From: Antoine Riard <ariard@student.42.fr>
Date: Fri, 10 Apr 2020 02:04:30 +0000 (-0400)
Subject: Sanitize outgoing HTLC cltv_value
X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=commitdiff_plain;h=0a42a73173f1025974aec9af53d9cf36def24326;p=rust-lightning

Sanitize outgoing HTLC cltv_value
---

diff --git a/lightning/src/ln/channel.rs b/lightning/src/ln/channel.rs
index ffa652097..3da9999d3 100644
--- a/lightning/src/ln/channel.rs
+++ b/lightning/src/ln/channel.rs
@@ -3538,8 +3538,6 @@ impl<ChanSigner: ChannelKeys> Channel<ChanSigner> {
 			return Err(ChannelError::Ignore("Cannot send value that would put us over their reserve value"));
 		}
 
-		//TODO: Check cltv_expiry? Do this in channel manager?
-
 		// Now update local state:
 		if (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32)) == (ChannelState::AwaitingRemoteRevoke as u32) {
 			self.holding_cell_htlc_updates.push(HTLCUpdateAwaitingACK::AddHTLC {
diff --git a/lightning/src/ln/channelmanager.rs b/lightning/src/ln/channelmanager.rs
index 2ea6ff2b0..f12a260ce 100644
--- a/lightning/src/ln/channelmanager.rs
+++ b/lightning/src/ln/channelmanager.rs
@@ -1172,6 +1172,13 @@ impl<ChanSigner: ChannelKeys, M: Deref, T: Deref, K: Deref, F: Deref> ChannelMan
 					if msg.cltv_expiry > cur_height + CLTV_FAR_FAR_AWAY as u32 { // expiry_too_far
 						break Some(("CLTV expiry is too far in the future", 21, None));
 					}
+					// We should be safe against unintentional channel-closure by our onchain logic due to this later
+					// offering a LATENCY_GRACE_PERIOD_BLOCKS. But to make our policy coherent with reception, apply
+					// same delay.
+					if (*outgoing_cltv_value) as u64 <= (cur_height + CLTV_CLAIM_BUFFER + LATENCY_GRACE_PERIOD_BLOCKS) as u64 {
+						break Some(("Outgoing CLTV value is too close", 0x1000 | 14, Some(self.get_channel_update(chan).unwrap())));
+					}
+
 					break None;
 				}
 				{