Skip to content

Commit b70fe2a

Browse files
morehouserustyrussell
authored andcommitted
bolt11: don't abort on invalid pubkey
Rather than crashing the entire node on invalid pubkey, we should return an error. Detected by libFuzzer: ==250024== ERROR: libFuzzer: deadly signal [ Changed so that `n` really does check that it's valid --RR ] #7 abort #8 bolt11_decode common/bolt11.c:1002:4
1 parent baf177b commit b70fe2a

File tree

2 files changed

+14
-2
lines changed

2 files changed

+14
-2
lines changed

common/bolt11.c

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -306,14 +306,26 @@ static const char *decode_n(struct bolt11 *b11,
306306
const u5 **data, size_t *field_len,
307307
bool *have_n)
308308
{
309+
const char *err;
310+
309311
assert(!*have_n);
310312
/* BOLT #11:
311313
*
312314
* A reader... MUST skip over unknown fields, OR an `f` field
313315
* with unknown `version`, OR `p`, `h`, `s` or `n` fields that do
314316
* NOT have `data_length`s of 52, 52, 52 or 53, respectively. */
315-
return pull_expected_length(b11, hu5, data, field_len, 53, 'n',
316-
have_n, &b11->receiver_id.k);
317+
err = pull_expected_length(b11, hu5, data, field_len, 53, 'n',
318+
have_n, &b11->receiver_id.k);
319+
320+
/* If that gave us nodeid, check it. */
321+
if (*have_n) {
322+
struct pubkey k;
323+
if (!pubkey_from_node_id(&k, &b11->receiver_id))
324+
return tal_fmt(b11, "invalid public key %s",
325+
node_id_to_hexstr(tmpctx, &b11->receiver_id));
326+
}
327+
328+
return err;
317329
}
318330

319331
/* BOLT #11:

0 commit comments

Comments
 (0)