8 files changed, 117 insertions, 16 deletions
diff --git a/contrib/epee/include/memwipe.h b/contrib/epee/include/memwipe.h
new file mode 100644
index 000000000..c3b4ce8ab
--- /dev/null
+++ b/contrib/epee/include/memwipe.h
@@ -0,0 +1,84 @@
+// Copyright (c) 2017, The Monero Project
+// 
+// All rights reserved.
+// 
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+// 
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//    conditions and the following disclaimer.
+// 
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//    of conditions and the following disclaimer in the documentation and/or other
+//    materials provided with the distribution.
+// 
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//    used to endorse or promote products derived from this software without specific
+//    prior written permission.
+// 
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+// 
+// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
+
+#pragma once
+
+#ifdef __cplusplus
+#include <array>
+
+extern "C" {
+#endif
+
+void *memwipe(void *src, size_t n);
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifdef __cplusplus
+namespace tools {
+
+  /// Scrubs data in the contained type upon destruction.
+  ///
+  /// Primarily useful for making sure that private keys don't stick around in
+  /// memory after the objects that held them have gone out of scope.
+  template <class T>
+  struct scrubbed : public T {
+    using type = T;
+
+    ~scrubbed() {
+      scrub();
+    }
+
+    /// Destroy the contents of the contained type.
+    void scrub() {
+      static_assert(std::is_pod<T>::value,
+                    "T cannot be auto-scrubbed. T must be POD.");
+      static_assert(std::is_trivially_destructible<T>::value,
+                    "T cannot be auto-scrubbed. T must be trivially destructable.");
+      memwipe(this, sizeof(T));
+    }
+  };
+
+  template <class T, size_t N>
+  using scrubbed_arr = scrubbed<std::array<T, N>>;
+} // namespace tools
+
+// Partial specialization for std::is_pod<tools::scrubbed<T>> so that it can
+// pretend to be the containted type in those contexts.
+namespace std
+{
+  template<class t_scrubbee>
+  struct is_pod<tools::scrubbed<t_scrubbee>> {
+    static const bool value = is_pod<t_scrubbee>::value;
+  };
+}
+
+#endif // __cplusplus
diff --git a/contrib/epee/include/net/http_auth.h b/contrib/epee/include/net/http_auth.h
index 841cebc17..71f56b570 100644
--- a/contrib/epee/include/net/http_auth.h
+++ b/contrib/epee/include/net/http_auth.h
@@ -71,8 +71,8 @@ namespace net_utils
         std::uint32_t counter;
       };
 
-      http_server_auth() : user() {}
-      http_server_auth(login credentials);
+      http_server_auth() : user(), rng() {}
+      http_server_auth(login credentials, std::function<void(size_t, uint8_t*)> r);
 
       //! \return Auth response, or `boost::none` iff `request` had valid auth.
       boost::optional<http_response_info> get_response(const http_request_info& request)
@@ -81,10 +81,13 @@ namespace net_utils
           return do_get_response(request);
         return boost::none;
       }
+
     private:
       boost::optional<http_response_info> do_get_response(const http_request_info& request);
 
       boost::optional<session> user;
+
+      std::function<void(size_t, uint8_t*)> rng;
     };
 
     //! Implements RFC 2617 digest auth. Digests from RFC 7616 can be added.
diff --git a/contrib/epee/include/net/http_protocol_handler.h b/contrib/epee/include/net/http_protocol_handler.h
index 652d8ff6f..b4485d1cd 100644
--- a/contrib/epee/include/net/http_protocol_handler.h
+++ b/contrib/epee/include/net/http_protocol_handler.h
@@ -160,6 +160,7 @@ namespace net_utils
 		struct custum_handler_config: public http_server_config
 		{
 			i_http_server_handler<t_connection_context>* m_phandler;
+			std::function<void(size_t, uint8_t*)> rng;
 		};
 
 		/************************************************************************/
@@ -176,7 +177,7 @@ namespace net_utils
 				: simple_http_connection_handler<t_connection_context>(psnd_hndlr, config),
 					m_config(config),
 					m_conn_context(conn_context),
-					m_auth(m_config.m_user ? http_server_auth{*m_config.m_user} : http_server_auth{})
+					m_auth(m_config.m_user ? http_server_auth{*m_config.m_user, config.rng} : http_server_auth{})
 			{}
 			inline bool handle_request(const http_request_info& query_info, http_response_info& response)
 			{
diff --git a/contrib/epee/include/net/http_server_impl_base.h b/contrib/epee/include/net/http_server_impl_base.h
index 8b8e31b51..1a97e610a 100644
--- a/contrib/epee/include/net/http_server_impl_base.h
+++ b/contrib/epee/include/net/http_server_impl_base.h
@@ -55,13 +55,14 @@ namespace epee
         : m_net_server(external_io_service)
     {}
 
-    bool init(const std::string& bind_port = "0", const std::string& bind_ip = "0.0.0.0",
+    bool init(std::function<void(size_t, uint8_t*)> rng, const std::string& bind_port = "0", const std::string& bind_ip = "0.0.0.0",
       std::vector<std::string> access_control_origins = std::vector<std::string>(),
       boost::optional<net_utils::http::login> user = boost::none)
     {
 
       //set self as callback handler
       m_net_server.get_config_object().m_phandler = static_cast<t_child_class*>(this);
+      m_net_server.get_config_object().rng = std::move(rng);
 
       //here set folder for hosting reqests
       m_net_server.get_config_object().m_folder = "";
diff --git a/contrib/epee/include/net/network_throttle.hpp b/contrib/epee/include/net/network_throttle.hpp
index fffd22a6a..225ffee04 100644
--- a/contrib/epee/include/net/network_throttle.hpp
+++ b/contrib/epee/include/net/network_throttle.hpp
@@ -99,8 +99,6 @@ struct calculate_times_struct {
 typedef calculate_times_struct calculate_times_struct;
 
 
-namespace cryptonote { class cryptonote_protocol_handler_base; } // a friend class // TODO friend not working
-
 /*** 
 @brief Access to simple throttles, with singlton to access global network limits
 */
@@ -117,7 +115,6 @@ class network_throttle_manager {
     static boost::mutex m_lock_get_global_throttle_inreq;
     static boost::mutex m_lock_get_global_throttle_out;
 
-		friend class cryptonote::cryptonote_protocol_handler_base; // FRIEND - to directly access global throttle-s. !! REMEMBER TO USE LOCKS!
 		friend class connection_basic; // FRIEND - to directly access global throttle-s. !! REMEMBER TO USE LOCKS!
 		friend class connection_basic_pimpl; // ditto
 
diff --git a/contrib/epee/include/serialization/keyvalue_serialization.h b/contrib/epee/include/serialization/keyvalue_serialization.h
index d4413a71b..5791e1998 100644
--- a/contrib/epee/include/serialization/keyvalue_serialization.h
+++ b/contrib/epee/include/serialization/keyvalue_serialization.h
@@ -31,7 +31,6 @@
 #include "misc_log_ex.h"
 #include "enableable.h"
 #include "keyvalue_serialization_overloads.h"
-#include "serialization/serialization.h"
 
 namespace epee
 {
diff --git a/contrib/epee/include/storages/levin_abstract_invoke2.h b/contrib/epee/include/storages/levin_abstract_invoke2.h
index 8ced9d689..b4f7abca8 100644
--- a/contrib/epee/include/storages/levin_abstract_invoke2.h
+++ b/contrib/epee/include/storages/levin_abstract_invoke2.h
@@ -60,8 +60,7 @@ namespace epee
         LOG_ERROR("Failed to load_from_binary on command " << command);
         return false;
       }
-      result_struct.load(stg_ret);
-      return true;
+      return result_struct.load(stg_ret);
     }
 
     template<class t_arg, class t_transport>
@@ -105,9 +104,7 @@ namespace epee
         LOG_ERROR("Failed to load_from_binary on command " << command);
         return false;
       }
-      result_struct.load(stg_ret);
-
-      return true;
+      return result_struct.load(stg_ret);
     }
 
     template<class t_result, class t_arg, class callback_t, class t_transport>
@@ -133,7 +130,12 @@ namespace epee
           cb(LEVIN_ERROR_FORMAT, result_struct, context);
           return false;
         }
-        result_struct.load(stg_ret);
+        if (!result_struct.load(stg_ret))
+        {
+          LOG_ERROR("Failed to load result struct on command " << command);
+          cb(LEVIN_ERROR_FORMAT, result_struct, context);
+          return false;
+        }
         cb(code, result_struct, context);
         return true;
       }, inv_timeout);
@@ -176,7 +178,11 @@ namespace epee
       boost::value_initialized<t_in_type> in_struct;
       boost::value_initialized<t_out_type> out_struct;
 
-      static_cast<t_in_type&>(in_struct).load(strg);
+      if (!static_cast<t_in_type&>(in_struct).load(strg))
+      {
+        LOG_ERROR("Failed to load in_struct in command " << command);
+        return -1;
+      }
       int res = cb(command, static_cast<t_in_type&>(in_struct), static_cast<t_out_type&>(out_struct), context);
       serialization::portable_storage strg_out;
       static_cast<t_out_type&>(out_struct).store(strg_out);
@@ -200,7 +206,11 @@ namespace epee
         return -1;
       }
       boost::value_initialized<t_in_type> in_struct;
-      static_cast<t_in_type&>(in_struct).load(strg);
+      if (!static_cast<t_in_type&>(in_struct).load(strg))
+      {
+        LOG_ERROR("Failed to load in_struct in notify " << command);
+        return -1;
+      }
       return cb(command, in_struct, context);
     }
 
diff --git a/contrib/epee/include/storages/portable_storage_val_converters.h b/contrib/epee/include/storages/portable_storage_val_converters.h
index 52aa09eba..36bb28627 100644
--- a/contrib/epee/include/storages/portable_storage_val_converters.h
+++ b/contrib/epee/include/storages/portable_storage_val_converters.h
@@ -28,6 +28,7 @@
 
 #pragma once
 
+#include <time.h>
 #include <boost/regex.hpp>
 
 #include "misc_language.h"
@@ -149,9 +150,14 @@ POP_WARNINGS
         else if (boost::regex_match (from, boost::regex("\\d{4}-[01]\\d-[0-3]\\dT[0-2]\\d:[0-5]\\d:[0-5]\\dZ")))
         {
           // Convert to unix timestamp
+#ifdef HAVE_STRPTIME
+          struct tm tm;
+          if (strptime(from.c_str(), "%Y-%m-%dT%H:%M:%S", &tm))
+#else
           std::tm tm = {};
           std::istringstream ss(from);
           if (ss >> std::get_time(&tm, "%Y-%m-%dT%H:%M:%S"))
+#endif
             to = std::mktime(&tm);
         } else
           ASSERT_AND_THROW_WRONG_CONVERSION();