More bolt11 fixes

common/bech32.c

@@ -26,6 +26,10 @@
 #include <common/bech32.h>
 #include <string.h>
 
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+bool dev_bech32_nocsum;
+#endif
+
 static uint32_t bech32_polymod_step(uint32_t pre) {
     uint8_t b = pre >> 25;
     return ((pre & 0x1FFFFFF) << 5) ^
@@ -142,6 +146,13 @@ bech32_encoding bech32_decode(char* hrp, uint8_t *data, size_t *data_len, const
         }
         ++i;
     }
+
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+    if (dev_bech32_nocsum)
+	    /* Skip checksum and upper/lowercase checks when fuzzing. */
+	    return BECH32_ENCODING_BECH32;
+#endif
+
     if (have_lower && have_upper) {
         return BECH32_ENCODING_NONE;
     }

common/bech32.h

@@ -26,6 +26,7 @@
 #define LIGHTNING_COMMON_BECH32_H
 #include "config.h"
 
+#include <stdbool.h>
 #include <stdint.h>
 #include <stdlib.h>
 
@@ -130,5 +131,10 @@ int bech32_convert_bits(uint8_t* out, size_t* outlen, int outbits,
 extern const char bech32_charset[32];
 extern const int8_t bech32_charset_rev[128];
 
+/* Global to weaken csum checks for fuzzing. */
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+extern bool dev_bech32_nocsum;
+#endif
+
 #endif /* LIGHTNING_COMMON_BECH32_H */
 

common/bolt11.c

@@ -76,7 +76,11 @@ static const char *pull_uint(struct hash_u5 *hu5,
 	err = pull_bits(hu5, data, data_len, &be_val, databits, true);
 	if (err)
 		return err;
-	*val = be64_to_cpu(be_val) >> (sizeof(be_val) * CHAR_BIT - databits);
+	if (databits == 0)
+		*val = 0;
+	else
+		*val = be64_to_cpu(be_val) >>
+		       (sizeof(be_val) * CHAR_BIT - databits);
 	return NULL;
 }
 
@@ -302,14 +306,26 @@ static const char *decode_n(struct bolt11 *b11,
 			    const u5 **data, size_t *field_len,
 			    bool *have_n)
 {
+	const char *err;
+
 	assert(!*have_n);
 	/* BOLT #11:
 	 *
 	 * A reader... MUST skip over unknown fields, OR an `f` field
 	 * with unknown `version`, OR `p`, `h`, `s` or `n` fields that do
 	 * NOT have `data_length`s of 52, 52, 52 or 53, respectively. */
-	return pull_expected_length(b11, hu5, data, field_len, 53, 'n',
-				    have_n, &b11->receiver_id.k);
+	err = pull_expected_length(b11, hu5, data, field_len, 53, 'n',
+				   have_n, &b11->receiver_id.k);
+
+	/* If that gave us nodeid, check it. */
+	if (*have_n) {
+		struct pubkey k;
+		if (!pubkey_from_node_id(&k, &b11->receiver_id))
+			return tal_fmt(b11, "invalid public key %s",
+				       node_id_to_hexstr(tmpctx, &b11->receiver_id));
+	}
+
+	return err;
 }
 
 /* BOLT #11:
@@ -390,6 +406,8 @@ static const char *decode_f(struct bolt11 *b11,
 		fallback = scriptpubkey_p2sh_hash(b11, shash);
 	} else if (version < 17) {
 		u8 *f = pull_all(tmpctx, hu5, data, field_len, false, &err);
+		if (!f)
+			return err;
 		if (version == 0) {
 			if (tal_count(f) != 20 && tal_count(f) != 32)
 				return tal_fmt(b11,
@@ -715,7 +733,6 @@ struct bolt11 *bolt11_decode_nosig(const tal_t *ctx, const char *str,
 	memset(have_field, 0, sizeof(have_field));
 	b11->routes = tal_arr(b11, struct route_info *, 0);
 
-	assert(!has_lightning_prefix(str));
 	if (strlen(str) < 8)
 		return decode_fail(b11, fail, "Bad bech32 string");
 
@@ -918,6 +935,8 @@ struct bolt11 *bolt11_decode_nosig(const tal_t *ctx, const char *str,
 	return b11;
 }
 
+static bool valid_recovery_id(u8 recid) { return recid <= 3; }
+
 /* Decodes and checks signature; returns NULL on error. */
 struct bolt11 *bolt11_decode(const tal_t *ctx, const char *str,
 			     const struct feature_set *our_features,
@@ -958,6 +977,10 @@ struct bolt11 *bolt11_decode(const tal_t *ctx, const char *str,
 
 	assert(data_len == 0);
 
+	if (!valid_recovery_id(sig_and_recid[64]))
+		return decode_fail(b11, fail, "invalid recovery ID: %u",
+				   sig_and_recid[64]);
+
 	if (!secp256k1_ecdsa_recoverable_signature_parse_compact
 	    (secp256k1_ctx, &sig, sig_and_recid, sig_and_recid[64]))
 		return decode_fail(b11, fail, "signature invalid");

tests/fuzz/corpora/fuzz-bolt11-decode/crash-6a09efacc7816949fc57d006a8b513cbb7857f2f

@@ -0,0 +1 @@
+lnltc1Uggzzzzfzzffffffffffffffffffffffffffffffgfffffffffffffffffzzzzfzzfffffffffffffffffffffffffffffffffffffffffffffffffffff

tests/fuzz/corpora/fuzz-bolt11-decode/crash-90ba6bcd63aa79a19b2df3d58a4fa0c4193614f0

@@ -0,0 +1 @@
+lntltc1UZZZZQQDQQpp5pppppppppppppppppZZZZZZZZZZZZQQQQQQQQQQQQQQQQQQQQQQQQQQQQQAQQQQQQQQQQQQQQQQZZZZZZZZZZZZZZZZZZZZZZZppppppppppppppppppppppppppppppppppppZZZZZZZZZZZZZZZZZZZZZZZZtltc

tests/fuzz/corpora/fuzz-bolt11-decode/crash-98a2112c93362e35310c629081b5d60390062962

@@ -0,0 +1 @@
+lightning:

tests/fuzz/corpora/fuzz-bolt11-decode/crash-ad3693f6c454ce739ca67a4aff234cb3f3f598b5

@@ -0,0 +1 @@
+lnltc1zzzzzAzcQQQQQZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZXZZZZZZZZZZZZZZZZZJZZZZZZZZZZzzzZZZZZZZZ

tests/fuzz/fuzz-bolt11-decode.c

@@ -0,0 +1,26 @@
+#include "config.h"
+#include <assert.h>
+
+#include <common/bolt11.h>
+#include <common/setup.h>
+#include <common/utils.h>
+#include <stdio.h>
+#include <string.h>
+#include <tests/fuzz/libfuzz.h>
+
+void init(int *argc, char ***argv) { common_setup("fuzzer"); }
+
+void run(const u8 *data, size_t size)
+{
+	char *str = tal_arr(NULL, char, size + 1);
+	char *fail_reason;
+
+	memcpy(str, data, size);
+	str[size] = '\0';
+
+	bolt11_decode(str, str, /*our_features=*/NULL, /*description=*/NULL,
+		      /*must_be_chain=*/NULL, &fail_reason);
+
+	clean_tmpctx();
+	tal_free(str);
+}

tests/fuzz/fuzz-bolt11.c

@@ -126,6 +126,8 @@ void run(const uint8_t *data, size_t size)
 	const u5 *sigdata;
 	bool have_n = false;
 	char *fail;
+
+	dev_bech32_nocsum = true;
 	bolt11_decode_nosig(tmpctx, invoice_str, NULL, NULL, chainparams, &hash,
 			    &sigdata, &have_n, &fail);