forbid unsafe

diff --git a/README.md b/README.md
index f2a39670b552196b17fe6f5325b7ff5cf0bf8ce6..fb21395de6137b0e2c1bf50eb377d86bb4295e5b 100644 (file)
--- a/README.md
+++ b/README.md
@@ -1,3 +1,5 @@
+[![Safety Dance](https://img.shields.io/badge/unsafe-forbidden-success.svg)](https://github.com/rust-secure-code/safety-dance/)
+
 Rust-Lightning, not Rusty's Lightning!
 =====
 

diff --git a/src/lib.rs b/src/lib.rs
index aae543e073838e605c6996241aea2b05f22e123d..c6e4708a8ebadb933e794889d1378e6b34f24fdf 100644 (file)
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -10,6 +10,7 @@
 //! instead of having a rather-separate lightning appendage to a wallet.
 
 #![cfg_attr(not(feature = "fuzztarget"), deny(missing_docs))]
+#![forbid(unsafe_code)]
 
 extern crate bitcoin;
 extern crate bitcoin_hashes;

diff --git a/src/ln/msgs.rs b/src/ln/msgs.rs
index 6c910865388d965e69f7c92ba6f91d10d5e9d04a..a27b896701412918886d3c890074f03fdfe5f64a 100644 (file)
--- a/src/ln/msgs.rs
+++ b/src/ln/msgs.rs
@@ -713,7 +713,6 @@ mod fuzzy_internal_msgs {
                pub(crate) data: OnionRealm0HopData,
                pub(crate) hmac: [u8; 32],
        }
-       unsafe impl ::util::internal_traits::NoDealloc for OnionHopData{}
 
        pub struct DecodedOnionErrorPacket {
                pub(crate) hmac: [u8; 32],

diff --git a/src/ln/onion_utils.rs b/src/ln/onion_utils.rs
index 8783aa0bde0e107708122c62fb06f2dd9102bbf4..11b279073447e4118c06a96eb8912431ed47ee18 100644 (file)
--- a/src/ln/onion_utils.rs
+++ b/src/ln/onion_utils.rs
@@ -1,7 +1,7 @@
 use ln::channelmanager::{PaymentHash, HTLCSource};
 use ln::msgs;
 use ln::router::{Route,RouteHop};
-use util::{byte_utils, internal_traits};
+use util::byte_utils;
 use util::chacha20::ChaCha20;
 use util::errors::{self, APIError};
 use util::ser::{Readable, Writeable};
@@ -17,7 +17,6 @@ use secp256k1::Secp256k1;
 use secp256k1::ecdh::SharedSecret;
 use secp256k1;
 
-use std::ptr;
 use std::io::Cursor;
 use std::sync::Arc;
 
@@ -114,8 +113,6 @@ pub(super) fn build_onion_payloads(route: &Route, starting_htlc_offset: u32) ->
        let mut cur_cltv = starting_htlc_offset;
        let mut last_short_channel_id = 0;
        let mut res: Vec<msgs::OnionHopData> = Vec::with_capacity(route.hops.len());
-       internal_traits::test_no_dealloc::<msgs::OnionHopData>(None);
-       unsafe { res.set_len(route.hops.len()); }
 
        for (idx, hop) in route.hops.iter().enumerate().rev() {
                // First hop gets special values so that it can check, on receipt, that everything is
@@ -123,7 +120,7 @@ pub(super) fn build_onion_payloads(route: &Route, starting_htlc_offset: u32) ->
                // the intended recipient).
                let value_msat = if cur_value_msat == 0 { hop.fee_msat } else { cur_value_msat };
                let cltv = if cur_cltv == starting_htlc_offset { hop.cltv_expiry_delta + starting_htlc_offset } else { cur_cltv };
-               res[idx] = msgs::OnionHopData {
+               res.insert(0, msgs::OnionHopData {
                        realm: 0,
                        data: msgs::OnionRealm0HopData {
                                short_channel_id: last_short_channel_id,
@@ -131,7 +128,7 @@ pub(super) fn build_onion_payloads(route: &Route, starting_htlc_offset: u32) ->
                                outgoing_cltv_value: cltv,
                        },
                        hmac: [0; 32],
-               };
+               });
                cur_value_msat += hop.fee_msat;
                if cur_value_msat >= 21000000 * 100000000 * 1000 {
                        return Err(APIError::RouteError{err: "Channel fees overflowed?!"});
@@ -147,8 +144,8 @@ pub(super) fn build_onion_payloads(route: &Route, starting_htlc_offset: u32) ->
 
 #[inline]
 fn shift_arr_right(arr: &mut [u8; 20*65]) {
-       unsafe {
-               ptr::copy(arr[0..].as_ptr(), arr[65..].as_mut_ptr(), 19*65);
+       for i in (65..20*65).rev() {
+               arr[i] = arr[i-65];
        }
        for i in 0..65 {
                arr[i] = 0;

diff --git a/src/util/internal_traits.rs b/src/util/internal_traits.rs
deleted file mode 100644 (file)
index c12276c..0000000
--- a/src/util/internal_traits.rs
+++ /dev/null
@@ -1,7 +0,0 @@
-/// A simple marker trait that indicates a type requires no deallocation. Implies we can set_len()
-/// on a Vec of these things and will be safe to overwrite them with =.
-pub unsafe trait NoDealloc {}
-
-/// Just call with test_no_dealloc::<Type>(None)
-#[inline]
-pub fn test_no_dealloc<T : NoDealloc>(_: Option<T>) { }

diff --git a/src/util/mod.rs b/src/util/mod.rs
index 1a48507df58984414b9800ca94125cf702481ad5..aab77035d387d452d469067329e6db9ad77a69e2 100644 (file)
--- a/src/util/mod.rs
+++ b/src/util/mod.rs
@@ -9,7 +9,6 @@ pub(crate) mod chacha20;
 #[cfg(not(feature = "fuzztarget"))]
 pub(crate) mod poly1305;
 pub(crate) mod chacha20poly1305rfc;
-pub(crate) mod internal_traits;
 pub(crate) mod transaction_utils;
 
 #[macro_use]