Commit Graph

8634 Commits

Author SHA1 Message Date
anonimal cd57a10c90
epee: abstract_tcp_server2: resolve CID 203919 (DC.WEAK_CRYPTO)
The problem actually exists in two parts:

1. When sending chunks over a connection, if the queue size is
greater than N, the seed is predictable across every monero node.

>"If rand() is used before any calls to srand(), rand() behaves as if
it was seeded with srand(1). Each time rand() is seeded with the same seed, it
must produce the same sequence of values."

2. The CID speaks for itself: "'rand' should not be used for security-related
applications, because linear congruential algorithms are too easy to break."

*But* this is an area of contention.

One could argue that a CSPRNG is warranted in order to fully mitigate any
potential timing attacks based on crafting chunk responses. Others could argue
that the existing LCG, or even an MTG, would suffice (if properly seeded). As a
compromise, I've used an MTG with a full bit space. This should give a healthy
balance of security and speed without relying on the existing crypto library
(which I'm told might break on some systems since epee is not (shouldn't be)
dependent upon the existing crypto library).
2019-09-08 01:14:39 +00:00
anonimal d46f701515
tests: rct_mlsag: resolve CID 203914 (UNINIT_CTOR) 2019-09-07 00:38:49 +00:00
anonimal d099658522
bootstrap_daemon: resolve CID 203915 (UNCAUGHT_EXCEPT)
The issue is triggered by the captured `this` in RPC server, which
passes reference to throwable `core_rpc_server`:

`core_rpc_server.cpp:164: m_bootstrap_daemon.reset(new bootstrap_daemon([this]{ return get_random_public_node(); }));`

The solution is to simply remove noexcept from the remaining `bootstrap_daemon`
constructors because noexcept is false in this context.

>"An exception of type "boost::exception_detail::clone_impl<boost::exception_detail::error_info_injector<boost::asio::invalid_service_owner>>" is thrown but the throw list "noexcept" doesn't allow it to be thrown. This will cause a call to unexpected() which usually calls terminate()."
2019-09-07 00:29:09 +00:00
anonimal 2825f07d95
epee: connection_basic: resolve CID 203916 (UNINIT_CTOR) 2019-09-06 23:18:00 +00:00
anonimal 1bd962d9f9
wallet2: resolve CID 203918 null pointer deference (NULL_RETURNS) 2019-09-06 23:11:37 +00:00
anonimal 3a816398b3
epee: connection_basic: resolve CID 203920 (UNINIT_CTOR) 2019-09-06 22:48:16 +00:00
luigi1111 1b93cb74bb
Merge pull request #5824
2a41dc0 epee: fix connections not being properly closed in some instances (moneromooo-monero)
2019-09-04 09:40:21 -05:00
luigi1111 a567e884b2
Merge pull request #5822
839fc62 reject setting lookahead major or minor to 0 (moneromoo-monero)
2019-09-04 09:39:07 -05:00
luigi1111 e4f11a68fe
Merge pull request #5819
07cb087 blockchain: Fix alt chain generated coins overflow (iamamyth)
2019-09-04 09:37:32 -05:00
luigi1111 6fe281d315
Merge pull request #5814
bdcdb0e Remove unused code under WINDWOS_PLATFORM guard (tomsmeding)
a84aa04 syncobj.h no longer defines shared_guard, so remove those define's (tomsmeding)
2019-09-04 09:30:29 -05:00
luigi1111 902e4b6ebf
Merge pull request #5806
69465e3 cryptonote_protocol: fix '--no-sync', ignore new blocks and txes (xiphon)
2019-09-04 09:28:22 -05:00
luigi1111 0198b76217
Merge pull request #5799
082730b daemon: automatic public nodes discovering and bootstrap daemon switching (xiphon)
2019-09-04 09:27:02 -05:00
luigi1111 2acd3cee8c
Merge pull request #5796
e3cff3d Gitian build script fixes for MacOS (jonathancross)
2019-09-04 09:23:15 -05:00
luigi1111 101c9678a5
Merge pull request #5764
f26e663 Gitian build (mac, linux): gzip => bzip2 (jonathancross)
2019-09-04 09:21:27 -05:00
luigi1111 23547e6ed6
Merge pull request #5536
1a367d6 simplewallet: lock console on inactivity (moneromooo-monero)
2019-09-04 09:18:38 -05:00
luigi1111 98af2e954b
Merge pull request #5793
bdfc63a Add ref-counted buffer byte_slice. Currently used for sending TCP data. (vtnerd)
3b24b1d Added support for 'noise' over I1P/Tor to mask Tx transmission. (vtnerd)
2019-08-29 14:36:41 -05:00
moneromooo-monero 1a367d6a22
simplewallet: lock console on inactivity 2019-08-28 19:01:48 +00:00
luigi1111 85014813cf
Merge pull request #5707
3a0451a MLSAG speedup and additional checks (SarangNoether)
2019-08-28 02:22:00 -05:00
luigi1111 46c1198fd7
Merge pull request #5844
a7d1577 build: fix depends Travis ncurses build, don't wipe CONFIG_SHELL (xiphon)
2019-08-27 15:23:08 -05:00
Sarang Noether 3a0451a8be MLSAG speedup and additional checks 2019-08-27 16:22:44 -04:00
luigi1111 174c3a05f6
Merge pull request #5820
ac0a229 Fix Android build in Docker (hyperreality)
2019-08-27 15:22:08 -05:00
luigi1111 a387f0390d
Merge pull request #5794
a63e212 Docker updated dependencies cmake boost sodium cppzmq udev protobuf zmq (homdx)
2019-08-27 15:21:17 -05:00
luigi1111 f68512e9e4
Merge pull request #5729
7c894fc device_ledger: add paranoid buffer overflow check (moneromooo-monero)
f07524b device_ledger: fix uninitialized additional_key (moneromooo-monero)
2019-08-27 15:19:47 -05:00
luigi1111 8f6f674753
Merge pull request #5609
1dc3b1a wallet: add --extra-entropy command line flag (moneromooo-monero)
2019-08-27 15:14:15 -05:00
luigi1111 3e80f44503
Merge pull request #5559
33e91e1 wallet, rpc: add a release field to get_version (moneromooo-monero)
2019-08-27 15:09:37 -05:00
luigi1111 3254204fb9
Merge pull request #5416
63186a0 Wallet: Option to export data to ASCII (tmoravec)
2019-08-27 15:02:55 -05:00
xiphon 082730b6e5 daemon: automatic public nodes discovering and bootstrap daemon switching 2019-08-27 12:01:49 +00:00
moneromooo-monero 33e91e1a1e
wallet, rpc: add a release field to get_version
It does not leak much since you can make a fair guess by RPC
version already, and some people want to avoid non release
clients when using third parties' nodes (because they'd never
lie about it)
2019-08-26 19:28:25 +00:00
moneromooo-monero f07524b56b
device_ledger: fix uninitialized additional_key
Coverity 200185
2019-08-26 12:50:29 +00:00
moneromooo-monero 7c894fc7fd
device_ledger: add paranoid buffer overflow check
Coverity 200183
2019-08-26 12:50:26 +00:00
Tom Smeding a84aa04d57 syncobj.h no longer defines shared_guard, so remove those define's
The removed preprocessor macro's refer to types that are not defined in
the file anymore; the only other place where shared_guard is defined is
in winobj.h, which also defines the same macro's. Therefore, this change
is safe.

(Side note is that these macro's weren't used at all anyway, but that is
orthogonal to the issue.)
2019-08-23 08:42:36 +02:00
xiphon a7d1577545 build: fix depends Travis ncurses build, don't wipe CONFIG_SHELL 2019-08-23 01:55:33 +00:00
Tadeas Moravec 63186a01ce
Wallet: Option to export data to ASCII
New CLI wallet variable: export-format with options "binary" (the default),
or "ascii". "Binary" behaves as before, "ascii" forces the wallet to convert
data to ASCII using base64.

Reading files from the disk tries to auto detect what format has been
used (using a magic string added when exporting the data).

Implements https://github.com/monero-project/monero/issues/2859
2019-08-22 16:03:22 +02:00
moneromooo-monero 1dc3b1a516
wallet: add --extra-entropy command line flag
It lets the user add custom entropy to the PRNG.
It does this by hashing the new data and xoring the resulting
hash with the PRNG state.
2019-08-22 11:12:57 +00:00
luigi1111 cdfa2e58df
Merge pull request #5827
30779de fix feature not introduced until boost 1.66 (jtgrassie)
2019-08-21 15:54:10 -05:00
luigi1111 2be47ae02a
Merge pull request #5817
50ec40e Increase max_dbs from 20 to 32 (hyc)
2019-08-21 15:49:51 -05:00
luigi1111 7bdff6005f
Merge pull request #5815
adc16d2 Fix check for disconnecting peers when syncing (jagerman)
2019-08-21 15:48:09 -05:00
luigi1111 d8244eb39c
Merge pull request #5808
5a91b83 simplewallet: add a few missing settings help text (stoffu)
ae7bf37 simplewallet: fix arg indexing bug in set_device_name (stoffu)
2019-08-21 15:41:42 -05:00
luigi1111 0a42fddde4
Merge pull request #5807
4b1df4e Fix for biased signature nonce (SarangNoether)
2019-08-21 15:38:35 -05:00
luigi1111 28e0a28b96
Merge pull request #5800
6ca033d hid_error() could return a null, which causes the program to crash with (TheQuantumPhysicist)
2019-08-21 15:36:05 -05:00
luigi1111 d035af8e92
Merge pull request #5788
de5038f unpushed languages from pootle (synced) (Monero-Weblate)
2019-08-21 15:33:14 -05:00
luigi1111 11ab328ce3
Merge pull request #5778
8703aa5 MMS: Use chans instead of normal addresses for auto-config (rbrunner7)
2019-08-21 15:31:11 -05:00
luigi1111 415005aceb
Merge pull request #5777
757b789 Define _WANT_SEMUN for FreeBSD to ensure union semun is defined (odonnellnoel)
2019-08-21 15:28:10 -05:00
luigi1111 17f1ac8a42
Merge pull request #5775
95bebb1 Add nbproject directory to .gitignore (odonnellnoel)
2019-08-21 15:27:06 -05:00
luigi1111 f1e66a03f1
Merge pull request #5757
a12ca68 translations: add a ready file to control which translations to build (moneromooo-monero)
2019-08-21 15:25:18 -05:00
luigi1111 eea0123de4
Merge pull request #5755
7a3e458 improve tx_sanity_check clarification (vicsn)
2019-08-21 15:23:58 -05:00
luigi1111 5aa65adfcf
Merge pull request #5735
32b0560 easylogging++: weed out most calls to allowed without locking (moneromooo-monero)
2019-08-21 15:21:51 -05:00
luigi1111 1bd3f1a1fb
Merge pull request #5750
884df82 wallet: provide original address for outgoing transfers (xiphon)
2019-08-21 15:20:51 -05:00
luigi1111 0ca1a51033
Merge pull request #5749
45c28d8 build: fix OSX static libusb check and link against static libobjc (xiphon)
2019-08-21 15:19:33 -05:00
luigi1111 a8e99198bf
Merge pull request #5748
b350726 boost: update obsolete usage of endian API (moneromooo-monero)
2019-08-21 15:18:38 -05:00