Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SIGNER BUG] Private key may get leaked to logs #5245

Closed
aryzing opened this issue Sep 26, 2024 · 1 comment
Closed

[SIGNER BUG] Private key may get leaked to logs #5245

aryzing opened this issue Sep 26, 2024 · 1 comment
Assignees
@jferrant
Labels
locked signer

Comments

@aryzing
Copy link

aryzing commented Sep 26, 2024

Describe the bug
If there's an error processing the private key, the key value gets logged,

stacks-core/stacks-signer/src/config.rs

Line 274 in 6f498f8

StacksPrivateKey::from_hex(&raw_data.stacks_private_key).map_err(|_| {

This isn't great, maybe there was a small typo like an extra space or accidental quotes around it which causes an error and gets leaked.

Steps To Reproduce
Set an invalid key value, and signer will log it when it starts.

Expected behavior
Perhaps a more generic error message that doesn't contain the key value: "Failed to parse private key, please check its value and try again."
@aryzing aryzing added the signer label Sep 26, 2024
@github-project-automation github-project-automation bot moved this to Status: 🆕 New in Stacks Core Eng Sep 26, 2024
@jferrant jferrant self-assigned this Sep 27, 2024
@jferrant jferrant mentioned this issue Sep 27, 2024
Merged
@jferrant jferrant moved this from Status: 🆕 New to Status: In Review in Stacks Core Eng Sep 27, 2024
@github-project-automation github-project-automation bot moved this from Status: In Review to Status: ✅ Done in Stacks Core Eng Sep 30, 2024
@blockstack-devops
Copy link
Contributor

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@stacks-network stacks-network locked as resolved and limited conversation to collaborators Oct 25, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@jferrant jferrant

Labels
locked signer
Projects
Stacks Core Eng
Status: Status: ✅ Done
Milestone
No milestone
Development

No branches or pull requests
3 participants
@aryzing @jferrant @blockstack-devops