From bb445a3973957b5046e2354992901fb675198cad Mon Sep 17 00:00:00 2001
From: Jeffrey Czyz <jkczyz@gmail.com>
Date: Thu, 18 Jul 2024 11:54:33 -0500
Subject: [PATCH] Authenticate payment_id from OffersContext

Before abandoning a payment when receiving an InvoiceError, verify that
the PaymentId included in the OffersContext with the included HMAC. This
prevents a malicious actor sending an InvoiceError with a known payment
id from abandoning our payment.
---
 lightning/src/ln/channelmanager.rs | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lightning/src/ln/channelmanager.rs b/lightning/src/ln/channelmanager.rs
index b359df9e5..9dc8270d8 100644
--- a/lightning/src/ln/channelmanager.rs
+++ b/lightning/src/ln/channelmanager.rs
@@ -10731,8 +10731,10 @@ where
 
 		let abandon_if_payment = |context| {
 			match context {
-				Some(OffersContext::OutboundPayment { payment_id, .. }) => {
-					self.abandon_payment(payment_id)
+				Some(OffersContext::OutboundPayment { payment_id, nonce, hmac }) => {
+					if signer::verify_payment_id(payment_id, hmac, nonce, expanded_key) {
+						self.abandon_payment(payment_id);
+					}
 				},
 				_ => {},
 			}
-- 
2.39.5