Dash - Reinventing Cryptocurrency
Go to file
Ava Chow 898282d620
Merge bitcoin/bitcoin#28774: wallet: avoid returning a reference to vMasterKey after releasing the mutex that guards it
32a9f13cb805ecf6aebb5cf4e5d92b8a47c4548b wallet: avoid returning a reference to vMasterKey after releasing the mutex that guards it (Vasil Dimov)

Pull request description:

  `CWallet::GetEncryptionKey()` would return a reference to the internal
  `CWallet::vMasterKey`, guarded by `CWallet::cs_wallet`, which is unsafe.

  Returning a copy would be a shorter solution, but could have security
  implications of the master key remaining somewhere in the memory even
  after `CWallet::Lock()` (the current calls to
  `CWallet::GetEncryptionKey()` are safe, but that is not future proof).

  So, instead of `EncryptSecret(m_storage.GetEncryptionKey(), ...)`
  change the `GetEncryptionKey()` method to provide the encryption
  key to a given callback:
  `m_storage.WithEncryptionKey([](const CKeyingMaterial& k) { EncryptSecret(k, ...); })`

  This silences the following (clang 18):

  ```
  wallet/wallet.cpp:3520:12: error: returning variable 'vMasterKey' by reference requires holding mutex 'cs_wallet' [-Werror,-Wthread-safety-reference-return]
   3520 |     return vMasterKey;
        |            ^
  ```

  ---
  _Previously this PR modified both ArgsManager and wallet code. But the ArgsManager commit 856c88776f was merged in https://github.com/bitcoin/bitcoin/pull/29040 so now this only affects wallet code. The previous PR description was:_

  Avoid this unsafe pattern from `ArgsManager` and `CWallet`:

  ```cpp
  class A
  {
      Mutex mutex;
      Foo member GUARDED_BY(mutex);
      const Foo& Get()
      {
          LOCK(mutex);
          return member;
      } // callers of `Get()` will have access to `member` without owning the mutex.
  ```

ACKs for top commit:
  achow101:
    ACK 32a9f13cb805ecf6aebb5cf4e5d92b8a47c4548b
  ryanofsky:
    Code review ACK 32a9f13cb805ecf6aebb5cf4e5d92b8a47c4548b. This seems like a potentially real race condition, and the fix here is pretty simple.
  furszy:
    ACK 32a9f13c

Tree-SHA512: 133da84691642afc1a73cf14ad004a7266cb4be1a6a3ec634d131dca5dbcdef52522c1d5eb04f5b6c4e06e1fc3e6ac57315f8fe1e207b464ca025c2b4edefdc1
2024-10-12 20:06:28 +07:00
.github Squashed 'src/dashbls/' changes from 795660db76..4e070243ae 2024-10-09 17:25:18 +03:00
.tx fix: follow-up #5393 - should be used [dash.dash_ents] (#5472) 2023-07-01 14:16:50 +03:00
build-aux/m4 Merge bitcoin/bitcoin#30567: qt, build: Drop QT_STATICPLUGIN macro 2024-10-03 01:16:40 -05:00
ci chore: run contrib/devtools/copyright_header.py update . 2024-10-05 23:17:41 +03:00
contrib Squashed 'src/dashbls/' changes from 795660db76..4e070243ae 2024-10-09 17:25:18 +03:00
depends build: set -march irrespective of target operating system 2024-10-08 14:52:16 +00:00
doc Merge #6297: backport: merge bitcoin#23156, #23213, #23227, #23223, #23564, #23538, #23437, #23630, #23465, #23738, #17631, #22875 (auxiliary backports: part 18) 2024-10-08 17:28:25 -05:00
share Merge #6111: backport: bitcoin-core/gui#154, #176, #221, #248, #251 - qt improvements and related fixes 2024-07-23 14:17:33 -05:00
src Merge bitcoin/bitcoin#28774: wallet: avoid returning a reference to vMasterKey after releasing the mutex that guards it 2024-10-12 20:06:28 +07:00
test Merge #6297: backport: merge bitcoin#23156, #23213, #23227, #23223, #23564, #23538, #23437, #23630, #23465, #23738, #17631, #22875 (auxiliary backports: part 18) 2024-10-08 17:28:25 -05:00
.cirrus.yml merge bitcoin#23564: don't use deprecated brew package names 2024-10-08 15:59:17 +00:00
.dockerignore build: add dash minimal development environment container 2021-12-21 12:43:37 +05:30
.editorconfig Merge #21123: code style: Add EditorConfig file 2021-07-16 10:04:09 -05:00
.gitattributes Separate protocol versioning from clientversion 2014-10-29 00:24:40 -04:00
.gitignore Merge bitcoin/bitcoin#29733: build, macos: Drop unused osx_volname target 2024-10-04 12:54:24 -05:00
.gitlab-ci.yml fix: missing changes from bitcoin#19267 - run multiprocess on CI 2024-07-24 20:06:12 +07:00
.python-version partial bitcoin#27483: Bump python minimum version to 3.8 2023-05-11 09:18:48 -05:00
.style.yapf Merge #15533: test: .style.yapf: Set column_limit=160 2021-07-10 12:10:51 -05:00
autogen.sh Merge #17829: scripted-diff: Bump copyright of files changed in 2019 2023-12-06 11:40:14 -06:00
CMakeLists.txt chore: Added missing sources files in CMake (#5503) 2023-07-25 12:23:56 -05:00
configure.ac Squashed 'src/dashbls/' changes from 795660db76..4e070243ae 2024-10-09 17:25:18 +03:00
CONTRIBUTING.md Merge #6220: backport: Merge bitcoin#18448,24433, 24139, 23001, (partial) 24339, (partial) core/gui#420 2024-09-27 12:29:08 -05:00
COPYING docs: update license year range to 2024 (#5890) 2024-02-22 20:56:43 -06:00
INSTALL.md Dashify INSTALL.md and build-unix.md 2018-01-12 16:12:54 +01:00
libdashconsensus.pc.in revert dash#1432: Rename consensus source library and API 2022-08-09 14:16:28 +05:30
Makefile.am Squashed 'src/dashbls/' changes from 795660db76..4e070243ae 2024-10-09 17:25:18 +03:00
README.md doc: make build steps more prominent 2024-07-18 01:22:42 -06:00
SECURITY.md docs: update SECURITY.md supported versions 2024-07-16 15:32:39 +00:00

Dash Core staging tree

CI master develop
Gitlab Build Status Build Status

https://www.dash.org

For an immediately usable, binary version of the Dash Core software, see https://www.dash.org/downloads/.

Further information about Dash Core is available in ./doc/.

What is Dash?

Dash is an experimental digital currency that enables instant, private payments to anyone, anywhere in the world. Dash uses peer-to-peer technology to operate with no central authority: managing transactions and issuing money are carried out collectively by the network. Dash Core is the name of the open source software which enables the use of this currency.

For more information read the original Dash whitepaper.

License

Dash Core is released under the terms of the MIT license. See COPYING for more information or see https://opensource.org/licenses/MIT.

Development Process

The master branch is meant to be stable. Development is normally done in separate branches. Tags are created to indicate new official, stable release versions of Dash Core.

The develop branch is regularly built (see doc/build-*.md for instructions) and tested, but is not guaranteed to be completely stable.

The contribution workflow is described in CONTRIBUTING.md and useful hints for developers can be found in doc/developer-notes.md.

Build / Compile from Source

The ./configure, make, and cmake steps, as well as build dependencies, are in ./doc/ as well:

Testing

Testing and code review is the bottleneck for development; we get more pull requests than we can review and test on short notice. Please be patient and help out by testing other people's pull requests, and remember this is a security-critical project where any mistake might cost people lots of money.

Automated Testing

Developers are strongly encouraged to write unit tests for new code, and to submit new unit tests for old code. Unit tests can be compiled and run (assuming they weren't disabled in configure) with: make check. Further details on running and extending unit tests can be found in /src/test/README.md.

There are also regression and integration tests, written in Python. These tests can be run (if the test dependencies are installed) with: test/functional/test_runner.py

The CI (Continuous Integration) systems make sure that every pull request is built for Windows, Linux, and macOS, and that unit/sanity tests are run automatically.

Manual Quality Assurance (QA) Testing

Changes should be tested by somebody other than the developer who wrote the code. This is especially important for large or high-risk changes. It is useful to add a test plan to the pull request description if testing the changes is not straightforward.

Translations

Changes to translations as well as new translations can be submitted to Dash Core's Transifex page.

Translations are periodically pulled from Transifex and merged into the git repository. See the translation process for details on how this works.

Important: We do not accept translation changes as GitHub pull requests because the next pull from Transifex would automatically overwrite them again.