]> git.bitcoin.ninja Git - rust-lightning/commitdiff
Refuse to deserialize OnionHopDatas with values > 21 million
authorMatt Corallo <git@bluematt.me>
Thu, 2 Jan 2020 02:13:48 +0000 (21:13 -0500)
committerMatt Corallo <git@bluematt.me>
Sun, 1 Mar 2020 04:26:16 +0000 (23:26 -0500)
We should probably do this for all values (and define a newtype
for msat values), but this will do for now.

lightning/src/ln/msgs.rs

index a70da02ae15f21964c3848bac1f4746df8aea750..3ebbc7edf6a05164c5592c41b1661cd166bff4af 100644 (file)
@@ -33,6 +33,9 @@ use util::ser::{Readable, Writeable, Writer, FixedLengthReader, HighZeroBytesDro
 
 use ln::channelmanager::{PaymentPreimage, PaymentHash};
 
+/// 21 million * 10^8 * 1000
+pub(crate) const MAX_VALUE_MSAT: u64 = 21_000_000_0000_0000_000;
+
 /// An error in decoding a message or struct.
 #[derive(Debug)]
 pub enum DecodeError {
@@ -1093,6 +1096,11 @@ impl Readable for OnionHopData {
                                        short_channel_id,
                                }
                        } else {
+                               if let &Some(ref data) = &payment_data {
+                                       if data.total_msat > MAX_VALUE_MSAT {
+                                               return Err(DecodeError::InvalidValue);
+                                       }
+                               }
                                OnionHopDataFormat::FinalNode {
                                        payment_data
                                }
@@ -1104,6 +1112,9 @@ impl Readable for OnionHopData {
                        };
                        let amt: u64 = Readable::read(r)?;
                        let cltv_value: u32 = Readable::read(r)?;
+                       if amt > MAX_VALUE_MSAT {
+                               return Err(DecodeError::InvalidValue);
+                       }
                        r.read_exact(&mut [0; 12])?;
                        (format, amt, cltv_value)
                };