IPC-server hardening and update

[Diapolo]

• add IMPLEMENT_RANDOMIZE_STACK for ipcThread()
• log / print boost interprocess exceptions
• use MAX_URI_LENGTH in guiconstants.h (also used in qrcodedialog.cpp)
• remove unneeded includes and ipcShutdown() from qtipcserver.cpp
• fix a small mem-leak by deleting mq before re-using it
• make ipcThread() and ipcThread2() static functions
• add some more comments

This is intended to improve some parts of our current IPC code, mostly security wise, it does not change the URI handling behaviour. I compiled this on Windows and made some tests with Bitcoin-Qt, everything okay.

[TheBlueMatt]

Yuck, more global flags?

[Diapolo]

After looking at how the code works, I guess I can just remove this. Even if the IPC thread doesn't run or something happened we don't rely on this to ensure a working Bitcoin-Qt. It was a left-over from my former pull.

[Diapolo]

Updated and removed the global and another #define, which also did not need to be there.

[TheBlueMatt]

Now you copy the string instead of using it as-is for no clear benefit?

[Diapolo]

Well this is the same code you took a look at in the last pull? There you did not mention this. Well idea was to avoid char * where possible, as std::string should be more robust.

[TheBlueMatt]

copying an existing const char* isnt more robust than copying its contents to a std::string.

[Diapolo]

This is what @laanwj had written to this change in the other pull:
"I think it's more consistent to use C++ string handling everywhere instead of strlen() and friends (performance is not an argument here). In most implementations, c_str doesn't perform a copy, but it simply returns a pointer to the internal buffer. Though it'd be better to use .data() if you don't rely on it being zero-terminated like in this case."

[TheBlueMatt]

Its not necessarily more consistent to use a std::string when we already have a const char*, because you are now using both...anyway, it goes back to the "diff for diffs sake" here, there is no difference in the code (std::string(const char*) is no doubt using strlen anyway) but its just more lines of diff.

[Diapolo]

I'm going to revert this, so that in the end the diff is much smaller now (after some reverts and removing silly stuff). I consider your feedback very constructive and I'm glad you took the time to look over the code :).

Edit: Reverted

[TheBlueMatt]

There are some useful changes in here, by there appears to be a lot of diff here that has no purpose aside from just providing more diff?

[TheBlueMatt]

Not blaming you for this, but why on earth do we have a guiconstants.h file? That just seems broken - shouldn't constants go in the header for the file in which they are used?

[Diapolo]

I think, when they are used in multiple files they should reside here, when they are ONLY used e.g. in one source-file, then yes it should just be in the header. Well this one will soon be used by qrcodedialog.cpp, too ... so at least this one should go here. I guess @laanwj introduced that file some time ago, perhaps he can explain the idea of it?

[TheBlueMatt]

The point is if you already have to import eg qtipcserver.h in any files which are going to be using MAX_URI_LENGTH, there is no reason to have it separate in a guiconstants.h, it could just reside in qtipcserver.h, and I'd think the same is true of all the other constants here.

[Diapolo]

My point was MAX_URI_LENGTH is used in qtipcserver.cpp and qrcodedialog.cpp. Now both of them include guiconstants.h., which seems just fine, no? qtipcserver.h is of course not included in qrcodedialog.cpp.

[TheBlueMatt]

Why is MAX_URI_LENGTH used in qrcodedialog.cpp? MAX_URI_LENGTH is not a part of the URI spec, it is part of bitcoin-qt's implementation, there is nothing wrong with a QR Code with a URI longer than MAX_URI_LENGTH.

[Diapolo]

Sometimes I feel like I'm the bad guy that did something wrong. Well in a patch some weeks ago, we introduced a limit for the URI length used in generation of QR Codes, which is the same as this one here. I indeed SEE a problem, the QR Codes which would get longer would not be valid for Bitcoin-Qt, so why not use the same limit?

See:
b1a99c3

[TheBlueMatt]

Ah, its used for importing URIs, not exporting, sorry...I still dont like the idea of a constants header, but I suppose for MAX_URI_LENGTH it makes some sense.

[laanwj]

I do like the constants header, as it keeps all the tweakable values together. But regard it more like a hard-coded configuration header than really "constants" as the values are arbitrary and changeable.

[Diapolo]

Rebased, fixing merge conflict.

[TheBlueMatt]

In terms of the actual code changes in this pull, ACK...the rest of it...dont care, not up to me.

[laanwj]

I don't get this code. Where does this 2 come from? This is not part of the diff, but it looks a bit flaky.

[Diapolo]

It was in from the very beginning, didn't ever touch it.

See: 7d145a0#L10R63 which is a commit from @TheBlueMatt

[TheBlueMatt]

Its the same constant that is used when creating the message queue to set the maximum number of items in the queue, its essentially a fail-safe in case we are getting DoS'd.

[laanwj]

ACK

[Diapolo]

Rebased fixing a merge conflict and included some changes to the Mac exclusion code (needed after 4060d64), that needed the changed functions in it.

[Diapolo]

@laanwj Further problems / hints for this one?

[laanwj]

ipcThread and ipcThread2 are never called from outside qtipcserver.cpp. They should be static and local, not exported in the header file.

[Diapolo]

That is indeed a very good idea :), thanks.

[Diapolo]

ipcThread() and ipcThread2() are now static functions :).

[laanwj]

ACK (but needs rebase)

[Diapolo]

Rebased (was needed after the thread names patch) and removed ipcThread() and ipcThread2() from the OSX #ifdef.

[Diapolo]

RenameThread() is now placed here.