Don't permit port in proxy IP option #813
Conversation
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ReviewsSee the guideline for information on the review process.
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update. |
There was a problem hiding this comment.
Concept ACK 94173ea
I'd suggest to use a regex validator for the IP address, it's much simpler I think and the user won't be allow to enter any other symbols or chars (typo?) that aren't digits (plus user can't type more than 3 subnets separated by dots where currently you could and any symbols):
diff --git a/src/qt/optionsdialog.cpp b/src/qt/optionsdialog.cpp
index dd654a7ab..1fabee7f2 100644
--- a/src/qt/optionsdialog.cpp
+++ b/src/qt/optionsdialog.cpp
@@ -33,6 +33,11 @@
#include <QSystemTrayIcon>
#include <QTimer>
+// For IP address validators
+QRegularExpression ipRegex("^([0-9]{1,3}\\.){3}[0-9]{1,3}$");
+// For Port number validators
+QRegularExpression portRegex("^(6553[0-5]|655[0-2]\\d|65[0-4]\\d{2}|6[0-4]\\d{3}|[1-5]\\d{4}|[1-9]\\d{0,3})$");
+
int setFontChoice(QComboBox* cb, const OptionsModel::FontChoice& fc)
{
int i;
@@ -112,13 +117,18 @@ OptionsDialog::OptionsDialog(QWidget* parent, bool enableWallet)
ui->mapPortNatpmp->setEnabled(false);
#endif
+ QRegularExpressionValidator *ipValidator = new QRegularExpressionValidator(ipRegex, this);
+ QRegularExpressionValidator *portValidator = new QRegularExpressionValidator(portRegex, this);
+
ui->proxyIp->setEnabled(false);
+ ui->proxyIp->setValidator(ipValidator);
+
ui->proxyPort->setEnabled(false);
- ui->proxyPort->setValidator(new QIntValidator(1, 65535, this));
+ ui->proxyPort->setValidator(portValidator);
ui->proxyIpTor->setEnabled(false);
+ ui->proxyIpTor->setValidator(ipValidator);
ui->proxyPortTor->setEnabled(false);
- ui->proxyPortTor->setValidator(new QIntValidator(1, 65535, this));
+ ui->proxyPortTor->setValidator(portValidator);
connect(ui->connectSocks, &QPushButton::toggled, ui->proxyIp, &QWidget::setEnabled);
connect(ui->connectSocks, &QPushButton::toggled, ui->proxyPort, &QWidget::setEnabled);
I've also included in the above a "port number validator", the regex there is a bit more "elaborated" if you like but currently using the int validator, user can enter a dot and then the CService will return that the port is not valid.
Last one since we are here, I'd change the call to 'CService' (that performs currently the validation of the port number - eg as a mentioned above that user can enter a dot) to when the value is changed (textChanged?) - this is something that some reviewer noticed testing the corresponding control/ widget in the QML gui repo and I find it more practical - not as how currently behaves that the validation is done on focus changed (you can also see in the code that the tor inputs have different signal connections somehow, and the textChanged there doesn't work properly either) but this can be done also on a follow-up.
I'm not convinced that a large regex is "simpler" than checking if a ":" is in the string? Thanks for the other suggestions, but I don't feel that interested in picking them here with the QML work going on, and them not being much of an issue IMO. In contrast this fix prevents a bug whereby an incorrect setting can stop the node starting up. The only potential issue I saw with my own solution was that it would outright prevent setting the tor proxy IP to an IPv6 address, however from my (quick) research, it didn't seem that this was actually something anyone did (and it might not even be possible/practical to do). If I'm wrong on this, I'll be happy to update the solution further, but from what I can see even setting Tor ORPort to IPV6 is barely supported, and ControlPort is limited to an IPv4 address:port... |
src/qt/optionsdialog.cpp
Outdated
| // "http://x.x.x.x" already prohibited, so safe to fail early here on a ":" | ||
| if (input.contains(':')) { | ||
| return QValidator::Invalid; | ||
| } |
There was a problem hiding this comment.
What about using SplitHostPort() from #include <util/strencodings.h> instead?
Would only need to verify that the port isn't set.
There was a problem hiding this comment.
That certainly looks like it could be what is needed here!
The large one was for the port number, the one I referred as "simpler" was for the IP address:
The regex would keep it cleaner, more user friendly and we don't have to do an extra validation, but I'll stop trying to convince you 😄 (btw, also we'd need to set the max length to 15/ follow up).
QML is far for being at the stage where QT currently is, improving user experience could also be useful for both projects feedback.
I agree and there's a workaround already which is just removing the IP line from the file.
Is it even possible to enable those checkboxes?
|
Fixes: bitcoin-core#809 Previously it was possible through the GUI to enter an IP address:port into the "Proxy IP" configuration box. After the node was restarted the errant setting would prevent the node starting back up until manually removed from settings.json.
willcl-ark
force-pushed
the
2024-03-proxy-validate
branch
from
94173ea
to
10c5275
Compare
There was a problem hiding this comment.
Just to point out first, this will only work effectively in the case that editing has finished, as in clicking on another item that will take focus. If you only edit the proxy, leave focus on that box and click ok to save the setting, the invalid proxy will be saved.
Will propose a proper patch soon.
|
@jarolrod Isn't that a bug independent from the validation one? |
Fixes: bitcoin#809 Previously it was possible through the GUI to enter an IP address:port into the "Proxy IP" configuration box. After the node was restarted the errant setting would prevent the node starting back up until manually removed from settings.json. Github-Pull: bitcoin-core/gui#813 Rebased-From: 10c5275
|
Backported in bitcoin/bitcoin#30092. |
22701a4 doc: update manual pages for 27.1rc1 (fanquake) 9e91907 build: bump version to 27.1rc1 (fanquake) 9b4640c doc: update release-notes.md for 27.1 (fanquake) 80032d6 qt: 27.1rc1 translations update (Hennadii Stepanov) 423bd6d windeploy: Renew certificate (Ava Chow) 77b2321 depends: Fetch miniupnpc sources from an alternative website (Hennadii Stepanov) 31adcfa test: add GetAddedNodeInfo() CJDNS regression unit test (Jon Atack) 9cdb9ed p2p, bugfix: detect addnode cjdns peers in GetAddedNodeInfo() (Jon Atack) 3c26058 crypto: disable asan for sha256_sse4 with clang and -O0 (Cory Fields) 0ba11cf rpc: move UniValue in blockToJSON (willcl-ark) dedf319 gui: don't permit port in proxy IP option (willcl-ark) d1289a1 gui: fix create unsigned transaction fee bump (furszy) Pull request description: Backports: * bitcoin-core/gui#812 * bitcoin-core/gui#813 * #30085 * #30094 * #30097 * #30149 * #30151 Bump to 27.1rc1. ACKs for top commit: stickies-v: re-ACK 22701a4 willcl-ark: reACK 22701a4 hebasto: re-ACK 22701a4. Tree-SHA512: 6eca44ba7e6664eb4677646597dfdaf56a241c8c3e95e0ab8929ee2fc3671303fc6c2634d359b4523dbd452ac5e54fd1f4c7c2bf7e9c5209395f8cb3b4753fb3
Fixes: #809
Previously it was possible through the GUI to enter an IP address:port into the "Proxy IP" configuration box. After the node was restarted the errant setting would prevent the node starting back up until manually removed from settings.json.
Prevent this with a simple check for ":" in the string. This is acceptable here in the GUI setting because we already fail on a hostname such as "http://x.x.x.x", so it won't cause false positives.