Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lncli unlock --stdin uses newline instead of EOF as a terminator #5584

Open
ProofOfKeags opened this issue Jul 28, 2021 · 4 comments · May be fixed by #8657
Open

lncli unlock --stdin uses newline instead of EOF as a terminator #5584

ProofOfKeags opened this issue Jul 28, 2021 · 4 comments · May be fixed by #8657
Labels
beginner Issues suitable for new developers bug Unintended code behaviour good first issue Issues suitable for first time contributors to LND lncli P4 low prio parsing

Comments

@ProofOfKeags
Copy link
Collaborator

Background

lncli unlock --stdin will stop reading when it encounters its first newline, meaning that if your password has a newline in it, it will not be able to read it.

My suggestion is to read until EOF if it is coming in over stdin. The alternative is that we need a way to escape newlines so that lncli will propagate them instead of terminate on them.

Your environment

  • LND 0.13.0
  • Raspbian Buster
  • bitcoind 0.21.0

Steps to reproduce

  1. use REST or GRPC to create a wallet password with a newline in it.
  2. try and unlock wallet with cat pwd.txt | lncli unlock --stdin
  3. observe incorrect password error
  4. verify that password works by confirming over REST or GRPC

Expected behaviour

I'd expect that any password that can be created via any of the 3 interfaces would be usable on any of the 3 interfaces.

My recommendation is that if --stdin is set on lncli unlock that the stream is read until EOF rather than terminating on a newline as it does in the interactive mode.

Actual behaviour

Password is rejected because only a subset of it is read.
@Crypt-iQ
Copy link
Collaborator

why do you have a newline in the password ?

@ProofOfKeags
Copy link
Collaborator Author

We generated random byte passwords and used those.

@Roasbeef Roasbeef added beginner Issues suitable for new developers bug Unintended code behaviour lncli parsing labels Aug 5, 2021
@DarthBenro008
Copy link

Looks like a very simple and sensible fix, I would like to work on this!

@DarthBenro008 DarthBenro008 mentioned this issue Aug 18, 2021
Closed
10 tasks
@Roasbeef Roasbeef added the P4 low prio label Aug 31, 2021
@Kixunil
Copy link
Contributor

Kixunil commented Aug 31, 2021

random byte passwords

This is quite a footgun from my experience. I almost permanently lost access to my sats once because of having non-ascii chars in password. Here's a oneliner that generates secure password easily: head -c 18 /dev/urandom | base64

@ziggie1984 ziggie1984 added the good first issue Issues suitable for first time contributors to LND label Apr 15, 2024
@mohamedawnallah mohamedawnallah linked a pull request Apr 16, 2024 that will close this issue
Open
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
beginner Issues suitable for new developers bug Unintended code behaviour good first issue Issues suitable for first time contributors to LND lncli P4 low prio parsing
Projects
None yet
Milestone
No milestone
6 participants
@Roasbeef @Kixunil @ProofOfKeags @Crypt-iQ @DarthBenro008 @ziggie1984