diff --git a/src/ripple/rpc/handlers/AccountInfo.cpp b/src/ripple/rpc/handlers/AccountInfo.cpp index 3af70324bcd..13487dd2dae 100644 --- a/src/ripple/rpc/handlers/AccountInfo.cpp +++ b/src/ripple/rpc/handlers/AccountInfo.cpp @@ -125,6 +125,15 @@ doAccountInfo(RPC::JsonContext& context) } result[jss::account_flags] = std::move(acctFlags); + // The document states that signer_lists is a bool, however + // assigning any string value works. Do not allow this. + // This check is for api Version 2 onwards only + if (!params[jss::signer_lists].isBool() && context.apiVersion > 1) + { + RPC::inject_error(rpcINVALID_PARAMS, result); + return result; + } + // Return SignerList(s) if that is requested. if (params.isMember(jss::signer_lists) && params[jss::signer_lists].asBool()) diff --git a/src/test/rpc/AccountInfo_test.cpp b/src/test/rpc/AccountInfo_test.cpp index b8e479225d1..9108ac6360a 100644 --- a/src/test/rpc/AccountInfo_test.cpp +++ b/src/test/rpc/AccountInfo_test.cpp @@ -217,6 +217,10 @@ class AccountInfo_test : public beast::unit_test::suite "\"api_version\": 2, \"account\": \"" + alice.human() + "\", " + "\"signer_lists\": true }"; + auto const withSignersAsString = std::string("{ ") + + "\"api_version\": 2, \"account\": \"" + alice.human() + "\", " + + "\"signer_lists\": asdfggh }"; + // Alice has no SignerList yet. { // account_info without the "signer_lists" argument. @@ -263,6 +267,13 @@ class AccountInfo_test : public beast::unit_test::suite auto const& entry0 = signerEntries[0u][sfSignerEntry.jsonName]; BEAST_EXPECT(entry0[sfSignerWeight.jsonName] == 3); } + { + // account_info with "signer_lists" as not bool should error out + auto const info = + env.rpc("json", "account_info", withSignersAsString); + BEAST_EXPECT(info[jss::status] == "error"); + BEAST_EXPECT(info[jss::error] == "invalidParams"); + } // Give alice a big signer list Account const demon{"demon"};