status-im
/
nimbus-eth2
mirror of https://github.com/status-im/nimbus-eth2.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Proper fix for writeFile() places. 

Comment unused/insecure procedure.
This commit is contained in:
cheatfate 2020-10-12 16:47:59 +03:00 committed by zah
parent f632a61cb9
commit 1742a82ca7
2 changed files with 93 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
beacon_chain/keystore_management.nim
View File

@ -89,13 +89,20 @@ proc checkAndCreateDataDir*(dataDir: string): bool =
else: else:
true true
else: else:
let res = createPath(dataDir, 0o750) let sres = createCurrentUserOnlySecurityDescriptor()
if res.isErr(): if sres.isErr():
fatal "Could not create data folder", data_dir = dataDir, fatal "Could not allocate security descriptor", data_dir = dataDir,
errorMsg = ioErrorMsg(res.error), errorCode = $res.error errorMsg = ioErrorMsg(sres.error), errorCode = $sres.error
false false
else: else:
true var sd = sres.get()
let res = createPath(dataDir, 0o750, secDescriptor = sd.getDescriptor())
if res.isErr():
fatal "Could not create data folder", data_dir = dataDir,
errorMsg = ioErrorMsg(res.error), errorCode = $res.error
false
else:
true
else: else:
fatal "Unsupported operation system" fatal "Unsupported operation system"
return false return false
@ -357,11 +364,23 @@ proc saveNetKeystore*(rng: var BrHmacDrbgContext, keyStorePath: string,
error "Could not serialize network key storage", key_path = keyStorePath error "Could not serialize network key storage", key_path = keyStorePath
return err(FailedToCreateKeystoreFile) return err(FailedToCreateKeystoreFile)
let res = writeFile(keyStorePath, encodedStorage, 0o600) let res =
when defined(windows):
let sres = createCurrentUserOnlySecurityDescriptor()
if sres.isErr():
error "Could not allocate security descriptor", key_path = keyStorePath
return err(FailedToCreateKeystoreFile)
var sd = sres.get()
writeFile(keyStorePath, encodedStorage, 0o600,
secDescriptor = sd.getDescriptor())
else:
writeFile(keyStorePath, encodedStorage, 0o600)
if res.isOk(): if res.isOk():
ok() ok()
else: else:
error "Could not write to network key storage file", key_path = keyStorePath error "Could not write to network key storage file",
key_path = keyStorePath
err(FailedToCreateKeystoreFile) err(FailedToCreateKeystoreFile)
proc saveKeystore(rng: var BrHmacDrbgContext, proc saveKeystore(rng: var BrHmacDrbgContext,
@ -388,22 +407,48 @@ proc saveKeystore(rng: var BrHmacDrbgContext,
error "Could not serialize keystorage", key_path = keystoreFile error "Could not serialize keystorage", key_path = keystoreFile
return err(FailedToCreateKeystoreFile) return err(FailedToCreateKeystoreFile)
let vres = createPath(validatorDir, 0o750) when defined(windows):
if vres.isErr(): let csres = createCurrentUserOnlySecurityDescriptor()
return err(FailedToCreateValidatorDir) if csres.isErr():
error "Could not allocate security descriptor", key_path = keystoreFile
return err(FailedToCreateKeystoreFile)
var sd = csres.get()
let sres = createPath(secretsDir, 0o750) let vres = createPath(validatorDir, 0o750,
if sres.isErr(): secDescriptor = sd.getDescriptor())
return err(FailedToCreateSecretsDir) if vres.isErr():
return err(FailedToCreateValidatorDir)
let swres = writeFile(secretsDir / keyName, password.str, 0o600) let sres = createPath(secretsDir, 0o750,
if swres.isErr(): secDescriptor = sd.getDescriptor())
return err(FailedToCreateSecretFile) if sres.isErr():
return err(FailedToCreateSecretsDir)
let kwres = writeFile(keystoreFile, encodedStorage, 0o600) let swres = writeFile(secretsDir / keyName, password.str, 0o600,
if kwres.isErr(): secDescriptor = sd.getDescriptor())
return err(FailedToCreateKeystoreFile) if swres.isErr():
return err(FailedToCreateSecretFile)
let kwres = writeFile(keystoreFile, encodedStorage, 0o600,
secDescriptor = sd.getDescriptor())
if kwres.isErr():
return err(FailedToCreateKeystoreFile)
else:
let vres = createPath(validatorDir, 0o750)
if vres.isErr():
return err(FailedToCreateValidatorDir)
let sres = createPath(secretsDir, 0o750)
if sres.isErr():
return err(FailedToCreateSecretsDir)
let swres = writeFile(secretsDir / keyName, password.str, 0o600)
if swres.isErr():
return err(FailedToCreateSecretFile)
let kwres = writeFile(keystoreFile, encodedStorage, 0o600)
if kwres.isErr():
return err(FailedToCreateKeystoreFile)
ok() ok()
proc generateDeposits*(preset: RuntimePreset, proc generateDeposits*(preset: RuntimePreset,
@ -443,12 +488,27 @@ proc saveWallet*(wallet: Wallet, outWalletPath: string): Result[void, string] =
encodedWallet = Json.encode(wallet, pretty = true) encodedWallet = Json.encode(wallet, pretty = true)
except SerializationError: except SerializationError:
return err("Could not serialize wallet") return err("Could not serialize wallet")
let pres = createPath(walletDir, 0o750)
if pres.isErr(): when defined(windows):
return err("Could not create wallet directory [" & walletDir & "]") let sres = createCurrentUserOnlySecurityDescriptor()
let wres = writeFile(outWalletPath, encodedWallet, 0o600) if sres.isErr():
if wres.isErr(): error "Could not allocate security descriptor"
return err("Could not write wallet to file [" & outWalletPath & "]") return err("Could not create security descriptor")
var sd = sres.get()
let pres = createPath(walletDir, 0o750, secDescriptor = sd.getDescriptor())
if pres.isErr():
return err("Could not create wallet directory [" & walletDir & "]")
let wres = writeFile(outWalletPath, encodedWallet, 0o600,
secDescriptor = sd.getDescriptor())
if wres.isErr():
return err("Could not write wallet to file [" & outWalletPath & "]")
else:
let pres = createPath(walletDir, 0o750)
if pres.isErr():
return err("Could not create wallet directory [" & walletDir & "]")
let wres = writeFile(outWalletPath, encodedWallet, 0o600)
if wres.isErr():
return err("Could not write wallet to file [" & outWalletPath & "]")
ok() ok()
proc saveWallet*(wallet: WalletPathPair): Result[void, string] = proc saveWallet*(wallet: WalletPathPair): Result[void, string] =

16
beacon_chain/validator_duties.nim
View File

@ -35,14 +35,14 @@ declareCounter beacon_blocks_proposed,
logScope: topics = "beacval" logScope: topics = "beacval"
# TODO: This procedure follows insecure scheme of creating directory without # # TODO: This procedure follows insecure scheme of creating directory without
# any permissions and writing file without any permissions. # # any permissions and writing file without any permissions.
proc saveValidatorKey*(keyName, key: string, conf: BeaconNodeConf) = # proc saveValidatorKey*(keyName, key: string, conf: BeaconNodeConf) =
let validatorsDir = conf.validatorsDir # let validatorsDir = conf.validatorsDir
let outputFile = validatorsDir / keyName # let outputFile = validatorsDir / keyName
createDir validatorsDir # createDir validatorsDir
writeFile(outputFile, key) # writeFile(outputFile, key)
notice "Imported validator key", file = outputFile # notice "Imported validator key", file = outputFile
proc checkValidatorInRegistry(state: BeaconState, proc checkValidatorInRegistry(state: BeaconState,
pubKey: ValidatorPubKey) = pubKey: ValidatorPubKey) =