diff --git a/modules/ripple_data/protocol/ripple_SerializedTypes.h b/modules/ripple_data/protocol/ripple_SerializedTypes.h index d600867a7e..e082dec310 100644 --- a/modules/ripple_data/protocol/ripple_SerializedTypes.h +++ b/modules/ripple_data/protocol/ripple_SerializedTypes.h @@ -215,11 +215,12 @@ private: class STAmount : public SerializedType { public: - static const int cMinOffset = -96, cMaxOffset = 80; - static const uint64 cMinValue = 1000000000000000ull, cMaxValue = 9999999999999999ull; - static const uint64 cMaxNative = 9000000000000000000ull; - static const uint64 cNotNative = 0x8000000000000000ull; - static const uint64 cPosNative = 0x4000000000000000ull; + static const int cMinOffset = -96, cMaxOffset = 80; + static const uint64 cMinValue = 1000000000000000ull, cMaxValue = 9999999999999999ull; + static const uint64 cMaxNative = 9000000000000000000ull; + static const uint64 cMaxNativeN = 100000000000000000ull; // max native value on network + static const uint64 cNotNative = 0x8000000000000000ull; + static const uint64 cPosNative = 0x4000000000000000ull; static uint64 uRateOne; @@ -311,6 +312,7 @@ public: bool isNegative() const { return mIsNegative && !isZero(); } bool isPositive() const { return !mIsNegative && !isZero(); } bool isGEZero() const { return !mIsNegative; } + bool isLegalNet() const { return !mIsNative || (mValue < cMaxNativeN); } operator bool() const { return !isZero(); } void negate() { if (!isZero()) mIsNegative = !mIsNegative; } diff --git a/src/cpp/ripple/OfferCreateTransactor.cpp b/src/cpp/ripple/OfferCreateTransactor.cpp index 821b33916f..620fac726a 100644 --- a/src/cpp/ripple/OfferCreateTransactor.cpp +++ b/src/cpp/ripple/OfferCreateTransactor.cpp @@ -367,6 +367,9 @@ TER OfferCreateTransactor::doApply() STAmount saTakerPays = mTxn.getFieldAmount(sfTakerPays); STAmount saTakerGets = mTxn.getFieldAmount(sfTakerGets); + if (!saTakerPays.isLegalNet() || !saTakerGets.isLegalNet()) + return temBAD_AMOUNT; + WriteLog (lsTRACE, OfferCreateTransactor) << boost::str(boost::format("OfferCreate: saTakerPays=%s saTakerGets=%s") % saTakerPays.getFullText() % saTakerGets.getFullText()); @@ -587,8 +590,7 @@ TER OfferCreateTransactor::doApply() // Add offer to owner's directory. terResult = lesActive.dirAdd(uOwnerNode, Ledger::getOwnerDirIndex(mTxnAccountID), uLedgerIndex, - BIND_TYPE(&Ledger::qualityDirDescriber, P_1, saTakerPays.getCurrency(), uPaysIssuerID, - saTakerGets.getCurrency(), uGetsIssuerID, uRate)); + BIND_TYPE(&Ledger::ownerDirDescriber, P_1, mTxnAccountID)); if (tesSUCCESS == terResult) diff --git a/src/cpp/ripple/PaymentTransactor.cpp b/src/cpp/ripple/PaymentTransactor.cpp index 11b292a153..4ac8d407f9 100644 --- a/src/cpp/ripple/PaymentTransactor.cpp +++ b/src/cpp/ripple/PaymentTransactor.cpp @@ -27,6 +27,9 @@ TER PaymentTransactor::doApply() % saMaxAmount.getFullText() % saDstAmount.getFullText()); + if (!saDstAmount.isLegalNet() || !saMaxAmount.isLegalNet()) + return temBAD_AMOUNT; + if (uTxFlags & tfPaymentMask) { WriteLog (lsINFO, PaymentTransactor) << "Payment: Malformed transaction: Invalid flags set."; diff --git a/src/cpp/ripple/Transactor.cpp b/src/cpp/ripple/Transactor.cpp index 6a7bf4a683..c85825a1e0 100644 --- a/src/cpp/ripple/Transactor.cpp +++ b/src/cpp/ripple/Transactor.cpp @@ -48,6 +48,8 @@ uint64 Transactor::calculateBaseFee() TER Transactor::payFee() { STAmount saPaid = mTxn.getTransactionFee(); + if (!saPaid.isLegalNet()) + return temBAD_AMOUNT; // Only check fee is sufficient when the ledger is open. if (isSetBit(mParams, tapOPEN_LEDGER) && saPaid < mFeeDue) diff --git a/src/cpp/ripple/TrustSetTransactor.cpp b/src/cpp/ripple/TrustSetTransactor.cpp index 6ac24adbdf..46285d3d39 100644 --- a/src/cpp/ripple/TrustSetTransactor.cpp +++ b/src/cpp/ripple/TrustSetTransactor.cpp @@ -16,6 +16,9 @@ TER TrustSetTransactor::doApply() uint32 uQualityIn = bQualityIn ? mTxn.getFieldU32(sfQualityIn) : 0; uint32 uQualityOut = bQualityOut ? mTxn.getFieldU32(sfQualityOut) : 0; + if (!saLimitAmount.isLegalNet()) + return temBAD_AMOUNT; + if (bQualityIn && QUALITY_ONE == uQualityIn) uQualityIn = 0;