From: Matt Corallo <git@bluematt.me>
Date: Thu, 2 Jan 2020 02:13:48 +0000 (-0500)
Subject: Refuse to deserialize OnionHopDatas with values > 21 million
X-Git-Tag: v0.0.12~86^2~9
X-Git-Url: http://git.bitcoin.ninja/index.cgi?p=rust-lightning;a=commitdiff_plain;h=1442acf74b7fee98cfff950353a75f569932fbc9

Refuse to deserialize OnionHopDatas with values > 21 million

We should probably do this for all values (and define a newtype
for msat values), but this will do for now.
---

diff --git a/lightning/src/ln/msgs.rs b/lightning/src/ln/msgs.rs
index 294dbb96..e915f041 100644
--- a/lightning/src/ln/msgs.rs
+++ b/lightning/src/ln/msgs.rs
@@ -33,6 +33,9 @@ use util::ser::{Readable, Writeable, Writer, FixedLengthReader, HighZeroBytesDro
 
 use ln::channelmanager::{PaymentPreimage, PaymentHash};
 
+/// 21 million * 10^8 * 1000
+pub(crate) const MAX_VALUE_MSAT: u64 = 21_000_000_0000_0000_000;
+
 /// An error in decoding a message or struct.
 #[derive(Debug)]
 pub enum DecodeError {
@@ -1053,6 +1056,11 @@ impl Readable for OnionHopData {
 					short_channel_id,
 				}
 			} else {
+				if let &Some(ref data) = &payment_data {
+					if data.total_msat > MAX_VALUE_MSAT {
+						return Err(DecodeError::InvalidValue);
+					}
+				}
 				OnionHopDataFormat::FinalNode {
 					payment_data
 				}
@@ -1068,6 +1076,9 @@ impl Readable for OnionHopData {
 			(format, amt, cltv_value)
 		};
 
+		if amt > MAX_VALUE_MSAT {
+			return Err(DecodeError::InvalidValue);
+		}
 		Ok(OnionHopData {
 			format,
 			amt_to_forward: amt,