From: Matt Corallo Date: Thu, 12 Nov 2020 23:59:06 +0000 (-0500) Subject: [netgraph] Do not allow capacity_sats * 1000 to overflow-panic X-Git-Tag: v0.0.12~2^2~2 X-Git-Url: http://git.bitcoin.ninja/?a=commitdiff_plain;h=423073dfe53ee56b464fa042fe9b8f635a78c2f1;p=rust-lightning [netgraph] Do not allow capacity_sats * 1000 to overflow-panic In updating the router fuzzer, it discovered that a remote peer can cause us to overflow while multiplying the channel capacity value. Since the value should never exceed 21 million BTC, we just add a check for that. --- diff --git a/lightning/src/routing/network_graph.rs b/lightning/src/routing/network_graph.rs index 308c0526e..e7431502f 100644 --- a/lightning/src/routing/network_graph.rs +++ b/lightning/src/routing/network_graph.rs @@ -716,8 +716,8 @@ impl NetworkGraph { if let Some(capacity_sats) = channel.capacity_sats { // It's possible channel capacity is available now, although it wasn't available at announcement (so the field is None). // Don't query UTXO set here to reduce DoS risks. - if htlc_maximum_msat > capacity_sats * 1000 { - return Err(LightningError{err: "htlc_maximum_msat is larger than channel capacity".to_owned(), action: ErrorAction::IgnoreError}); + if capacity_sats > MAX_VALUE_MSAT / 1000 || htlc_maximum_msat > capacity_sats * 1000 { + return Err(LightningError{err: "htlc_maximum_msat is larger than channel capacity or capacity is bogus".to_owned(), action: ErrorAction::IgnoreError}); } } } @@ -1302,7 +1302,7 @@ mod tests { match net_graph_msg_handler.handle_channel_update(&valid_channel_update) { Ok(_) => panic!(), - Err(e) => assert_eq!(e.err, "htlc_maximum_msat is larger than channel capacity") + Err(e) => assert_eq!(e.err, "htlc_maximum_msat is larger than channel capacity or capacity is bogus") }; unsigned_channel_update.htlc_maximum_msat = OptionalField::Absent;