From 604122e787834e1a5b6b20d402cfe3f8871d572a Mon Sep 17 00:00:00 2001
From: Rusty Russell <rusty@rustcorp.com.au>
Date: Fri, 6 May 2016 16:22:11 +0930
Subject: [PATCH] daemon: permute input in steal transaction.

This is just generally good practice.  All our other txs are single-input,
so we've not needed to permute inputs before.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
---
 daemon/peer.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/daemon/peer.c b/daemon/peer.c
index ca525808d..8273e8f69 100644
--- a/daemon/peer.c
+++ b/daemon/peer.c
@@ -11,6 +11,7 @@
 #include "log.h"
 #include "names.h"
 #include "peer.h"
+#include "permute_tx.h"
 #include "pseudorand.h"
 #include "secrets.h"
 #include "state.h"
@@ -888,6 +889,7 @@ static void resolve_cheating(struct peer *peer)
 	struct bitcoin_tx *steal_tx;
 	u8 **wscripts;
 	size_t i, n, num_to_steal;
+	int *map;
 
 	peer->closing_onchain.resolved
 		= tal_arrz(tx, const struct bitcoin_tx *, tal_count(ci->map));
@@ -988,14 +990,18 @@ static void resolve_cheating(struct peer *peer)
 	}
 	assert(n == num_to_steal);
 
+	/* This obscures the order in which HTLCs were received, at least. */
+	map = tal_arr(steal_tx, int, num_to_steal);
+	permute_inputs(steal_tx->input, steal_tx->input_count, map);
+
 	/* Now, we can sign them all (they're all of same form). */
 	for (n = 0; n < num_to_steal; n++) {
 		struct bitcoin_signature sig;
 
 		sig.stype = SIGHASH_ALL;
-		peer_sign_steal_input(peer, steal_tx, n, wscripts[n], &sig.sig);
+		peer_sign_steal_input(peer, steal_tx, map[n], wscripts[n], &sig.sig);
 
-		steal_tx->input[n].witness
+		steal_tx->input[map[n]].witness
 			= bitcoin_witness_secret(steal_tx,
 						 ci->revocation_preimage,
 						 sizeof(*ci->revocation_preimage),