Authenticate payment_id from OffersContext

Before abandoning a payment when receiving an InvoiceError, verify that
the PaymentId included in the OffersContext with the included HMAC. This
prevents a malicious actor sending an InvoiceError with a known payment
id from abandoning our payment.

diff --git a/lightning/src/ln/channelmanager.rs b/lightning/src/ln/channelmanager.rs
index b359df9e5ed5988d559a2d8bb09e04036e4092a8..9dc8270d8a5df2a839f829d9bfa9f822437425dd 100644 (file)
--- a/lightning/src/ln/channelmanager.rs
+++ b/lightning/src/ln/channelmanager.rs
@@ -10731,8 +10731,10 @@ where
 
                let abandon_if_payment = |context| {
                        match context {
-                               Some(OffersContext::OutboundPayment { payment_id, .. }) => {
-                                       self.abandon_payment(payment_id)
+                               Some(OffersContext::OutboundPayment { payment_id, nonce, hmac }) => {
+                                       if signer::verify_payment_id(payment_id, hmac, nonce, expanded_key) {
+                                               self.abandon_payment(payment_id);
+                                       }
                                },
                                _ => {},
                        }