Merge pull request #2279

359517c wallet_rpc_server: fix possible privacy leak in on_import_key_images() (Jaquee) 20495b2 simplewallet: fix possible privacy leak in import_key_images() (Jaquee)
monero-project · Aug 15, 2017 · a861cbb · a861cbb
2 parents 53dde37 + 359517c
commit a861cbb
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/src/simplewallet/simplewallet.cpp b/src/simplewallet/simplewallet.cpp
@@ -4542,6 +4542,12 @@ bool simple_wallet::export_key_images(const std::vector<std::string> &args)
 //----------------------------------------------------------------------------------------------------
 bool simple_wallet::import_key_images(const std::vector<std::string> &args)
 {
+  if (!m_trusted_daemon)
+  {
+    fail_msg_writer() << tr("this command requires a trusted daemon. Enable with --trusted-daemon");
+    return true;
+  }
+
   if (args.size() != 1)
   {
     fail_msg_writer() << tr("usage: import_key_images <filename>");

diff --git a/src/wallet/wallet_rpc_server.cpp b/src/wallet/wallet_rpc_server.cpp
@@ -1364,7 +1364,12 @@ namespace tools
       er.message = "Command unavailable in restricted mode.";
       return false;
     }
-
+    if (!m_trusted_daemon)
+    {
+      er.code = WALLET_RPC_ERROR_CODE_UNKNOWN_ERROR;
+      er.message = "This command requires a trusted daemon.";
+      return false;
+    }
     try
     {
       std::vector<std::pair<crypto::key_image, crypto::signature>> ski;