From d4746d56c0c45b8721da36bc19b2bdaba5d7d094 Mon Sep 17 00:00:00 2001
From: Mark Friedenbach <mark@blockstream.io>
Date: Thu, 16 Oct 2014 16:16:29 -0700
Subject: [PATCH] Add a SECURE style flag for ThreadSafeMessageBox, which
 indicates that the message contains sensitive information. This keeps the
 message from being output to the debug log by bitcoind. Fixes a possible
 security risk when starting bitcoind in server mode without the 'rpcpassword'
 option configured, resulting in the "suggested" password being output to the
 debug log.

---
 src/noui.cpp          | 6 +++++-
 src/qt/bitcoingui.cpp | 3 +++
 src/rpcserver.cpp     | 2 +-
 src/ui_interface.h    | 3 +++
 4 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/noui.cpp b/src/noui.cpp
index f786a20db..8f3b0275b 100644
--- a/src/noui.cpp
+++ b/src/noui.cpp
@@ -14,6 +14,9 @@
 
 static bool noui_ThreadSafeMessageBox(const std::string& message, const std::string& caption, unsigned int style)
 {
+    bool fSecure = style & CClientUIInterface::SECURE;
+    style &= ~CClientUIInterface::SECURE;
+
     std::string strCaption;
     // Check for usage of predefined caption
     switch (style) {
@@ -30,7 +33,8 @@ static bool noui_ThreadSafeMessageBox(const std::string& message, const std::str
         strCaption += caption; // Use supplied caption (can be empty)
     }
 
-    LogPrintf("%s: %s\n", strCaption, message);
+    if (!fSecure)
+        LogPrintf("%s: %s\n", strCaption, message);
     fprintf(stderr, "%s: %s\n", strCaption.c_str(), message.c_str());
     return false;
 }
diff --git a/src/qt/bitcoingui.cpp b/src/qt/bitcoingui.cpp
index 8a945606d..9d6d07a56 100644
--- a/src/qt/bitcoingui.cpp
+++ b/src/qt/bitcoingui.cpp
@@ -992,6 +992,9 @@ void BitcoinGUI::showProgress(const QString &title, int nProgress)
 static bool ThreadSafeMessageBox(BitcoinGUI *gui, const std::string& message, const std::string& caption, unsigned int style)
 {
     bool modal = (style & CClientUIInterface::MODAL);
+    // The SECURE flag has no effect in the Qt GUI.
+    // bool secure = (style & CClientUIInterface::SECURE);
+    style &= ~CClientUIInterface::SECURE;
     bool ret = false;
     // In case of modal message, use blocking connection to wait for user to click a button
     QMetaObject::invokeMethod(gui, "message",
diff --git a/src/rpcserver.cpp b/src/rpcserver.cpp
index 1a41344da..9668c7883 100644
--- a/src/rpcserver.cpp
+++ b/src/rpcserver.cpp
@@ -581,7 +581,7 @@ void StartRPCThreads()
                 strWhatAmI,
                 GetConfigFile().string(),
                 EncodeBase58(&rand_pwd[0],&rand_pwd[0]+32)),
-                "", CClientUIInterface::MSG_ERROR);
+                "", CClientUIInterface::MSG_ERROR | CClientUIInterface::SECURE);
         StartShutdown();
         return;
     }
diff --git a/src/ui_interface.h b/src/ui_interface.h
index f5224ba57..1231d5ed0 100644
--- a/src/ui_interface.h
+++ b/src/ui_interface.h
@@ -63,6 +63,9 @@ public:
         /** Force blocking, modal message box dialog (not just OS notification) */
         MODAL               = 0x10000000U,
 
+        /** Do not print contents of message to debug log */
+        SECURE              = 0x40000000U,
+
         /** Predefined combinations for certain default usage cases */
         MSG_INFORMATION = ICON_INFORMATION,
         MSG_WARNING = (ICON_WARNING | BTN_OK | MODAL),