ARCHIVE/rippled
1
0
Fork 0
mirror of https://github.com/XRPLF/rippled.git synced 2025-11-30 07:55:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Correct handling of unauthorized offers (RIPD-1481)

Browse Source
This commit is contained in:
Scott Schurr
2017-06-21 13:01:03 -07:00
committed by seelabs
parent df086301b6
commit b24d47c093
2 changed files with 213 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/ripple/app/paths/impl/BookStep.cpp
View File

@@ -523,8 +523,10 @@ BookStep<TIn, TOut, TDerived>::forEachOffer (
continue;
// Make sure offer owner has authorization to own IOUs from issuer.
// An account can always own their own IOUs.
if (flowCross && (offer.owner() != offer.issueIn().account))
// An account can always own XRP or their own IOUs.
if (flowCross &&
(!isXRP (offer.issueIn().currency)) &&
(offer.owner() != offer.issueIn().account))
{
auto const& issuerID = offer.issueIn().account;
auto const issuer = afView.read (keylet::account (issuerID));
@@ -533,10 +535,10 @@ BookStep<TIn, TOut, TDerived>::forEachOffer (
// Issuer requires authorization. See if offer owner has that.
auto const& ownerID = offer.owner();
auto const authFlag =
ownerID > issuerID ? lsfHighAuth : lsfLowAuth;
issuerID > ownerID ? lsfHighAuth : lsfLowAuth;
auto const line = afView.read (keylet::line (
ownerID, issuerID, offer.issueOut().currency));
ownerID, issuerID, offer.issueIn().currency));
if (!line || (((*line)[sfFlags] & authFlag) == 0))
{