From: Matt Corallo <git@bluematt.me>
Date: Mon, 6 Feb 2023 21:43:10 +0000 (+0000)
Subject: Require a non-0 number of non-empty paths when deserializing routes
X-Git-Tag: v0.0.114-beta~1^2~2
X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=commitdiff_plain;h=93641540229317b881f86b7a02eba632fd64eb0d;p=rust-lightning

Require a non-0 number of non-empty paths when deserializing routes

When we read a `Route` (or a list of `RouteHop`s), we should never
have zero paths or zero `RouteHop`s in a path. As such, its fine to
simply reject these at deserialization-time. Technically this could
lead to something which we can generate not round-trip'ing
serialization, but that seems okay here.
---

diff --git a/lightning/src/ln/channelmanager.rs b/lightning/src/ln/channelmanager.rs
index f07dc86f..5d09741f 100644
--- a/lightning/src/ln/channelmanager.rs
+++ b/lightning/src/ln/channelmanager.rs
@@ -6745,7 +6745,7 @@ impl Readable for HTLCSource {
 			0 => {
 				let mut session_priv: crate::util::ser::RequiredWrapper<SecretKey> = crate::util::ser::RequiredWrapper(None);
 				let mut first_hop_htlc_msat: u64 = 0;
-				let mut path = Some(Vec::new());
+				let mut path: Option<Vec<RouteHop>> = Some(Vec::new());
 				let mut payment_id = None;
 				let mut payment_secret = None;
 				let mut payment_params = None;
@@ -6762,10 +6762,14 @@ impl Readable for HTLCSource {
 					// instead.
 					payment_id = Some(PaymentId(*session_priv.0.unwrap().as_ref()));
 				}
+				if path.is_none() || path.as_ref().unwrap().is_empty() {
+					return Err(DecodeError::InvalidValue);
+				}
+				let path = path.unwrap();
 				Ok(HTLCSource::OutboundRoute {
 					session_priv: session_priv.0.unwrap(),
 					first_hop_htlc_msat,
-					path: path.unwrap(),
+					path,
 					payment_id: payment_id.unwrap(),
 					payment_secret,
 					payment_params,
diff --git a/lightning/src/routing/router.rs b/lightning/src/routing/router.rs
index b456e15a..0a3c5406 100644
--- a/lightning/src/routing/router.rs
+++ b/lightning/src/routing/router.rs
@@ -313,6 +313,7 @@ impl Readable for Route {
 	fn read<R: io::Read>(reader: &mut R) -> Result<Route, DecodeError> {
 		let _ver = read_ver_prefix!(reader, SERIALIZATION_VERSION);
 		let path_count: u64 = Readable::read(reader)?;
+		if path_count == 0 { return Err(DecodeError::InvalidValue); }
 		let mut paths = Vec::with_capacity(cmp::min(path_count, 128) as usize);
 		for _ in 0..path_count {
 			let hop_count: u8 = Readable::read(reader)?;
@@ -320,6 +321,7 @@ impl Readable for Route {
 			for _ in 0..hop_count {
 				hops.push(Readable::read(reader)?);
 			}
+			if hops.is_empty() { return Err(DecodeError::InvalidValue); }
 			paths.push(hops);
 		}
 		let mut payment_params = None;