Skip to content
This repository has been archived by the owner on Apr 4, 2024. It is now read-only.

Commit

Permalink
rpc: fix ExpandHome restrictions bypass (#667)
Browse files Browse the repository at this point in the history
`go-home` seems to be using environment variables first
  • Loading branch information
tomtau authored Oct 13, 2021
1 parent 4ead981 commit 8e12d94
Show file tree
Hide file tree
Showing 5 changed files with 31 additions and 14 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ Ref: https://keepachangelog.com/en/1.0.0/

### Bug Fixes

* (rpc) [tharsis#667](https://github.com/tharsis/ethermint/issues/667) Fix ExpandHome restrictions bypass
* (rpc) [tharsis#642](https://github.com/tharsis/ethermint/issues/642) Fix `eth_getLogs` when string is specified in filter's from or to fields
* (evm) [tharsis#616](https://github.com/tharsis/ethermint/issues/616) Fix halt on deeply nested stack of cache context. Stack is now flattened before iterating over the tx logs.
* (rpc, evm) [tharsis#614](https://github.com/tharsis/ethermint/issues/614) Use JSON for (un)marshaling tx `Log`s from events.
Expand Down
7 changes: 6 additions & 1 deletion rpc/ethereum/namespaces/debug/api.go
Original file line number Diff line number Diff line change
Expand Up @@ -292,7 +292,12 @@ func (a *API) StartCPUProfile(file string) error {
a.logger.Debug("CPU profiling already in progress")
return errors.New("CPU profiling already in progress")
default:
f, err := os.Create(ExpandHome(file))
fp, err := ExpandHome(file)
if err != nil {
a.logger.Debug("failed to get filepath for the CPU profile file", "error", err.Error())
return err
}
f, err := os.Create(fp)
if err != nil {
a.logger.Debug("failed to create CPU profile file", "error", err.Error())
return err
Expand Down
7 changes: 6 additions & 1 deletion rpc/ethereum/namespaces/debug/trace.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,12 @@ func (a *API) StartGoTrace(file string) error {
a.logger.Debug("trace already in progress")
return errors.New("trace already in progress")
}
f, err := os.Create(ExpandHome(file))
fp, err := ExpandHome(file)
if err != nil {
a.logger.Debug("failed to get filepath for the CPU profile file", "error", err.Error())
return err
}
f, err := os.Create(fp)
if err != nil {
a.logger.Debug("failed to create go trace file", "error", err.Error())
return err
Expand Down
23 changes: 12 additions & 11 deletions rpc/ethereum/namespaces/debug/utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,26 +24,27 @@ func isCPUProfileConfigurationActivated(ctx *server.Context) bool {

// ExpandHome expands home directory in file paths.
// ~someuser/tmp will not be expanded.
func ExpandHome(p string) string {
func ExpandHome(p string) (string, error) {
if strings.HasPrefix(p, "~/") || strings.HasPrefix(p, "~\\") {
home := os.Getenv("HOME")
if home == "" {
if usr, err := user.Current(); err == nil {
home = usr.HomeDir
}
}
if home != "" {
p = home + p[1:]
usr, err := user.Current()
if err != nil {
return p, err
}
home := usr.HomeDir
p = home + p[1:]
}
return filepath.Clean(p)
return filepath.Clean(p), nil
}

// writeProfile writes the data to a file
func writeProfile(name, file string, log log.Logger) error {
p := pprof.Lookup(name)
log.Info("Writing profile records", "count", p.Count(), "type", name, "dump", file)
f, err := os.Create(ExpandHome(file))
fp, err := ExpandHome(file)
if err != nil {
return err
}
f, err := os.Create(fp)
if err != nil {
return err
}
Expand Down
7 changes: 6 additions & 1 deletion server/start.go
Original file line number Diff line number Diff line change
Expand Up @@ -223,7 +223,12 @@ func startInProcess(ctx *server.Context, clientCtx client.Context, appCreator ty
var cpuProfileCleanup func()

if cpuProfile := ctx.Viper.GetString(srvflags.CPUProfile); cpuProfile != "" {
f, err := os.Create(ethdebug.ExpandHome(cpuProfile))
fp, err := ethdebug.ExpandHome(cpuProfile)
if err != nil {
ctx.Logger.Debug("failed to get filepath for the CPU profile file", "error", err.Error())
return err
}
f, err := os.Create(fp)
if err != nil {
return err
}
Expand Down

0 comments on commit 8e12d94

Please sign in to comment.