fix: Add zero domainID check for permissionedDomain (#7362)

2026-06-02 08:17:13 +00:00 · 2026-05-29 20:16:25 -04:00
parent 2f3558c610
commit 763dd503be
4 changed files with 58 additions and 0 deletions
--- a/src/libxrpl/ledger/helpers/PermissionedDEXHelpers.cpp
+++ b/src/libxrpl/ledger/helpers/PermissionedDEXHelpers.cpp
@@ -3,6 +3,8 @@
 #include <xrpl/basics/Log.h>
 #include <xrpl/basics/base_uint.h>
 #include <xrpl/beast/utility/Journal.h>
+#include <xrpl/beast/utility/Zero.h>
+#include <xrpl/beast/utility/instrumentation.h>
 #include <xrpl/ledger/ReadView.h>
 #include <xrpl/ledger/helpers/CredentialHelpers.h>
 #include <xrpl/protocol/AccountID.h>
@@ -19,6 +21,16 @@ namespace xrpl::permissioned_dex {
 bool
 accountInDomain(ReadView const& view, AccountID const& account, Domain const& domainID)
 {
+    // Avoid constructing a zero-key PermissionedDomain keylet.
+    // keylet::permissionedDomain(uint256) uses the DomainID as the ledger key.
+    if (view.rules().enabled(fixCleanup3_2_0) && domainID == beast::kZero)
+    {
+        // LCOV_EXCL_START
+        UNREACHABLE("xrpl::permissioned_dex::accountInDomain : domainID is zero");
+        return false;
+        // LCOV_EXCL_STOP
+    }
+
    auto const sleDomain = view.read(keylet::permissionedDomain(domainID));
    if (!sleDomain)
        return false;
--- a/src/libxrpl/tx/transactors/dex/OfferCreate.cpp
+++ b/src/libxrpl/tx/transactors/dex/OfferCreate.cpp
@@ -94,6 +94,12 @@ OfferCreate::preflight(PreflightContext const& ctx)
    if (tx.isFlag(tfHybrid) && !tx.isFieldPresent(sfDomainID))
        return temINVALID_FLAG;

+    // A zero DomainID is invalid for a PermissionedDomain ledger entry because
+    // keylet::permissionedDomain(uint256) uses the DomainID as the ledger key.
+    if (auto const domainID = tx[~sfDomainID];
+        ctx.rules.enabled(fixCleanup3_2_0) && domainID && *domainID == beast::kZero)
+        return temMALFORMED;
+
    bool const bImmediateOrCancel(tx.isFlag(tfImmediateOrCancel));
    bool const bFillOrKill(tx.isFlag(tfFillOrKill));

--- a/src/libxrpl/tx/transactors/payment/Payment.cpp
+++ b/src/libxrpl/tx/transactors/payment/Payment.cpp
@@ -125,6 +125,12 @@ Payment::preflight(PreflightContext const& ctx)
    if (!mpTokensV2 && isDstMPT && ctx.tx.isFieldPresent(sfPaths))
        return temMALFORMED;

+    // A zero DomainID is invalid for a PermissionedDomain ledger entry because
+    // keylet::permissionedDomain(uint256) uses the DomainID as the ledger key.
+    if (auto const domainID = tx[~sfDomainID];
+        ctx.rules.enabled(fixCleanup3_2_0) && domainID && *domainID == beast::kZero)
+        return temMALFORMED;
+
    bool const partialPaymentAllowed = tx.isFlag(tfPartialPayment);
    bool const limitQuality = tx.isFlag(tfLimitQuality);
    bool const defaultPathsAllowed = !tx.isFlag(tfNoRippleDirect);
--- a/src/test/app/PermissionedDEX_test.cpp
+++ b/src/test/app/PermissionedDEX_test.cpp
@@ -197,6 +197,20 @@ class PermissionedDEX_test : public beast::unit_test::Suite
            env.close();
        }

+        // test preflight - malformed DomainID being zero
+        // Only test this with fixCleanup3_2_0 enabled. Without the fix,
+        // an assert-enabled build can crash when Ledger::read() receives
+        // a zero-key PermissionedDomain keylet.
+        if (features[fixCleanup3_2_0])
+        {
+            Env env(*this, features);
+            auto const& [gw_, domainOwner, alice_, bob_, carol_, USD, domainID, credType] =
+                PermissionedDEX(env);
+
+            env(offer(bob_, XRP(10), USD(10)), Domain(uint256{}), Ter(temMALFORMED));
+            env.close();
+        }
+
        // preclaim - someone outside of the domain cannot create domain offer
        {
            Env env(*this, features);
@@ -396,6 +410,24 @@ class PermissionedDEX_test : public beast::unit_test::Suite
            env.close();
        }

+        // test preflight - malformed DomainID being zero
+        // Only test this with fixCleanup3_2_0 enabled. Without the fix,
+        // an assert-enabled build can crash when Ledger::read() receives
+        // a zero-key PermissionedDomain keylet.
+        if (features[fixCleanup3_2_0])
+        {
+            Env env(*this, features);
+            auto const& [gw_, domainOwner, alice_, bob_, carol_, USD, domainID, credType] =
+                PermissionedDEX(env);
+
+            env(pay(bob_, alice_, USD(10)),
+                Path(~USD),
+                Sendmax(XRP(10)),
+                Domain(uint256{}),
+                Ter(temMALFORMED));
+            env.close();
+        }
+
        // preclaim - cannot send payment with non existent domain
        {
            Env env(*this, features);
@@ -1772,7 +1804,9 @@ public:

        // Test domain offer (w/o hybrid)
        testOfferCreate(all);
+        testOfferCreate(all - fixCleanup3_2_0);
        testPayment(all);
+        testPayment(all - fixCleanup3_2_0);
        testBookStep(all);
        testRippling(all);
        testOfferTokenIssuerInDomain(all);