From 2316d843d7f9bc6963b3519f4464913c27eb7335 Mon Sep 17 00:00:00 2001 From: Bronek Kozicki Date: Tue, 12 Nov 2024 23:24:52 +0000 Subject: [PATCH 1/4] Fix ledger_entry crash on invalid credentials request (#5189) --- src/test/rpc/LedgerRPC_test.cpp | 135 ++++++++++++++++++++++++- src/xrpld/rpc/handlers/LedgerEntry.cpp | 6 ++ 2 files changed, 137 insertions(+), 4 deletions(-) diff --git a/src/test/rpc/LedgerRPC_test.cpp b/src/test/rpc/LedgerRPC_test.cpp index c5e10198c49..41657468666 100644 --- a/src/test/rpc/LedgerRPC_test.cpp +++ b/src/test/rpc/LedgerRPC_test.cpp @@ -26,6 +26,7 @@ #include #include #include +#include #include #include #include @@ -1207,6 +1208,42 @@ class LedgerRPC_test : public beast::unit_test::suite checkErrorValue(jrr[jss::result], "malformedRequest", ""); } + { + // Failed, authorized_credentials contains string data + Json::Value jvParams; + jvParams[jss::ledger_index] = jss::validated; + jvParams[jss::deposit_preauth][jss::owner] = bob.human(); + jvParams[jss::deposit_preauth][jss::authorized_credentials] = + Json::arrayValue; + auto& arr( + jvParams[jss::deposit_preauth][jss::authorized_credentials]); + arr.append("foobar"); + + auto const jrr = + env.rpc("json", "ledger_entry", to_string(jvParams)); + checkErrorValue( + jrr[jss::result], "malformedAuthorizedCredentials", ""); + } + + { + // Failed, authorized_credentials contains arrays + Json::Value jvParams; + jvParams[jss::ledger_index] = jss::validated; + jvParams[jss::deposit_preauth][jss::owner] = bob.human(); + jvParams[jss::deposit_preauth][jss::authorized_credentials] = + Json::arrayValue; + auto& arr( + jvParams[jss::deposit_preauth][jss::authorized_credentials]); + Json::Value payload = Json::arrayValue; + payload.append(42); + arr.append(std::move(payload)); + + auto const jrr = + env.rpc("json", "ledger_entry", to_string(jvParams)); + checkErrorValue( + jrr[jss::result], "malformedAuthorizedCredentials", ""); + } + { // Failed, authorized_credentials is empty array Json::Value jvParams; @@ -1263,6 +1300,27 @@ class LedgerRPC_test : public beast::unit_test::suite jrr[jss::result], "malformedAuthorizedCredentials", ""); } + { + // Failed, issuer is not set + Json::Value jvParams; + jvParams[jss::ledger_index] = jss::validated; + jvParams[jss::deposit_preauth][jss::owner] = bob.human(); + + jvParams[jss::deposit_preauth][jss::authorized_credentials] = + Json::arrayValue; + auto& arr( + jvParams[jss::deposit_preauth][jss::authorized_credentials]); + + Json::Value jo; + jo[jss::credential_type] = strHex(std::string_view(credType)); + arr.append(std::move(jo)); + + auto const jrr = + env.rpc("json", "ledger_entry", to_string(jvParams)); + checkErrorValue( + jrr[jss::result], "malformedAuthorizedCredentials", ""); + } + { // Failed, issuer isn't string Json::Value jvParams; @@ -1285,6 +1343,30 @@ class LedgerRPC_test : public beast::unit_test::suite jrr[jss::result], "malformedAuthorizedCredentials", ""); } + { + // Failed, issuer is an array + Json::Value jvParams; + jvParams[jss::ledger_index] = jss::validated; + jvParams[jss::deposit_preauth][jss::owner] = bob.human(); + + jvParams[jss::deposit_preauth][jss::authorized_credentials] = + Json::arrayValue; + auto& arr( + jvParams[jss::deposit_preauth][jss::authorized_credentials]); + + Json::Value jo; + Json::Value payload = Json::arrayValue; + payload.append(42); + jo[jss::issuer] = std::move(payload); + jo[jss::credential_type] = strHex(std::string_view(credType)); + arr.append(std::move(jo)); + + auto const jrr = + env.rpc("json", "ledger_entry", to_string(jvParams)); + checkErrorValue( + jrr[jss::result], "malformedAuthorizedCredentials", ""); + } + { // Failed, issuer isn't valid encoded account Json::Value jvParams; @@ -1307,12 +1389,32 @@ class LedgerRPC_test : public beast::unit_test::suite jrr[jss::result], "malformedAuthorizedCredentials", ""); } + { + // Failed, credential_type is not set + Json::Value jvParams; + jvParams[jss::ledger_index] = jss::validated; + jvParams[jss::deposit_preauth][jss::owner] = bob.human(); + + jvParams[jss::deposit_preauth][jss::authorized_credentials] = + Json::arrayValue; + auto& arr( + jvParams[jss::deposit_preauth][jss::authorized_credentials]); + + Json::Value jo; + jo[jss::issuer] = issuer.human(); + arr.append(std::move(jo)); + + auto const jrr = + env.rpc("json", "ledger_entry", to_string(jvParams)); + checkErrorValue( + jrr[jss::result], "malformedAuthorizedCredentials", ""); + } + { // Failed, credential_type isn't string Json::Value jvParams; jvParams[jss::ledger_index] = jss::validated; jvParams[jss::deposit_preauth][jss::owner] = bob.human(); - jvParams[jss::deposit_preauth][jss::authorized] = alice.human(); jvParams[jss::deposit_preauth][jss::authorized_credentials] = Json::arrayValue; @@ -1326,7 +1428,32 @@ class LedgerRPC_test : public beast::unit_test::suite auto const jrr = env.rpc("json", "ledger_entry", to_string(jvParams)); - checkErrorValue(jrr[jss::result], "malformedRequest", ""); + checkErrorValue( + jrr[jss::result], "malformedAuthorizedCredentials", ""); + } + + { + // Failed, credential_type is an array + Json::Value jvParams; + jvParams[jss::ledger_index] = jss::validated; + jvParams[jss::deposit_preauth][jss::owner] = bob.human(); + + jvParams[jss::deposit_preauth][jss::authorized_credentials] = + Json::arrayValue; + auto& arr( + jvParams[jss::deposit_preauth][jss::authorized_credentials]); + + Json::Value jo; + jo[jss::issuer] = issuer.human(); + Json::Value payload = Json::arrayValue; + payload.append(42); + jo[jss::credential_type] = std::move(payload); + arr.append(std::move(jo)); + + auto const jrr = + env.rpc("json", "ledger_entry", to_string(jvParams)); + checkErrorValue( + jrr[jss::result], "malformedAuthorizedCredentials", ""); } { @@ -1334,7 +1461,6 @@ class LedgerRPC_test : public beast::unit_test::suite Json::Value jvParams; jvParams[jss::ledger_index] = jss::validated; jvParams[jss::deposit_preauth][jss::owner] = bob.human(); - jvParams[jss::deposit_preauth][jss::authorized] = alice.human(); jvParams[jss::deposit_preauth][jss::authorized_credentials] = Json::arrayValue; @@ -1348,7 +1474,8 @@ class LedgerRPC_test : public beast::unit_test::suite auto const jrr = env.rpc("json", "ledger_entry", to_string(jvParams)); - checkErrorValue(jrr[jss::result], "malformedRequest", ""); + checkErrorValue( + jrr[jss::result], "malformedAuthorizedCredentials", ""); } } diff --git a/src/xrpld/rpc/handlers/LedgerEntry.cpp b/src/xrpld/rpc/handlers/LedgerEntry.cpp index 6a3b7a48686..5d03bbb189d 100644 --- a/src/xrpld/rpc/handlers/LedgerEntry.cpp +++ b/src/xrpld/rpc/handlers/LedgerEntry.cpp @@ -41,6 +41,12 @@ parseAuthorizeCredentials(Json::Value const& jv) STArray arr(sfAuthorizeCredentials, jv.size()); for (auto const& jo : jv) { + if (!jo.isObject() || // + !jo.isMember(jss::issuer) || !jo[jss::issuer].isString() || + !jo.isMember(jss::credential_type) || + !jo[jss::credential_type].isString()) + return {}; + auto const issuer = parseBase58(jo[jss::issuer].asString()); if (!issuer || !*issuer) return {}; From 8186253707f2f60d1566878af5065799b6eb0ef8 Mon Sep 17 00:00:00 2001 From: Mayukha Vadari Date: Tue, 12 Nov 2024 18:37:15 -0500 Subject: [PATCH 2/4] fix: include `index` in `server_definitions` RPC (#5190) --- src/libxrpl/protocol/SField.cpp | 3 +++ src/test/rpc/ServerInfo_test.cpp | 22 ++++++++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/src/libxrpl/protocol/SField.cpp b/src/libxrpl/protocol/SField.cpp index 18226008504..537fa557fcc 100644 --- a/src/libxrpl/protocol/SField.cpp +++ b/src/libxrpl/protocol/SField.cpp @@ -72,7 +72,10 @@ TypedField::TypedField(private_access_tag_t pat, Args&&... args) // SFields which, for historical reasons, do not follow naming conventions. SField const sfInvalid(access, -1); SField const sfGeneric(access, 0); +// The following two fields aren't used anywhere, but they break tests/have +// downstream effects. SField const sfHash(access, STI_UINT256, 257, "hash"); +SField const sfIndex(access, STI_UINT256, 258, "index"); #include diff --git a/src/test/rpc/ServerInfo_test.cpp b/src/test/rpc/ServerInfo_test.cpp index fbeb4220d16..e6f889c5bdf 100644 --- a/src/test/rpc/ServerInfo_test.cpp +++ b/src/test/rpc/ServerInfo_test.cpp @@ -198,6 +198,28 @@ admin = 127.0.0.1 BEAST_EXPECT( result[jss::result][jss::TYPES]["AccountID"].asUInt() == 8); + // check exception SFields + { + auto const fieldExists = [&](std::string name) { + for (auto& field : result[jss::result][jss::FIELDS]) + { + if (field[0u].asString() == name) + { + return true; + } + } + return false; + }; + BEAST_EXPECT(fieldExists("Generic")); + BEAST_EXPECT(fieldExists("Invalid")); + BEAST_EXPECT(fieldExists("ObjectEndMarker")); + BEAST_EXPECT(fieldExists("ArrayEndMarker")); + BEAST_EXPECT(fieldExists("taker_gets_funded")); + BEAST_EXPECT(fieldExists("taker_pays_funded")); + BEAST_EXPECT(fieldExists("hash")); + BEAST_EXPECT(fieldExists("index")); + } + // test that base_uint types are replaced with "Hash" prefix { auto const types = result[jss::result][jss::TYPES]; From 838978b86957534e801859e805f748627af9529c Mon Sep 17 00:00:00 2001 From: Ed Hennis Date: Tue, 12 Nov 2024 18:40:22 -0500 Subject: [PATCH 3/4] Set version to 2.3.0-rc2 --- src/libxrpl/protocol/BuildInfo.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libxrpl/protocol/BuildInfo.cpp b/src/libxrpl/protocol/BuildInfo.cpp index 833240f531d..c3d0bd1f92d 100644 --- a/src/libxrpl/protocol/BuildInfo.cpp +++ b/src/libxrpl/protocol/BuildInfo.cpp @@ -33,7 +33,7 @@ namespace BuildInfo { // and follow the format described at http://semver.org/ //------------------------------------------------------------------------------ // clang-format off -char const* const versionString = "2.3.0-rc1" +char const* const versionString = "2.3.0-rc2" // clang-format on #if defined(DEBUG) || defined(SANITIZER) From 0ec17b6026298dc150099b66a2cecad0fe561d1b Mon Sep 17 00:00:00 2001 From: Olek <115580134+oleks-rip@users.noreply.github.com> Date: Mon, 18 Nov 2024 13:58:25 -0500 Subject: [PATCH 4/4] fix: check for valid ammID field in amm_info RPC (#5188) --- src/test/rpc/AMMInfo_test.cpp | 19 +++++++++++++++++++ src/xrpld/rpc/handlers/AMMInfo.cpp | 2 ++ 2 files changed, 21 insertions(+) diff --git a/src/test/rpc/AMMInfo_test.cpp b/src/test/rpc/AMMInfo_test.cpp index e4523bb0473..c1e059a3ead 100644 --- a/src/test/rpc/AMMInfo_test.cpp +++ b/src/test/rpc/AMMInfo_test.cpp @@ -316,6 +316,24 @@ class AMMInfo_test : public jtx::AMMTestBase }); } + void + testInvalidAmmField() + { + using namespace jtx; + testcase("Invalid amm field"); + + testAMM([&](AMM& amm, Env&) { + auto const resp = amm.ammRpcInfo( + std::nullopt, + jss::validated.c_str(), + std::nullopt, + std::nullopt, + gw); + BEAST_EXPECT( + resp.isMember("error") && resp["error"] == "actNotFound"); + }); + } + void run() override { @@ -323,6 +341,7 @@ class AMMInfo_test : public jtx::AMMTestBase testSimpleRpc(); testVoteAndBid(); testFreeze(); + testInvalidAmmField(); } }; diff --git a/src/xrpld/rpc/handlers/AMMInfo.cpp b/src/xrpld/rpc/handlers/AMMInfo.cpp index aad8faea213..9d5b20f1d63 100644 --- a/src/xrpld/rpc/handlers/AMMInfo.cpp +++ b/src/xrpld/rpc/handlers/AMMInfo.cpp @@ -132,6 +132,8 @@ doAMMInfo(RPC::JsonContext& context) if (!sle) return Unexpected(rpcACT_MALFORMED); ammID = sle->getFieldH256(sfAMMID); + if (ammID->isZero()) + return Unexpected(rpcACT_NOT_FOUND); } if (params.isMember(jss::account))