From: Devrandom <c1.devrandom@niftybox.net>
Date: Tue, 11 Aug 2020 07:23:15 +0000 (+0200)
Subject: check the input shape in LocalCommitmentTransaction.new_missing_local_sig
X-Git-Tag: v0.0.12~40^2
X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=commitdiff_plain;h=fd2db4028a8b88ee6dcda73608b2e74945c1b01f;p=rust-lightning

check the input shape in LocalCommitmentTransaction.new_missing_local_sig
---

diff --git a/lightning/src/ln/chan_utils.rs b/lightning/src/ln/chan_utils.rs
index 6e29f2280..8a4b3982b 100644
--- a/lightning/src/ln/chan_utils.rs
+++ b/lightning/src/ln/chan_utils.rs
@@ -599,11 +599,26 @@ impl LocalCommitmentTransaction {
 	}
 
 	/// Generate a new LocalCommitmentTransaction based on a raw commitment transaction,
-	/// remote signature and both parties keys
+	/// remote signature and both parties keys.
+	///
+	/// The unsigned transaction outputs must be consistent with htlc_data.  This function
+	/// only checks that the shape and amounts are consistent, but does not check the scriptPubkey.
 	pub fn new_missing_local_sig(unsigned_tx: Transaction, their_sig: Signature, our_funding_key: &PublicKey, their_funding_key: &PublicKey, local_keys: TxCreationKeys, feerate_per_kw: u32, htlc_data: Vec<(HTLCOutputInCommitment, Option<Signature>)>) -> LocalCommitmentTransaction {
 		if unsigned_tx.input.len() != 1 { panic!("Tried to store a commitment transaction that had input count != 1!"); }
 		if unsigned_tx.input[0].witness.len() != 0 { panic!("Tried to store a signed commitment transaction?"); }
 
+		for htlc in &htlc_data {
+			if let Some(index) = htlc.0.transaction_output_index {
+				let out = &unsigned_tx.output[index as usize];
+				if out.value != htlc.0.amount_msat / 1000 {
+					panic!("HTLC at index {} has incorrect amount", index);
+				}
+				if !out.script_pubkey.is_v0_p2wsh() {
+					panic!("HTLC at index {} doesn't have p2wsh scriptPubkey", index);
+				}
+			}
+		}
+
 		Self {
 			unsigned_tx,
 			their_sig,