Fixed setaccount accepting foreign address

Fixed issue #4209 where using setaccount with a foreign address causes the address to be added to your receiving addresses.
10 years ago · 31d6390fd1
2 changed files with 18 additions and 9 deletions
--- a/src/rpcwallet.cpp
+++ b/src/rpcwallet.cpp
@ -230,6 +230,9 @@ Value setaccount(const Array& params, bool fHelp)
				@@ -230,6 +230,9 @@ Value setaccount(const Array& params, bool fHelp)
    if (params.size() > 1)
        strAccount = AccountFromValue(params[1]);

+    // Only add the account if the address is yours.
+    if (IsMine(*pwalletMain, address.Get()))
+    {
        // Detect when changing the account of an address that is the 'unused current key' of another account:
        if (pwalletMain->mapAddressBook.count(address.Get()))
        {
@ -237,8 +240,10 @@ Value setaccount(const Array& params, bool fHelp)
				@@ -237,8 +240,10 @@ Value setaccount(const Array& params, bool fHelp)
            if (address == GetAccountAddress(strOldAccount))
                GetAccountAddress(strOldAccount, true);
        }
-
        pwalletMain->SetAddressBook(address.Get(), strAccount, "receive");
+    }
+    else
+        throw JSONRPCError(RPC_MISC_ERROR, "setaccount can only be used with own address");

    return Value::null;
 }
--- a/src/test/rpc_wallet_tests.cpp
+++ b/src/test/rpc_wallet_tests.cpp
@ -80,11 +80,15 @@ BOOST_AUTO_TEST_CASE(rpc_wallet)
				@@ -80,11 +80,15 @@ BOOST_AUTO_TEST_CASE(rpc_wallet)
 		walletdb.WriteAccount(strAccount, account);
 	});

+    CPubKey setaccountDemoPubkey = pwalletMain->GenerateNewKey();
+        CBitcoinAddress setaccountDemoAddress = CBitcoinAddress(CTxDestination(setaccountDemoPubkey.GetID()));
        
 	/*********************************
 	 * 			setaccount
 	 *********************************/
-	BOOST_CHECK_NO_THROW(CallRPC("setaccount 1D1ZrZNe3JUo7ZycKEYQQiQAWd9y54F4XZ nullaccount"));
+	BOOST_CHECK_NO_THROW(CallRPC("setaccount " + setaccountDemoAddress.ToString() + " nullaccount"));
+	/* 1D1ZrZNe3JUo7ZycKEYQQiQAWd9y54F4XZ is not owned by the test wallet. */
+	BOOST_CHECK_THROW(CallRPC("setaccount 1D1ZrZNe3JUo7ZycKEYQQiQAWd9y54F4XZ nullaccount"), runtime_error);
 	BOOST_CHECK_THROW(CallRPC("setaccount"), runtime_error);
 	/* 1D1ZrZNe3JUo7ZycKEYQQiQAWd9y54F4X (33 chars) is an illegal address (should be 34 chars) */
 	BOOST_CHECK_THROW(CallRPC("setaccount 1D1ZrZNe3JUo7ZycKEYQQiQAWd9y54F4X nullaccount"), runtime_error);