X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=lightning%2Fsrc%2Fln%2Fmsgs.rs;h=cd93e236a00a5d662c2ebf564a439eb60142fea4;hb=6a620ee340fd1a651e2bd729bdb762df01f49a2f;hp=b20e5d5bcd2869f3cfef5a0d8691141e67dd17cc;hpb=b935b37ee5ce40d6f77c201e90b0b9a8dc353551;p=rust-lightning

diff --git a/lightning/src/ln/msgs.rs b/lightning/src/ln/msgs.rs
index b20e5d5bc..cd93e236a 100644
--- a/lightning/src/ln/msgs.rs
+++ b/lightning/src/ln/msgs.rs
@@ -33,6 +33,9 @@ use util::ser::{Readable, Writeable, Writer, FixedLengthReader, HighZeroBytesDro
 
 use ln::channelmanager::{PaymentPreimage, PaymentHash};
 
+/// 21 million * 10^8 * 1000
+pub(crate) const MAX_VALUE_MSAT: u64 = 21_000_000_0000_0000_000;
+
 /// An error in decoding a message or struct.
 #[derive(Debug)]
 pub enum DecodeError {
@@ -1095,6 +1098,11 @@ impl<R: Read> Readable<R> for OnionHopData {
 					short_channel_id,
 				}
 			} else {
+				if let &Some(ref data) = &payment_data {
+					if data.total_msat > MAX_VALUE_MSAT {
+						return Err(DecodeError::InvalidValue);
+					}
+				}
 				OnionHopDataFormat::FinalNode {
 					payment_data
 				}
@@ -1106,6 +1114,9 @@ impl<R: Read> Readable<R> for OnionHopData {
 			};
 			let amt: u64 = Readable::read(r)?;
 			let cltv_value: u32 = Readable::read(r)?;
+			if amt > MAX_VALUE_MSAT {
+				return Err(DecodeError::InvalidValue);
+			}
 			r.read_exact(&mut [0; 12])?;
 			(format, amt, cltv_value)
 		};