From 5e71de781997733393495288e5eebc3eeedfb833 Mon Sep 17 00:00:00 2001 From: niftynei Date: Tue, 27 Oct 2020 17:14:56 -0500 Subject: [PATCH] df-spec: fail the open if they send us too many tx-collab msgs --- openingd/dualopend.c | 64 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) diff --git a/openingd/dualopend.c b/openingd/dualopend.c index 83a408c21..3a733eb4b 100644 --- a/openingd/dualopend.c +++ b/openingd/dualopend.c @@ -61,6 +61,21 @@ #define REQ_FD STDIN_FILENO #define HSM_FD 6 +/* tx_add_input, tx_add_output, tx_rm_input, tx_rm_output */ +#define NUM_TX_MSGS (TX_RM_OUTPUT + 1) +enum tx_msgs { + TX_ADD_INPUT, + TX_ADD_OUTPUT, + TX_RM_INPUT, + TX_RM_OUTPUT, +}; + +/* + * BOLT-544bda7144d91b3f51856189b8932610649f9e93 #2: + - MUST NOT send more than 2^12 ... messages + */ +#define MAX_TX_MSG_RCVD (1 << 12) + /* Global state structure. This is only for the one specific peer and channel */ struct state { struct per_peer_state *pps; @@ -124,6 +139,9 @@ struct state { /* The serial_id of the funding output */ u64 funding_serial; + + /* Track how many of each tx collab msg we receive */ + u16 tx_msg_count[NUM_TX_MSGS]; }; #if EXPERIMENTAL_FEATURES @@ -861,6 +879,17 @@ static bool run_tx_interactive(struct state *state, tal_hex(tmpctx, msg)); check_channel_id(state, &cid, &state->channel_id); + + /* + * BOLT-544bda7144d91b3f51856189b8932610649f9e93 #2: + * The receiving node: + * - MUST fail the transaction collaboration if: + * - it receives more than 2^12 `tx_add_input` + * messages */ + if (++state->tx_msg_count[TX_ADD_INPUT] > MAX_TX_MSG_RCVD) + peer_failed(state->pps, &state->channel_id, + "Too many `tx_add_input`s" + " received"); /* * BOLT-fe0351ca2cea3105c4f2eb18c571afca9d21c85b #2: * - if is the `initiator`: @@ -975,6 +1004,17 @@ static bool run_tx_interactive(struct state *state, check_channel_id(state, &cid, &state->channel_id); + /* + * BOLT-544bda7144d91b3f51856189b8932610649f9e93 #2: + * The receiving node: + * - MUST fail the transaction collaboration if: + * - it receives more than 2^12 `tx_rm_input` + * messages */ + if (++state->tx_msg_count[TX_RM_INPUT] > MAX_TX_MSG_RCVD) + peer_failed(state->pps, &state->channel_id, + "Too many `tx_rm_input`s" + " received"); + /* BOLT-fe0351ca2cea3105c4f2eb18c571afca9d21c85b #2 * The sending node: * - MUST NOT send a `tx_remove_input` for an @@ -1006,6 +1046,17 @@ static bool run_tx_interactive(struct state *state, tal_hex(tmpctx, msg)); check_channel_id(state, &cid, &state->channel_id); + /* + * BOLT-544bda7144d91b3f51856189b8932610649f9e93 #2: + * The receiving node: + * - MUST fail the transaction collaboration if: + * - it receives more than 2^12 `tx_add_output` + * messages */ + if (++state->tx_msg_count[TX_ADD_OUTPUT] > MAX_TX_MSG_RCVD) + peer_failed(state->pps, &state->channel_id, + "Too many `tx_add_output`s" + " received"); + /* BOLT-fe0351ca2cea3105c4f2eb18c571afca9d21c85b #2 * The receiving node: * ... @@ -1037,6 +1088,17 @@ static bool run_tx_interactive(struct state *state, check_channel_id(state, &cid, &state->channel_id); + /* + * BOLT-544bda7144d91b3f51856189b8932610649f9e93 #2: + * The receiving node: + * - MUST fail the transaction collaboration if: + * - it receives more than 2^12 `tx_rm_output` + * messages */ + if (++state->tx_msg_count[TX_RM_OUTPUT] > MAX_TX_MSG_RCVD) + peer_failed(state->pps, &state->channel_id, + "Too many `tx_rm_output`s" + " received"); + /* BOLT-fe0351ca2cea3105c4f2eb18c571afca9d21c85b #2 * The sending node: * - MUST NOT send a `tx_remove_ouput` for an @@ -2116,6 +2178,8 @@ int main(int argc, char *argv[]) * handle_peer_gossip_or_error compares this. */ memset(&state->channel_id, 0, sizeof(state->channel_id)); state->channel = NULL; + for (size_t i = 0; i < NUM_TX_MSGS; i++) + state->tx_msg_count[i] = 0; /*~ We set these to NULL, meaning no requirements on shutdown */ state->upfront_shutdown_script[LOCAL]