From 79c0f98c1f3ce62d0bf83729acb3e65679d9c984 Mon Sep 17 00:00:00 2001 From: Matt Corallo Date: Mon, 10 Dec 2018 15:02:50 -0500 Subject: [PATCH] Check tx output matches monitor output data (and is sufficient len) Fixes a panic found by fuzzer in case the monitor per-commitment data is garbage. We had a similar check for revoked commitment tx but didn't copy it down to non-revoked commitment tx, so do that now. --- src/ln/channelmonitor.rs | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/ln/channelmonitor.rs b/src/ln/channelmonitor.rs index 7faeae68a..79900e328 100644 --- a/src/ln/channelmonitor.rs +++ b/src/ln/channelmonitor.rs @@ -1157,6 +1157,12 @@ impl ChannelMonitor { } for (idx, htlc) in per_commitment_data.iter().enumerate() { + let expected_script = chan_utils::get_htlc_redeemscript_with_explicit_keys(&htlc, &a_htlc_key, &b_htlc_key, &revocation_pubkey); + if htlc.transaction_output_index as usize >= tx.output.len() || + tx.output[htlc.transaction_output_index as usize].value != htlc.amount_msat / 1000 || + tx.output[htlc.transaction_output_index as usize].script_pubkey != expected_script.to_v0_p2wsh() { + return (txn_to_broadcast, (commitment_txid, watch_outputs), spendable_outputs); // Corrupted per_commitment_data, fuck this user + } if let Some(payment_preimage) = self.payment_preimages.get(&htlc.payment_hash) { let input = TxIn { previous_output: BitcoinOutPoint { -- 2.39.5