Skip to content

Commit

Permalink
bolt11: don't abort on invalid pubkey
Browse files Browse the repository at this point in the history
Rather than crashing the entire node on invalid pubkey, check the
validity of the pubkey in decode_n, and return an error if invalid.

Detected by libFuzzer:
==265599== ERROR: libFuzzer: deadly signal
    #7 abort
    #8 bolt11_decode common/bolt11.c:999:4
  • Loading branch information
morehouse committed Oct 17, 2023
1 parent a3eeed7 commit 8a9349a
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 2 deletions.
17 changes: 15 additions & 2 deletions common/bolt11.c
Original file line number Diff line number Diff line change
Expand Up @@ -306,14 +306,27 @@ static const char *decode_n(struct bolt11 *b11,
const u5 **data, size_t *field_len,
bool *have_n)
{
const char *err;

assert(!*have_n);
/* BOLT #11:
*
* A reader... MUST skip over unknown fields, OR an `f` field
* with unknown `version`, OR `p`, `h`, `s` or `n` fields that do
* NOT have `data_length`s of 52, 52, 52 or 53, respectively. */
return pull_expected_length(b11, hu5, data, field_len, 53, 'n',
have_n, &b11->receiver_id.k);
err = pull_expected_length(b11, hu5, data, field_len, 53, 'n', have_n,
&b11->receiver_id.k);

/* If that gave us a node ID, check it. */
if (*have_n) {
struct pubkey k;
if (!pubkey_from_node_id(&k, &b11->receiver_id))
return tal_fmt(
b11, "invalid public key %s",
node_id_to_hexstr(tmpctx, &b11->receiver_id));
}

return err;
}

/* BOLT #11:
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
lnbc1qqqqpqqnp4qqqlftcw9qqqqqqqqqqqqygh9qpp5qpp5s7zxqqqqcqpjpqqygh9qpp5s7zxqqqqcqpjpqqlqqqqqqqqqqqqcqqpqqqqqqqqqqqsqqqqqqqqdqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqpqqqqqqqqqqqqqqqqqqqqqqqqqqqqqlqqqcqpjptfqptfqptfqpqqqqqqqqqqqqqqqqqqq8ddm0a

0 comments on commit 8a9349a

Please sign in to comment.