jtgrassie / monero-pool

A Monero mining pool server written in C
BSD 3-Clause "New" or "Revised" License
351 stars 124 forks source link

handle more than 1 cookie #80

Closed gavinbarnard closed 3 years ago

gavinbarnard commented 3 years ago

when my site sent more than 1 cookie miner stats were lost.

using strtok to split cookies by ; delimiter.

jtgrassie commented 3 years ago

You need to do this without strtok, or at least use the reentrant version.

jtgrassie commented 3 years ago

This also doesn't functionally change/fix anything, just introduces risk due to strtok.

gavinbarnard commented 3 years ago

Here is the functional difference without the fix wallet stats are not correctly retrieved. I will look at how to use the re-entrant version

monero@ubuntu-s-2vcpu-2gb-tor1-01:~$ curl -sb "wa=<removed>" https://monerop.com/stats | jq .
{
  "pool_hashrate": 74648,
  "round_hashes": 33900495690,
  "network_hashrate": 2248473717,
  "network_difficulty": 269816846058,
  "network_height": 2330837,
  "last_template_fetched": 1617408805,
  "last_block_found": 1616523104,
  "pool_blocks_found": 208,
  "payment_threshold": 0.33,
  "pool_fee": 0.005,
  "pool_port": 4242,
  "pool_ssl_port": 4343,
  "allow_self_select": 0,
  "connected_miners": 3,
  "miner_hashrate": 1458,
  "miner_hashrate_stats": [
    1458,
    323,
    110,
    55,
    2,
    0
  ],
  "miner_balance": 0
}
monero@ubuntu-s-2vcpu-2gb-tor1-01:~$ curl -sb "wa=<removed>;dark_mode=0" https://monerop.com/stats | jq .
{
  "pool_hashrate": 74648,
  "round_hashes": 33901571403,
  "network_hashrate": 2248473717,
  "network_difficulty": 269816846058,
  "network_height": 2330837,
  "last_template_fetched": 1617408805,
  "last_block_found": 1616523104,
  "pool_blocks_found": 208,
  "payment_threshold": 0.33,
  "pool_fee": 0.005,
  "pool_port": 4242,
  "pool_ssl_port": 4343,
  "allow_self_select": 0,
  "connected_miners": 3,
  "miner_hashrate": 0,
  "miner_hashrate_stats": [
    0,
    0,
    0,
    0,
    0,
    0
  ],
  "miner_balance": 0
}
jtgrassie commented 3 years ago

Gotcha. My point still stands wrt strtok. That introduces risk (it's not thread safe or reentrant). The simpler fix is to just NULL ; if found in the wa string.

jtgrassie commented 3 years ago

Try this:

diff --git a/src/webui.c b/src/webui.c
index 355bff8..6a0b356 100644
--- a/src/webui.c
+++ b/src/webui.c
@@ -83,6 +83,9 @@ send_json_stats(struct evhttp_request *req, void *arg)
         char *wa = strstr(cookies, "wa=");
         if (wa)
         {
+            char *sc = strstr(wa, ";");
+            if (sc)
+                *sc = 0;
             wa += 3;
             account_hr(mh, wa);
             uint64_t balance = account_balance(wa);