Skip to content

Commit

Permalink
bolt11: don't abort on invalid pubkey
Browse files Browse the repository at this point in the history
Rather than crashing the entire node on invalid pubkey, we should return
an error.

Detected by libFuzzer:
==250024== ERROR: libFuzzer: deadly signal

[ Changed so that `n` really does check that it's valid --RR ]

    #7 abort
    #8 bolt11_decode common/bolt11.c:1002:4
  • Loading branch information
morehouse authored and rustyrussell committed Oct 15, 2023
1 parent 440fe8c commit 8a6bc6a
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 2 deletions.
14 changes: 12 additions & 2 deletions common/bolt11.c
Original file line number Diff line number Diff line change
Expand Up @@ -306,14 +306,24 @@ static const char *decode_n(struct bolt11 *b11,
const u5 **data, size_t *field_len,
bool *have_n)
{
const char *err;
struct pubkey k;

assert(!*have_n);
/* BOLT #11:
*
* A reader... MUST skip over unknown fields, OR an `f` field
* with unknown `version`, OR `p`, `h`, `s` or `n` fields that do
* NOT have `data_length`s of 52, 52, 52 or 53, respectively. */
return pull_expected_length(b11, hu5, data, field_len, 53, 'n',
have_n, &b11->receiver_id.k);
err = pull_expected_length(b11, hu5, data, field_len, 53, 'n',
have_n, &b11->receiver_id.k);
if (err)
return err;

if (!pubkey_from_node_id(&k, &b11->receiver_id))
return tal_fmt(b11, "invalid public key %s",
node_id_to_hexstr(tmpctx, &b11->receiver_id));
return NULL;
}

/* BOLT #11:
Expand Down
Binary file not shown.

0 comments on commit 8a6bc6a

Please sign in to comment.