Filter result of eth.accounts even for batch IPC calls #1114

merged 2 commits into from Sep 5, 2016


None yet

2 participants


This fixes a security issue raised earlier. Although eth.accounts are filtered according to what's visible to the active Mist tab it was still possible to retrieve all accounts by making the same call as part of a batch IPC request. This PR fixes that.

@hiddentao hiddentao added this to the 0.8.2 milestone Aug 25, 2016
@hiddentao hiddentao commented on the diff Aug 25, 2016
@@ -26,6 +26,7 @@ const ERRORS = {
METHOD_TIMEOUT: {"code": -32603, "message": "Request timed out for method \'__method__\'."},
TX_DENIED: {"code": -32603, "message": "Transaction denied"},
BATCH_TX_DENIED: {"code": -32603, "message": "Transactions denied, sendTransaction is not allowed in batch requests."},
+ BATCH_COMPILE_DENIED: {"code": -32603, "message": "Compilation denied, compileSolidity is not allowed in batch requests."},
hiddentao Aug 25, 2016 Contributor

This wasn't necessary for the fix but I added it anyway. You can't do a contract compilation as part of a batch call because we don't support that.

@hiddentao hiddentao modified the milestone: 0.8.3, 0.8.2 Aug 25, 2016

More fixes added.

@alexvandesande alexvandesande merged commit 06d12a6 into ethereum:develop Sep 5, 2016

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment