From aeeca4ee0590568cfe9352de5c195714b5f79a1d Mon Sep 17 00:00:00 2001
From: Peter John Bushnell <bushsolo@gmail.com>
Date: Tue, 30 Jan 2024 12:52:22 +0000
Subject: [PATCH] Check valid address supplied to getaccount (#2798)

---
 src/dfi/rpc_accounts.cpp                       | 6 +++++-
 test/functional/feature_accounts_validation.py | 8 +++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/dfi/rpc_accounts.cpp b/src/dfi/rpc_accounts.cpp
index 72ab22c878..e19e74b90a 100644
--- a/src/dfi/rpc_accounts.cpp
+++ b/src/dfi/rpc_accounts.cpp
@@ -458,7 +458,11 @@ UniValue getaccount(const JSONRPCRequest &request) {
     }
 
     // decode owner
-    const auto reqOwner = GetScriptForDestination(DecodeDestination(request.params[0].get_str()));
+    const auto owner = DecodeDestination(request.params[0].get_str());
+    if (!IsValidDestination(owner)) {
+        throw JSONRPCError(RPC_INVALID_ADDRESS_OR_KEY, "Invalid owner address");
+    }
+    const auto reqOwner = GetScriptForDestination(owner);
 
     // parse pagination
     size_t limit = 100;
diff --git a/test/functional/feature_accounts_validation.py b/test/functional/feature_accounts_validation.py
index c6c8437842..6a57e30e0b 100755
--- a/test/functional/feature_accounts_validation.py
+++ b/test/functional/feature_accounts_validation.py
@@ -6,7 +6,7 @@
 """Test account mining behaviour"""
 
 from test_framework.test_framework import DefiTestFramework
-from test_framework.util import assert_equal
+from test_framework.util import assert_equal, assert_raises_rpc_error
 
 
 class AccountsValidatingTest(DefiTestFramework):
@@ -33,6 +33,12 @@ def run_test(self):
         node.generate(1)
         self.sync_blocks()
 
+        assert_raises_rpc_error(
+            -5,
+            "Invalid owner address",
+            self.nodes[0].getaccount,
+            "",
+        )
         # Check we have expected balance
         assert_equal(node1.getaccount(account)[0], "10.00000000@DFI")