From: Jeffrey Czyz <jkczyz@gmail.com>
Date: Thu, 18 Jul 2024 16:54:33 +0000 (-0500)
Subject: Authenticate payment_id from OffersContext
X-Git-Tag: v0.0.124-beta~12^2~15
X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=commitdiff_plain;h=bb445a3973957b5046e2354992901fb675198cad;p=rust-lightning

Authenticate payment_id from OffersContext

Before abandoning a payment when receiving an InvoiceError, verify that
the PaymentId included in the OffersContext with the included HMAC. This
prevents a malicious actor sending an InvoiceError with a known payment
id from abandoning our payment.
---

diff --git a/lightning/src/ln/channelmanager.rs b/lightning/src/ln/channelmanager.rs
index b359df9e5..9dc8270d8 100644
--- a/lightning/src/ln/channelmanager.rs
+++ b/lightning/src/ln/channelmanager.rs
@@ -10731,8 +10731,10 @@ where
 
 		let abandon_if_payment = |context| {
 			match context {
-				Some(OffersContext::OutboundPayment { payment_id, .. }) => {
-					self.abandon_payment(payment_id)
+				Some(OffersContext::OutboundPayment { payment_id, nonce, hmac }) => {
+					if signer::verify_payment_id(payment_id, hmac, nonce, expanded_key) {
+						self.abandon_payment(payment_id);
+					}
 				},
 				_ => {},
 			}