From c6ab880c030bb7492002b843247030e15f9b89a6 Mon Sep 17 00:00:00 2001 From: Nik Bougalis Date: Thu, 21 Feb 2019 16:23:49 -0800 Subject: [PATCH] Display validator status only to admin requests: Several commands allow a user to retrieve a server's status. Commands will typically limit disclosure of information that can reveal that a particular server is a validator to connections that are not verified to make it more difficult to determine validators via fingerprinting. Prior to this commit, servers configured to operate as validators would, instead of simply reporting their server state as 'full', augment their state information to indicate whether they are 'proposing' or 'validating'. Servers will only provide this enhanced state information for connections that have elevated privileges. Acknowledgements: Ripple thanks Markus Teufelberger for responsibly disclosing this issue. Bug Bounties and Responsible Disclosures: We welcome reviews of the rippled code and urge researchers to responsibly disclose any issues that they may find. For more on Ripple's Bug Bounty program, please visit: https://ripple.com/bug-bounty --- src/ripple/app/misc/NetworkOPs.cpp | 10 +++++----- src/ripple/app/misc/NetworkOPs.h | 2 +- src/ripple/overlay/impl/OverlayImpl.cpp | 5 ++++- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/src/ripple/app/misc/NetworkOPs.cpp b/src/ripple/app/misc/NetworkOPs.cpp index 4383acdcb4..c38746654e 100644 --- a/src/ripple/app/misc/NetworkOPs.cpp +++ b/src/ripple/app/misc/NetworkOPs.cpp @@ -237,7 +237,7 @@ public: { return mMode; } - std::string strOperatingMode () const override; + std::string strOperatingMode (bool admin = false) const override; // // Transaction operations. @@ -824,9 +824,9 @@ void NetworkOPsImp::processClusterTimer () //------------------------------------------------------------------------------ -std::string NetworkOPsImp::strOperatingMode () const +std::string NetworkOPsImp::strOperatingMode (bool admin) const { - if (mMode == omFULL) + if (mMode == omFULL && admin) { auto const mode = mConsensus.mode(); if (mode != ConsensusMode::wrongLedger) @@ -2103,7 +2103,7 @@ Json::Value NetworkOPsImp::getServerInfo (bool human, bool admin, bool counters) info [jss::build_version] = BuildInfo::getVersionString (); - info [jss::server_state] = strOperatingMode (); + info [jss::server_state] = strOperatingMode (admin); info [jss::time] = to_string(date::floor( std::chrono::system_clock::now())); @@ -2860,7 +2860,7 @@ bool NetworkOPsImp::subServer (InfoSub::ref isrListener, Json::Value& jvResult, auto const& feeTrack = app_.getFeeTrack(); jvResult[jss::random] = to_string (uRandom); - jvResult[jss::server_status] = strOperatingMode (); + jvResult[jss::server_status] = strOperatingMode (admin); jvResult[jss::load_base] = feeTrack.getLoadBase (); jvResult[jss::load_factor] = feeTrack.getLoadFactor (); jvResult [jss::hostid] = getHostId (admin); diff --git a/src/ripple/app/misc/NetworkOPs.h b/src/ripple/app/misc/NetworkOPs.h index 162bcd2598..6a16485073 100644 --- a/src/ripple/app/misc/NetworkOPs.h +++ b/src/ripple/app/misc/NetworkOPs.h @@ -105,7 +105,7 @@ public: // virtual OperatingMode getOperatingMode () const = 0; - virtual std::string strOperatingMode () const = 0; + virtual std::string strOperatingMode (bool admin = false) const = 0; //-------------------------------------------------------------------------- // diff --git a/src/ripple/overlay/impl/OverlayImpl.cpp b/src/ripple/overlay/impl/OverlayImpl.cpp index 9930ff9b56..b3b606ba98 100644 --- a/src/ripple/overlay/impl/OverlayImpl.cpp +++ b/src/ripple/overlay/impl/OverlayImpl.cpp @@ -939,6 +939,7 @@ OverlayImpl::getServerInfo() server_info.removeMember(jss::hostid); server_info.removeMember(jss::load_factor_fee_escalation); server_info.removeMember(jss::load_factor_fee_queue); + server_info.removeMember(jss::validation_quorum); if (server_info.isMember(jss::validated_ledger)) { @@ -974,6 +975,8 @@ OverlayImpl::getUnlInfo() } validators.removeMember(jss::signing_keys); + validators.removeMember(jss::trusted_validator_keys); + validators.removeMember(jss::validation_quorum); Json::Value validatorSites = app_.validatorSites().getJson(); @@ -1005,7 +1008,7 @@ OverlayImpl::processRequest (http_request_type const& req, msg.insert("Server", BuildInfo::getFullVersionString()); msg.insert("Content-Type", "application/json"); msg.insert("Connection", "close"); - msg.body()["version"] = Json::Value(1u); + msg.body()["version"] = Json::Value(2u); if (setup_.crawlOptions & CrawlOptions::Overlay) {