Add a SECURE style flag for ThreadSafeMessageBox, which indicates that the message contains sensitive information. This keeps the message from being output to the debug log by bitcoind. Fixes a possible security risk when starting bitcoind in server mode without the 'rpcpassword' option configured, resulting in the "suggested" password being output to the debug log.

Mark Friedenbach · Mark Friedenbach · commit d4746d56c0c4 · 2014-10-17T00:33:31.000-07:00
diff --git a/src/noui.cpp b/src/noui.cpp
@@ -14,6 +14,9 @@
 
 static bool noui_ThreadSafeMessageBox(const std::string& message, const std::string& caption, unsigned int style)
 {
+    bool fSecure = style & CClientUIInterface::SECURE;
+    style &= ~CClientUIInterface::SECURE;
+
     std::string strCaption;
     // Check for usage of predefined caption
     switch (style) {
@@ -30,7 +33,8 @@ static bool noui_ThreadSafeMessageBox(const std::string& message, const std::str
         strCaption += caption; // Use supplied caption (can be empty)
     }
 
-    LogPrintf("%s: %s\n", strCaption, message);
+    if (!fSecure)
+        LogPrintf("%s: %s\n", strCaption, message);
     fprintf(stderr, "%s: %s\n", strCaption.c_str(), message.c_str());
     return false;
 }
diff --git a/src/qt/bitcoingui.cpp b/src/qt/bitcoingui.cpp
@@ -992,6 +992,9 @@ void BitcoinGUI::showProgress(const QString &title, int nProgress)
 static bool ThreadSafeMessageBox(BitcoinGUI *gui, const std::string& message, const std::string& caption, unsigned int style)
 {
     bool modal = (style & CClientUIInterface::MODAL);
+    // The SECURE flag has no effect in the Qt GUI.
+    // bool secure = (style & CClientUIInterface::SECURE);
+    style &= ~CClientUIInterface::SECURE;
     bool ret = false;
     // In case of modal message, use blocking connection to wait for user to click a button
     QMetaObject::invokeMethod(gui, "message",
diff --git a/src/rpcserver.cpp b/src/rpcserver.cpp
@@ -581,7 +581,7 @@ void StartRPCThreads()
                 strWhatAmI,
                 GetConfigFile().string(),
                 EncodeBase58(&rand_pwd[0],&rand_pwd[0]+32)),
-                "", CClientUIInterface::MSG_ERROR);
+                "", CClientUIInterface::MSG_ERROR | CClientUIInterface::SECURE);
         StartShutdown();
         return;
     }
diff --git a/src/ui_interface.h b/src/ui_interface.h
@@ -63,6 +63,9 @@ class CClientUIInterface
         /** Force blocking, modal message box dialog (not just OS notification) */
         MODAL               = 0x10000000U,
 
+        /** Do not print contents of message to debug log */
+        SECURE              = 0x40000000U,
+
         /** Predefined combinations for certain default usage cases */
         MSG_INFORMATION = ICON_INFORMATION,
         MSG_WARNING = (ICON_WARNING | BTN_OK | MODAL),

Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,9 @@`
`14`	`14`
`15`	`15`	`static bool noui_ThreadSafeMessageBox(const std::string& message, const std::string& caption, unsigned int style)`
`16`	`16`	`{`
	`17`	`+ bool fSecure = style & CClientUIInterface::SECURE;`
	`18`	`+ style &= ~CClientUIInterface::SECURE;`
	`19`	`+`
`17`	`20`	`std::string strCaption;`
`18`	`21`	`// Check for usage of predefined caption`
`19`	`22`	`switch (style) {`
`@@ -30,7 +33,8 @@ static bool noui_ThreadSafeMessageBox(const std::string& message, const std::str`
`30`	`33`	`strCaption += caption; // Use supplied caption (can be empty)`
`31`	`34`	`}`
`32`	`35`
`33`		`- LogPrintf("%s: %s\n", strCaption, message);`
	`36`	`+ if (!fSecure)`
	`37`	`+ LogPrintf("%s: %s\n", strCaption, message);`
`34`	`38`	`fprintf(stderr, "%s: %s\n", strCaption.c_str(), message.c_str());`
`35`	`39`	`return false;`
`36`	`40`	`}`
Original file line number	Diff line number	Diff line change
`@@ -581,7 +581,7 @@ void StartRPCThreads()`
`581`	`581`	`strWhatAmI,`
`582`	`582`	`GetConfigFile().string(),`
`583`	`583`	`EncodeBase58(&rand_pwd[0],&rand_pwd[0]+32)),`
`584`		`- "", CClientUIInterface::MSG_ERROR);`
	`584`	`+ "", CClientUIInterface::MSG_ERROR \| CClientUIInterface::SECURE);`
`585`	`585`	`StartShutdown();`
`586`	`586`	`return;`
`587`	`587`	`}`