projects
/
rust-lightning
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
155f2ef
)
Fix channelmonitor fuzz test failure
author
Matt Corallo
<git@bluematt.me>
Wed, 18 Jul 2018 17:36:00 +0000
(13:36 -0400)
committer
Matt Corallo
<git@bluematt.me>
Wed, 18 Jul 2018 17:36:31 +0000
(13:36 -0400)
src/ln/channelmonitor.rs
patch
|
blob
|
history
diff --git
a/src/ln/channelmonitor.rs
b/src/ln/channelmonitor.rs
index d212a3fdbe43b960ffd2a0fe4e46fd366522aae3..8c3fcc3f0a02ad21dbb838759241e57eec4e70b7 100644
(file)
--- a/
src/ln/channelmonitor.rs
+++ b/
src/ln/channelmonitor.rs
@@
-770,7
+770,14
@@
impl ChannelMonitor {
() => {
{
let tx_len = byte_utils::slice_to_be64(read_bytes!(8));
() => {
{
let tx_len = byte_utils::slice_to_be64(read_bytes!(8));
- let tx: Transaction = unwrap_obj!(serialize::deserialize(read_bytes!(tx_len)));
+ let tx_ser = read_bytes!(tx_len);
+ let tx: Transaction = unwrap_obj!(serialize::deserialize(tx_ser));
+ if serialize::serialize(&tx).unwrap() != tx_ser {
+ // We check that the tx re-serializes to the same form to ensure there is
+ // no extra data, and as rust-bitcoin doesn't handle the 0-input ambiguity
+ // all that well.
+ return None;
+ }
let revocation_key = unwrap_obj!(PublicKey::from_slice(&secp_ctx, read_bytes!(33)));
let a_htlc_key = unwrap_obj!(PublicKey::from_slice(&secp_ctx, read_bytes!(33)));
let revocation_key = unwrap_obj!(PublicKey::from_slice(&secp_ctx, read_bytes!(33)));
let a_htlc_key = unwrap_obj!(PublicKey::from_slice(&secp_ctx, read_bytes!(33)));