search

stacks-network / stacks-core

The Stacks blockchain implementation
https://docs.stacks.co
GNU General Public License v3.0
3.01k stars 671 forks source link

[SIGNER BUG] Private key may get leaked to logs #5245

Closed aryzing closed 1 month ago

aryzing commented 1 month ago

Describe the bug If there's an error processing the private key, the key value gets logged,

https://github.com/stacks-network/stacks-core/blob/6f498f80a1e6495aaf7789d3ff6c987663aaf011/stacks-signer/src/config.rs#L274

This isn't great, maybe there was a small typo like an extra space or accidental quotes around it which causes an error and gets leaked.

Steps To Reproduce Set an invalid key value, and signer will log it when it starts.

Expected behavior Perhaps a more generic error message that doesn't contain the key value: "Failed to parse private key, please check its value and try again."

blockstack-devops commented 3 weeks ago

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.