if people like the idea.

Tree-SHA512: 0682ec2b622a38b29f3f635323e0a8b6fc071e8a6fd134c954579926ee7b516e642966bafa667016744ce49c16e19b24dbc8801f982a36ad0a6a4aff6d93f82b
2018-07-09 20:25:50 +02:00
Wladimir J. van der Laan
453ae5ec9f
Merge #13603: bitcoin-tx: Stricter check for valid integers
57889e688d bitcoin-tx: Stricter check for valid integers (Daniel Kraft)

Pull request description:

  Just calling `atoi` to convert strings to integers does not check for valid integers very thoroughly; in particular, it just ignores everything starting from the first non-numeral character.  Even a string like "foo" is fine and silently returns 0.

  This meant that `bitcoin-tx` would not fail if such a string was passed in various places where an integer is expected (like the `locktime` or an input/output index); this means that it would, for instance, silently accept a typo and interpret it in an unexpected way.

  In this change, we use `ParseInt64` for parsing strings to integers, which actually verifies that the full string is valid as number.  New tests in the `bitcoin-util-test` cover the new error paths.

  This fixes #13599.

Tree-SHA512: 146a0af275e9f57784e5d0582d3defbac35551b54b6b7232f8a0b20db04aa611125e52aa4512ef2f8ed2cafc2a12fe586f9d10ed66d641cff090288f279b1988
2018-07-09 20:08:15 +02:00
Wladimir J. van der Laan
a247594e75
Merge #13570: RPC: Add new "getzmqnotifications" method
161e8d40a4 RPC: Add new getzmqnotifications method. (Daniel Kraft)
caac39b0ac Make ZMQ notification interface instance global. (Daniel Kraft)

Pull request description:

  This adds a new RPC method `getzmqnotifications`, which returns information about all active ZMQ notification endpoints.  This is useful for software that layers on top of bitcoind, so it can verify that ZeroMQ is enabled and also figure out where it should listen.

  See #13526.

Tree-SHA512: edce722925741c84ddbf7b3a879fc9db1907e5269d0d97138fe724035d93ee541c2118c24fa92f4197403f380d0e25c2fda5ca6c62d526792ea749cf527a99a0
2018-07-09 17:21:03 +02:00
MarcoFalke
88a15ebc8d
Merge #13564: [wallet] loadwallet shouldn't create new wallets.
ea65182f03 [wallet] loadwallet shouldn't create new wallets. (John Newbery)

Pull request description:

  A bug in the initial implementation of loadwallet meant that if the
  arguement was a directory that didn't contain a wallet.dat file, a new
  wallet would be created in that directory. Fix that so that if a
  directory is passed in, it must contain a wallet.dat file.

  Bug reported by promag (João Barbosa).

Tree-SHA512: 0a59fa8a33fde51a88544ad288b00e4995284fe16424f643076aaba42b8244fff362145217650ee53d518dfab7efbed4237632c34cdd3dcbbecaa9ecaab5fd7b
2018-07-07 06:07:41 -11:00
Daniel Kraft
57889e688d bitcoin-tx: Stricter check for valid integers
Just calling atoi to convert strings to integers does not check for
valid integers very thoroughly; in particular, it just ignores
everything starting from the first non-numeral character.  Even a string
like "foo" is fine and silently returns 0.

This meant that bitcoin-tx would not fail if such a string was passed in
various places where an integer is expected (like the locktime or an
input/output index); this means that it would, for instance, silently
accept a typo and interpret it in an unexpected way.

In this change, we use ParseInt64 for parsing strings to integers,
which actually verifies that the full string is valid as number.
New tests in the bitcoin-util-test cover the new error paths.
2018-07-07 14:25:09 +02:00
Wladimir J. van der Laan
3dc2dcfdfc
Merge #13467: [Tests] Make p2p_segwit easier to debug
e3aab295e [tests] p2p_segwit: sync_blocks in subtest wrapper. (John Newbery)
55e805085 [tests] p2p_segwit: remove unnecessary arguments from subtests. (John Newbery)
25711c269 [tests] p2p_segwit: log and assert segwit status in subtest wrapper. (John Newbery)
6839863d5 [tests] p2p_segwit: Make sure each subtest leaves utxos for the next. (John Newbery)
bfe32734d [tests] p2p_segwit: wrap subtests with subtest wrapper. (John Newbery)
2af4e398d [tests] p2p_segwit: re-order function definitions. (John Newbery)
94a0134a4 [tests] p2p_segwit: standardise comments/docstrings. (John Newbery)
f7c7f8ecf [tests] p2p_segwit: Fix flake8 warnings. (John Newbery)

Pull request description:

  `p2p_segwit.py` is a very long test, composed of multiple subtests. When it fails it's difficult to debug for a couple of reasons:

  - Control flow jumps between different methods in the test class, so it's a little difficult to follow the code.
  - state may be carried forward unintentionally from one subtest to the next.

  Improve that by wrapping the subtests with a `@subtest` decorator which:
  - logs progress
  - asserts state after each subtest

  As usual, I've also included a few commits which generally tidy up the test and improve style.

Tree-SHA512: 3650602b3ce9823dc968cc5f2e716757feadc3dbedb3605eb79bb3df91a6db8ae53431f253b440da690e3a8e9d76de84fad4368a2663aeb40e6b9427cf948870
2018-07-05 17:53:58 +02:00
Daniel Kraft
161e8d40a4 RPC: Add new getzmqnotifications method.
This adds a new RPC method "getzmqnotifications", which returns
information about all active ZMQ notification endpoints.  This is useful
for software that layers on top of bitcoind, so it can verify that
ZeroMQ is enabled and also figure out where it should listen.

See https://github.com/bitcoin/bitcoin/issues/13526.
2018-07-05 08:02:22 +02:00
MarcoFalke
686e97a0c7
Merge #13522: [tests] Fix p2p_sendheaders race
75848bcf40 [tests] Fix p2p_sendheaders race (John Newbery)

Pull request description:

  p2p_sendheaders has a race in part 1.3.

  part 1.2 sends a block to the node over the 'test_node' connection, but
  doesn't wait for an inv to be received on the 'inv_node' connection. If
  we get to part 1.3 before that inv has been received, then the
  subsequent call to check_last_inv_announcement could fail.

Tree-SHA512: ba9baffb3a9c0d379259190c737a7a4ad2e1133005a5b026af4f6b67a2978e24db39289551ad29134151879593ef5472be7e569a3557c0740fb51f5c56263d9a
2018-06-30 22:09:11 -11:00
John Newbery
e3aab295e7 [tests] p2p_segwit: sync_blocks in subtest wrapper. 2018-06-29 15:35:07 -04:00
John Newbery
55e8050853 [tests] p2p_segwit: remove unnecessary arguments from subtests. 2018-06-29 15:35:07 -04:00
John Newbery
25711c2696 [tests] p2p_segwit: log and assert segwit status in subtest wrapper. 2018-06-29 15:35:07 -04:00
John Newbery
6839863d53 [tests] p2p_segwit: Make sure each subtest leaves utxos for the next. 2018-06-29 15:35:07 -04:00
John Newbery
bfe32734de [tests] p2p_segwit: wrap subtests with subtest wrapper.
The subtest wrapper logs the name of the subtest.
2018-06-29 15:34:22 -04:00
John Newbery
2af4e398dc [tests] p2p_segwit: re-order function definitions.
This re-orders the defintions in p2p_segwit so subtests are
defined in the order that they're called.
2018-06-29 15:34:22 -04:00
John Newbery
94a0134a40 [tests] p2p_segwit: standardise comments/docstrings. 2018-06-29 15:32:52 -04:00
John Newbery
f7c7f8ecf3 [tests] p2p_segwit: Fix flake8 warnings. 2018-06-29 15:32:52 -04:00
Wladimir J. van der Laan
a6ed99a1e6
Merge #13517: qa: Remove need to handle the network thread in tests
fa87da2f17 qa: Avoid start/stop of the network thread mid-test (MarcoFalke)

Pull request description:

  This simplifies test writing by removing the need to handle the network thread in tests. E.g. start thread, join thread, restart thread mid-test, adding p2p connections at the "right" time, ...

Tree-SHA512: 533642f12fef5496f1933855edcdab1a7ed901d088d34911749cd0f9e044c8a6cb1f89985ac3a7f41a512943663e4e270a61978f6f072143ae050cd102d4eab8
2018-06-29 18:10:57 +02:00
MarcoFalke
f3c9c40aeb
Merge #13545: tests: Fix test case streams_serializedata_xor. Remove Boost dependency.
962d8eed5b Remove boost dependency (boost/assign/std/vector.hpp) (practicalswift)
c6fd0df4ef Fix incorrect tests (practicalswift)

Pull request description:

  * Fix test case `streams_serializedata_xor`.
  * Remove Boost dependency.

Tree-SHA512: 609c4ced1b6a8b86f6a37e4220535f1b3c9f2e80949cd034ecc069a94c55c05cd514f2e132fe7f715161ee29811a0fadb6903635c507411d8dc3e7efe864edeb
2018-06-30 00:29:59 +14:00
John Newbery
ea65182f03 [wallet] loadwallet shouldn't create new wallets.
A bug in the initial implementation of loadwallet meant that if the
arguement was a directory that didn't contain a wallet.dat file, a new
wallet would be created in that directory. Fix that so that if a
directory is passed in, it must contain a wallet.dat file.

Bug reported by promag (João Barbosa).
2018-06-28 13:37:44 -04:00
MarcoFalke
2328039bfc
Merge #13535: [qa] wallet_basic: Specify minimum required amount for listunspent
fa103a5d5e [qa] wallet_basic: Specify minimum required amount for listunspent (MarcoFalke)

Pull request description:

  A value less than that would fail the tests later on anyway:

  ```
  File "./test/functional/wallet_basic.py", line 250, in run_test
      self.nodes[1].sendrawtransaction(signed_raw_tx['hex'])

  test_framework.authproxy.JSONRPCException: bad-txns-in-belowout, value in (1.00) < value out (49.998) (code 16) (-26)

Tree-SHA512: 7e72ad02b5623bc078610da06c34721836822a920a4e85b12a1e0f339e3205cdc11d39763197770e649fb73376f922ff91a8f244b465195e50a6798658e04f80
2018-06-29 02:05:30 +14:00
practicalswift
962d8eed5b Remove boost dependency (boost/assign/std/vector.hpp) 2018-06-27 17:45:18 +02:00
Pieter Wuille
f54f3738c8
Merge #13498: [wallet] Fixups from account API deprecation
df10f07db1 [wallet] Don't use accounts when checking balance in sendmany (John Newbery)
e209184101 [wallet] deprecate sendfrom RPC method. (John Newbery)

Pull request description:

  A couple of fixups from the accounts API deprecation PR (#12953):

  - properly deprecate `sendfrom`
  - don't use accounts when calculating balance in `sendmany` (unless the `-deprecatedrpc=accounts` flag is being used)

Tree-SHA512: 1befde055067438c4c3391bbff1aaed0e6249efd708c567db3f1faad40a0f28e64f95e5bad0679ae826d24a0239e4bc8a1c392dc93e2e7502343a7f6b1d1845c
2018-06-26 16:46:49 -07:00
MarcoFalke
fa87da2f17
qa: Avoid start/stop of the network thread mid-test 2018-06-25 14:06:41 -04:00
MarcoFalke
fa103a5d5e
[qa] wallet_basic: Specify minimum required amount for listunspent 2018-06-25 13:21:59 -04:00
Wladimir J. van der Laan
868cf431be
Merge #13160: wallet: Unlock spent outputs
fd9b3a7182 test: Output should be unlocked when spent (João Barbosa)
54c3bb4cf8 wallet: Unlock spent outputs (João Barbosa)

Pull request description:

  Fixes #12738.

Tree-SHA512: 2c1694727aea0c658d07566c7d11d7afe91218053f84d568fac97413348fa5a977243d6cdeebd1c6550816489e35cb3a31667c8354d9b350de99f979d641d605
2018-06-24 18:52:30 +02:00
Wladimir J. van der Laan
9ab4c2a246
Merge #13496: Test: Harden lint-filenames.sh
927e1150bc Test: Harden lint-filenames.sh (wodry)

Pull request description:

  - This fixes that only files with lower case file name suffix where found before, which contradicted the Regex to find uppercase characters in file names (including suffixes I guess).
  - `--full-name` switch was added to git ls-files, to define that the found file always includes it's full path in the git project.
  - since we know now that the file name includes the full path, we can harden the Regex to exclude the  secp256k1 and univalue sub folders.
  - use backslash line break to make code easier to read and avoid too long line.

Tree-SHA512: 9b55fe4965ae2084112b9f8a81bf9c657756c2cb5004986e7b6102a76adaf62c7d7a53257d9f13c5d8a1c75870b52c744d13830e3edd454a099e810357c914e5
2018-06-24 18:39:27 +02:00
Wladimir J. van der Laan
03f3925bac
Merge #13510: Scripts and tools: Obsolete #!/bin/bash shebang
000000035b Obsolete #!/bin/bash shebang (DesWurstes)

Pull request description:

  > `#!/bin/bash` assumes it is always installed to `/bin/` which can cause issues
  > `#!/usr/bin/env bash` searches the user's `PATH` to find the `bash` binary

  Details: https://github.com/dylanaraps/pure-bash-bible#obsolete-syntax

  I'm open to comments: Should I also fix `#!/bin/sh`?

Tree-SHA512: b47bb4828116aa119f1899c68fee081270d51a898535490b9c616bf0f3660ad953f29c361eafc759bc64cdd54ee6eeecb2d79e9fdb5291a996a515c719805476
2018-06-24 16:47:18 +02:00
MarcoFalke
3a4549301a
Merge #13512: [qa] mininode: Expose connection state through is_connected
fa1eac9cdb [qa] mininode: Expose connection state through is_connected (MarcoFalke)

Pull request description:

  This gets rid of some non-type safe string comparisons and access to members that are implementation details of `class P2PConnection(asyncore.dispatcher)`. Such refactoring is required to replace the deprecated asyncore with something more sane.

  Changes:
  * Get rid of non-enum member `state` and replace is with bool `connected`
  * Get rid of confusing argument `pushbuf` and literally just push to the buffer at the call site

Tree-SHA512: 09074c7e5ed251a2e0509ef205ab82f89887c1e1fa1cc6efc1db60d196eb2403788a4987df8809fd06d80ef652e614c5d3c3fdef70096fc5815102243388288d
2018-06-23 19:29:45 -04:00
MarcoFalke
fa1eac9cdb
[qa] mininode: Expose connection state through is_connected 2018-06-22 12:00:00 -04:00
John Newbery
75848bcf40 [tests] Fix p2p_sendheaders race
p2p_sendheaders has a race in part 1.3.

part 1.2 sends a block to the node over the 'test_node' connection, but
doesn't wait for an inv to be received on the 'inv_node' connection. If
we get to part 1.3 before that inv has been received, then the
subsequent call to check_last_inv_announcement could fail.
2018-06-22 11:55:56 -04:00
Suhas Daftuar
d280617bf5 [qa] Add a test for merkle proof malleation 2018-06-22 10:41:39 -04:00
Jonas Schnelli
000abbb6b0
Merge #13111: Add unloadwallet RPC
fe65bdec2 bugfix: Delete walletView in WalletFrame::removeWallet (João Barbosa)
0b82bac76 bugfix: Remove dangling wallet env instance (João Barbosa)
0ee77b207 ui: Support wallets unloaded dynamically (João Barbosa)
9f9b50d5f doc: Add release notes for unloadwallet RPC (João Barbosa)
ccbf7ae74 test: Wallet methods are disabled when no wallet is loaded (João Barbosa)
4940a20a4 test: Add functional tests for unloadwallet RPC (João Barbosa)
6608c369b rpc: Add unloadwallet RPC (João Barbosa)
537efe19e rpc: Extract GetWalletNameFromJSONRPCRequest from GetWalletForJSONRPCRequest (João Barbosa)

Pull request description:

  This patch adds wallet unload feature via RPC. It also adds UI support for unloaded wallets.

Tree-SHA512: 7c7f9f32f7a2266d2df574aa6b95f993c3dc82736f93304562122beb8756fb28cd22d03866b48f493c747441f22d30e196b098dec435cc25e035633f090351ea
2018-06-21 16:24:31 +02:00
DesWurstes
000000035b Obsolete #!/bin/bash shebang 2018-06-20 11:12:41 +03:00
John Newbery
e209184101 [wallet] deprecate sendfrom RPC method. 2018-06-18 12:33:15 -04:00
wodry
927e1150bc Test: Harden lint-filenames.sh 2018-06-18 18:02:11 +02:00
João Barbosa
0b82bac76d bugfix: Remove dangling wallet env instance 2018-06-18 16:35:39 +01:00
João Barbosa
ccbf7ae749 test: Wallet methods are disabled when no wallet is loaded 2018-06-18 16:35:17 +01:00
João Barbosa
4940a20a46 test: Add functional tests for unloadwallet RPC 2018-06-18 16:35:17 +01:00
practicalswift
7b23e6e13f Follow-up to #13454: Fix broken build by exporting LC_ALL=C 2018-06-18 14:20:18 +02:00
Wladimir J. van der Laan
45c00f8416
Merge #13454: Make sure LC_ALL=C is set in all shell scripts
47776a958b Add linter: Make sure all shell scripts opt out of locale dependence using "export LC_ALL=C" (practicalswift)
3352da8da1 Add "export LC_ALL=C" to all shell scripts (practicalswift)

Pull request description:

  ~~Make sure `LC_ALL=C` is set when using `grep` range expressions.~~

  Make sure `LC_ALL=C` is set in all shell scripts.

  From the `grep(1)` documentation:

  > Within a bracket expression, a range expression consists of two characters separated by a hyphen. It matches any single character that sorts between the two characters, inclusive, using the locale's collating sequence and character set. For example, in the default C locale, `[a-d]` is equivalent to `[abcd]`. Many  locales sort characters in dictionary order, and in these locales `[a-d]` is typically not equivalent to `[abcd]`; it might be equivalent to `[aBbCcDd]`, for example. To obtain the traditional interpretation of bracket expressions, you can use the C locale by setting the `LC_ALL` environment variable to the value C.

  Context: [Locale issue found when reviewing #13450](https://github.com/bitcoin/bitcoin/pull/13450/files#r194877736)

Tree-SHA512: fd74d2612998f9b49ef9be24410e505d8c842716f84d085157fc7f9799d40e8a7b4969de783afcf99b7fae4f91bbb4559651f7dd6578a6a081a50bdea29f0909
2018-06-18 13:18:12 +02:00
Wladimir J. van der Laan
a90ca4087a
Merge #13448: Add linter: Make sure we explicitly open all text files using UTF-8 encoding in Python
c8176b3cc7 Add linter: Make sure we explicitly open all text files using UTF-8 or ASCII encoding in Python (practicalswift)
634bd97001 Explicitly specify encoding when opening text files in Python code (practicalswift)

Pull request description:

  Add linter: Make sure we explicitly open all text files using UTF-8 encoding in Python.

  As requested by @laanwj in #13440.

Tree-SHA512: 1651c00fe220ceb273324abd6703aee504029b96c7ef0e3029145901762c733c9b9d24927da281394fd4681a5bff774336c04eed01fafea997bb32192c334c06
2018-06-16 15:23:14 +02:00
practicalswift
ad691f666b Add linter: Enforce the source code file naming convention described in the developer notes 2018-06-14 22:40:41 +02:00
Wladimir J. van der Laan
cc7cbd756a
Merge #13451: rpc: expose CBlockIndex::nTx in getblock(header)
86edf4a2a5 expose CBlockIndex::nTx in getblock(header) (Gregory Sanders)

Pull request description:

  Recent publication of a weakness in Bitcoin's merkle tree construction demonstrates many SPV applications vulnerable to an expensive to pull off yet still plausible attack: https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/

  Including the coinbase in the txoutproof seems the most effective fix, however results in a significant efficiency downgrade. Transactors will not even know a priori what the size of their proof will be within a couple orders of magnitude, unless they use the mid-state of SHA2 as detailed in the blog post.

  Some applications, like Elements blockchain platform that take SPV-style proofs have optional access to a bitcoind to verify these proofs of inclusion and check depth in the chain. Returning `CBlockIndex::nTx` would allow an extremely easy and compact way of checking the depth of the tree, with no additional overhead to the codebase, and works with pruned nodes.

  `getblockheader` is arguably not the place for it, but as mentioned before, is a natural workflow for us checking depth of a block in a possibly pruned node.

  We should also ensure that `verifytxoutproof` ends up validating this depth fact as well, but left this for another PR.

Tree-SHA512: af4cf48e704c6088f8da06a477fda1aaa6f8770cee9b876c4465d1075966d6a95831a88817673fe5a0d6bbcdc1ffcbc1892e2be0d838c60fc6958d33eacdcc14
2018-06-14 19:40:02 +02:00
practicalswift
47776a958b Add linter: Make sure all shell scripts opt out of locale dependence using "export LC_ALL=C" 2018-06-14 15:27:52 +02:00
practicalswift
3352da8da1 Add "export LC_ALL=C" to all shell scripts 2018-06-14 15:27:52 +02:00
MarcoFalke
f532d52d39
Merge #13350: [tests] Add logging to provide anchor points when debugging p2p_sendheaders
2ce81867b2 [tests] Add logging to provide anchor points when debugging failures. (Lowell Manners)

Pull request description:

  refs #12453

Tree-SHA512: 0ad432bd848723a5b813df4d35fcd8c81d152f042499c8340a9a2a9b7918d6e785efbf9f07b63b6c0253a949044cebdb51802971c09fb8dde0efa5169f34ef20
2018-06-13 10:41:28 -04:00
Gregory Sanders
86edf4a2a5 expose CBlockIndex::nTx in getblock(header) 2018-06-13 10:20:50 -04:00
practicalswift
c8176b3cc7 Add linter: Make sure we explicitly open all text files using UTF-8 or ASCII encoding in Python 2018-06-12 21:49:04 +02:00
practicalswift
634bd97001 Explicitly specify encoding when opening text files in Python code 2018-06-12 21:34:52 +02:00
Wladimir J. van der Laan
ca2a23387b
Merge #13120: policy: Treat segwit as always active
fa7a6cf1b3 policy: Treat segwit as always active (MarcoFalke)

Pull request description:

  Now that segwit is active for a long time, there is no need to reject transactions with the reason that segwit hasn't activated.

  Strictly speaking, this is a bug fix, because with the release of 0.16, we create segwit transactions in our wallet by default without checking if they are allowed by local policy.

  More broadly, this simplifies the code as if "premature witness" was always set to true with the corresponding command line args.

Tree-SHA512: 484c26aa3a66faba6b41e8554a91a29bfc15fbf6caae3d5363a3966283143189c4bd5333a610b0669c1238f75620691264e73f6b9f1161cdacf7574d946436da
2018-06-12 17:20:34 +02:00