Skip to content

Commit d678771

Browse files
luke-jrluke-jr
committed
Wallet: Sanitise -wallet parameter
1 parent 9756be3 commit d678771

File tree

3 files changed

+10
-2
lines changed

3 files changed

+10
-2
lines changed

src/utilstrencodings.cpp

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,8 @@ static const string CHARS_ALPHA_NUM = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNO
1919
static const string SAFE_CHARS[] =
2020
{
2121
CHARS_ALPHA_NUM + " .,;-_/:?@()", // SAFE_CHARS_DEFAULT
22-
CHARS_ALPHA_NUM + " .,;-_?@" // SAFE_CHARS_UA_COMMENT
22+
CHARS_ALPHA_NUM + " .,;-_?@", // SAFE_CHARS_UA_COMMENT
23+
CHARS_ALPHA_NUM + ".-_", // SAFE_CHARS_FILENAME
2324
};
2425

2526
string SanitizeString(const string& str, int rule)

src/utilstrencodings.h

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,8 @@
2626
enum SafeChars
2727
{
2828
SAFE_CHARS_DEFAULT, //!< The full set of allowed chars
29-
SAFE_CHARS_UA_COMMENT //!< BIP-0014 subset
29+
SAFE_CHARS_UA_COMMENT, //!< BIP-0014 subset
30+
SAFE_CHARS_FILENAME, //!< Chars allowed in filenames
3031
};
3132

3233
/**

src/wallet/wallet.cpp

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3765,6 +3765,12 @@ bool CWallet::InitLoadWallet()
37653765

37663766
std::string walletFile = GetArg("-wallet", DEFAULT_WALLET_DAT);
37673767

3768+
if (walletFile.find_first_of("/\\") != std::string::npos) {
3769+
return InitError(_("-wallet parameter must only specify a filename (not a path)"));
3770+
} else if (SanitizeString(walletFile, SAFE_CHARS_FILENAME) != walletFile) {
3771+
return InitError(_("Invalid characters in -wallet filename"));
3772+
}
3773+
37683774
CWallet * const pwallet = CreateWalletFromFile(walletFile);
37693775
if (!pwallet) {
37703776
return false;

0 commit comments

Comments
 (0)