From 55e8634a1f7bbb96f91f35a3d0f4bc229cd2f23a Mon Sep 17 00:00:00 2001 From: Rusty Russell Date: Tue, 8 Jan 2019 11:23:26 +1030 Subject: [PATCH] channeld: don't fail channel on unknown code in update_fail_malformed_htlc. We will probably not add another BADONION code, but this is safer. Suggested-by: @cdecker Signed-off-by: Rusty Russell --- channeld/channeld.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/channeld/channeld.c b/channeld/channeld.c index c2a06d185..3d9e9ff64 100644 --- a/channeld/channeld.c +++ b/channeld/channeld.c @@ -1605,16 +1605,23 @@ static void handle_peer_fail_malformed_htlc(struct peer *peer, const u8 *msg) * `update_fail_malformed_htlc`: * - MUST fail the channel. */ - /* We only handle these cases. */ - if (failure_code != WIRE_INVALID_ONION_VERSION - && failure_code != WIRE_INVALID_ONION_HMAC - && failure_code != WIRE_INVALID_ONION_KEY) { + if (!(failure_code & BADONION)) { peer_failed(&peer->cs, &peer->channel_id, "Bad update_fail_malformed_htlc failure code %u", failure_code); } - assert(failure_code & BADONION); + + /* We only handle these cases in make_failmsg, so convert any + * (future?) unknown one. */ + if (failure_code != WIRE_INVALID_ONION_VERSION + && failure_code != WIRE_INVALID_ONION_HMAC + && failure_code != WIRE_INVALID_ONION_KEY) { + status_unusual("Unknown update_fail_malformed_htlc code %u:" + " sending temporary_channel_failure", + failure_code); + failure_code = WIRE_TEMPORARY_CHANNEL_FAILURE; + } e = channel_fail_htlc(peer->channel, LOCAL, id, &htlc); switch (e) {