jsonRPC.php verifymessage method throws 500 error when supplying bad signature

elbandi

hero member

Activity: 525

Merit: 531

Try to use this file: https://gitorious.org/elbandi/minifaucet/source/0581e2540518071cee37de0854ae8641e784dcab:jsonRPCClient.php

This is a same jsonrpc.php, but i changed to use curl instead of fopen.

kjj

legendary

Activity: 1302

Merit: 1026

That particular RPC client always claims that it can't access the RPC when it has an error. It is essentially the only error it knows.

You should be calling it from a try/catch block so that you can handle the exception yourself.

P.S. Change your RPC password. If you just noticed this now, it is in your logs dozens or hundreds of times.

P.P.S. It is trivial to patch the bitcoind verifymessage RPC call to return the pubkey of the signature rather than true/false. This patch will never be accepted into the main client because it is unsafe for human use, but it works great for a machine comparison/lookup to identify a user.

P.P.P.S. And by trivial, I mean I posted it here in the forums a while back.

coinminers

full member

Activity: 147

Merit: 100

Quote from: Remember remember the 5th of November on November 27, 2013, 02:21:16 AM

Quote from: coinminers on November 27, 2013, 01:43:01 AM

To be more precise the error is:

fopen(http://.../): failed to open stream: HTTP request failed! HTTP/1.1 500 Internal Server Error

Can you provide a link to this jsonRPC library? Also, look, it's trying to fopen something and is failing.

Thanks much for the reply.

http://jsonrpcphp.org/code.php?file=jsonRPCClient

If it was unable to fopen the rpc http connection then it would throw that message everytime I try to connect, but it only does when the signature supplied is invalid, in which case I'd expect it to return a FALSE or a 0 or something like that.

I put a hack into the jsonRPCClient for now where I suppress the fopen error and return a FALSE instead of a exception. This seems to have patched it for now:

if ($fp = @fopen($this->url, 'r', false, $context)) { // <         $response = '';
         while($row = fgets($fp)) {
            $response.= trim($row)."\n";
         }
         $this->debug && $this->debug.='***** Server response *****'."\n".$response.'***** End of server response *****'."\n";
         $response = json_decode($response,true);
      } else {
         //throw new Exception('Unable to connect to '.$this->url); // << COMMENTED OUT
         return false; // << RETURN FALSE INSTEAD
      }

Remember remember the 5th of November

legendary

Activity: 1862

Merit: 1011

Reverse engineer from time to time

Quote from: coinminers on November 27, 2013, 01:43:01 AM

To be more precise the error is:

fopen(http://.../): failed to open stream: HTTP request failed! HTTP/1.1 500 Internal Server Error

Can you provide a link to this jsonRPC library? Also, look, it's trying to fopen something and is failing.

coinminers

full member

Activity: 147

Merit: 100

To be more precise the error is:

fopen(http://.../): failed to open stream: HTTP request failed! HTTP/1.1 500 Internal Server Error

coinminers

full member

Activity: 147

Merit: 100

I have been trying to add the ability for people to change their shortname's address on my site http://bit.co.in

So what I'm trying to do is to access bitcoind via the jsonRPC.php library like so:

if ($bitcoin->verifymessage($oldAddress, $signature, $message) == 1) $addressOwnershipValidated = true;

When I supply a valid signature it works fine, but when I supply an invalid one just to test, it breaks with an error like this:

Server 500 Error: fopen(http://...127.0.0.1:8332) Can't open file

I even tried suppressing the error via @$bitcoin->verifymessage(...) and also tried a try ... catch, but it always throws that same error.

Any idea what I'm doing wrong?

Topic: jsonRPC.php verifymessage method throws 500 error when supplying bad signature (Read 1366 times)