Skip to content

Added type checks: if (!params[jss::channel_id].isString()) return rpcError(rpcINVALID_PARAMS); and similarly for signature.#7582

Open
harshitgupta62 wants to merge 1 commit into
XRPLF:developfrom
harshitgupta62:fix-channel-id-type-validation
Open

Added type checks: if (!params[jss::channel_id].isString()) return rpcError(rpcINVALID_PARAMS); and similarly for signature.#7582
harshitgupta62 wants to merge 1 commit into
XRPLF:developfrom
harshitgupta62:fix-channel-id-type-validation

Conversation

@harshitgupta62

@harshitgupta62 harshitgupta62 commented Jun 21, 2026

Copy link
Copy Markdown

High Level Overview of Change

Fixes #6765

Adds isString() type validation checks before calling asString()
on the channel_id parameter in ChannelAuthorize.cpp and on both
channel_id and signature parameters in ChannelVerify.cpp.

Previously, non-string inputs (e.g. integers, arrays) could be
silently coerced or cause unexpected behavior. Now, invalid types
return rpcINVALID_PARAMS immediately, consistent with the existing
pattern used for the amount field in the same handlers.

@github-actions

github-actions Bot commented Jun 21, 2026

Copy link
Copy Markdown

⚠️ This PR contains unsigned commits. To get your PR merged, please sign them. ⚠️

If only the most recent commit is unsigned, you can run:

  1. Amend the commit: git commit --amend --no-edit -n -S
  2. Overwrite the commit: git push --force-with-lease

If multiple commits are unsigned, you can run:

  1. Go into interactive rebase mode: git rebase --interactive HEAD~<NUM_OF_COMMITS>, where NUM_OF_COMMITS is the number of most recent commits that will be available to edit.
  2. Change "pick" to "edit" for the commits you need to sign, and then save and exit.
  3. For each commit, run: git commit --amend --no-edit -n -S
  4. Continue the rebase: git rebase --continue
  5. Overwrite the commit(s): git push --force-with-lease

If you're new to commit signing, there are different ways to set it up:

Sign commits with gpg

Follow the steps below to set up commit signing with gpg:

  1. Generate a GPG key
  2. Add the GPG key to your GitHub account
  3. Configure git to use your GPG key for commit signing
Sign commits with ssh-agent

Follow the steps below to set up commit signing with ssh-agent:

  1. Generate an SSH key and add it to ssh-agent
  2. Add the SSH key to your GitHub account
  3. Configure git to use your SSH key for commit signing
Sign commits with 1Password

You can also sign commits using 1Password, which lets you sign commits with biometrics without the signing key leaving the local 1Password process.
See use 1Password to sign your commits.

@harshitgupta62 harshitgupta62 force-pushed the fix-channel-id-type-validation branch from 9065bc3 to 402841f Compare June 21, 2026 11:54
@harshitgupta62
Added type checks: if (!params[jss::channel_id].isString()) return r…
402841f 
…pcError(rpcINVALID_PARAMS); and similarly for signature.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Missing string type validation on channel_id and signature fields

1 participant

@harshitgupta62