From 78d435a5fae047ba9774cb6b43241e44322e77c0 Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Tue, 28 Apr 2020 14:05:41 +0000 Subject: [PATCH] rpc: don't display invalid json errors on default log level It's not something the user needs to know, and will display attacker controlled data --- contrib/epee/src/mlog.cpp | 2 +- src/rpc/core_rpc_server.cpp | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/contrib/epee/src/mlog.cpp b/contrib/epee/src/mlog.cpp index e96bf627f..bcde215be 100644 --- a/contrib/epee/src/mlog.cpp +++ b/contrib/epee/src/mlog.cpp @@ -100,7 +100,7 @@ static const char *get_default_categories(int level) switch (level) { case 0: - categories = "*:WARNING,net:FATAL,net.http:FATAL,net.ssl:FATAL,net.p2p:FATAL,net.cn:FATAL,global:INFO,verify:FATAL,serialization:FATAL,daemon.rpc.payment:ERROR,stacktrace:INFO,logging:INFO,msgwriter:INFO"; + categories = "*:WARNING,net:FATAL,net.http:FATAL,net.ssl:FATAL,net.p2p:FATAL,net.cn:FATAL,daemon.rpc:FATAL,global:INFO,verify:FATAL,serialization:FATAL,daemon.rpc.payment:ERROR,stacktrace:INFO,logging:INFO,msgwriter:INFO"; break; case 1: categories = "*:INFO,global:INFO,stacktrace:INFO,logging:INFO,msgwriter:INFO,perf.*:DEBUG"; diff --git a/src/rpc/core_rpc_server.cpp b/src/rpc/core_rpc_server.cpp index 82a7234d1..b8409c780 100644 --- a/src/rpc/core_rpc_server.cpp +++ b/src/rpc/core_rpc_server.cpp @@ -265,25 +265,25 @@ namespace cryptonote { if (!m_restricted && nettype() != FAKECHAIN) { - MERROR("RPC payment enabled, but server is not restricted, anyone can adjust their balance to bypass payment"); + MFATAL("RPC payment enabled, but server is not restricted, anyone can adjust their balance to bypass payment"); return false; } cryptonote::address_parse_info info; if (!get_account_address_from_str(info, nettype(), address)) { - MERROR("Invalid payment address: " << address); + MFATAL("Invalid payment address: " << address); return false; } if (info.is_subaddress) { - MERROR("Payment address may not be a subaddress: " << address); + MFATAL("Payment address may not be a subaddress: " << address); return false; } uint64_t diff = command_line::get_arg(vm, arg_rpc_payment_difficulty); uint64_t credits = command_line::get_arg(vm, arg_rpc_payment_credits); if (diff == 0 || credits == 0) { - MERROR("Payments difficulty and/or payments credits are 0, but a payment address was given"); + MFATAL("Payments difficulty and/or payments credits are 0, but a payment address was given"); return false; } m_rpc_payment_allow_free_loopback = command_line::get_arg(vm, arg_rpc_payment_allow_free_loopback); @@ -303,7 +303,7 @@ namespace cryptonote if (!set_bootstrap_daemon(command_line::get_arg(vm, arg_bootstrap_daemon_address), command_line::get_arg(vm, arg_bootstrap_daemon_login))) { - MERROR("Failed to parse bootstrap daemon address"); + MFATAL("Failed to parse bootstrap daemon address"); return false; }