From 6e9ae98e1e8a87d62d0a177e75cfd89097ee1848 Mon Sep 17 00:00:00 2001 From: Rusty Russell Date: Tue, 26 Jun 2018 14:38:35 +0930 Subject: [PATCH] lightningd: don't send uninialized malformed fields to channeld. ==1224== Uninitialised byte(s) found during client check request ==1224== at 0x152CAD: memcheck_ (mem.h:247) ==1224== by 0x152D18: towire (towire.c:17) ==1224== by 0x152DA1: towire_u16 (towire.c:28) ==1224== by 0x142189: towire_failed_htlc (htlc_wire.c:29) ==1224== by 0x16343F: towire_channel_init (gen_channel_wire.c:596) ==1224== by 0x115C2C: peer_start_channeld (channel_control.c:249) ==1224== by 0x131701: peer_connected (peer_control.c:503) ==1224== by 0x117820: gossip_msg (gossip_control.c:182) ==1224== by 0x139D97: sd_msg_read (subd.c:500) ==1224== by 0x139676: read_fds (subd.c:327) ==1224== by 0x179D52: next_plan (io.c:59) ==1224== by 0x17A84F: do_plan (io.c:387) ==1224== Address 0x1ffefffabe is on thread 1's stack ==1224== in frame #2, created by towire_u16 (towire.c:26) Followed by: 2018-06-18T21:53:04.129Z lightningd(1224): 03933884aaf1d6b108397e5efe5c86bcf2d8ca8d2f700eda99db9214fc2712b134 chan #1: Peer permanent failure in CHANNELD_NORMAL: lightning_channeld: received ERROR channel d0101486543e1a8b6871556a4fe1fba4ad4d83ce7f6f92919fd17bd1545d2fd5: UpdateFailMalformedHtlc message doesn't have BADONION bit set Signed-off-by: Rusty Russell --- lightningd/peer_htlcs.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/lightningd/peer_htlcs.c b/lightningd/peer_htlcs.c index a5194dbfa..888eed31e 100644 --- a/lightningd/peer_htlcs.c +++ b/lightningd/peer_htlcs.c @@ -1384,6 +1384,7 @@ static void add_fulfill(u64 id, enum side side, } static void add_fail(u64 id, enum side side, + enum onion_type malformed, const u8 *failuremsg, const struct failed_htlc ***failed_htlcs, enum side **failed_sides) @@ -1396,8 +1397,12 @@ static void add_fail(u64 id, enum side side, *f = tal(*failed_htlcs, struct failed_htlc); (*f)->id = id; - (*f)->failreason - = tal_dup_arr(*f, u8, failuremsg, tal_len(failuremsg), 0); + (*f)->malformed = malformed; + if (failuremsg) + (*f)->failreason + = tal_dup_arr(*f, u8, failuremsg, tal_len(failuremsg), 0); + else + (*f)->failreason = NULL; *s = side; } @@ -1435,9 +1440,9 @@ void peer_htlcs(const tal_t *ctx, hin->cltv_expiry, hin->onion_routing_packet, hin->hstate); - if (hin->failuremsg) - add_fail(hin->key.id, REMOTE, hin->failuremsg, - failed_htlcs, failed_sides); + if (hin->failuremsg || hin->failcode) + add_fail(hin->key.id, REMOTE, hin->failcode, + hin->failuremsg, failed_htlcs, failed_sides); if (hin->preimage) add_fulfill(hin->key.id, REMOTE, hin->preimage, fulfilled_htlcs, fulfilled_sides); @@ -1454,9 +1459,9 @@ void peer_htlcs(const tal_t *ctx, hout->cltv_expiry, hout->onion_routing_packet, hout->hstate); - if (hout->failuremsg) - add_fail(hout->key.id, LOCAL, hout->failuremsg, - failed_htlcs, failed_sides); + if (hout->failuremsg || hout->failcode) + add_fail(hout->key.id, LOCAL, hout->failcode, + hout->failuremsg, failed_htlcs, failed_sides); if (hout->preimage) add_fulfill(hout->key.id, LOCAL, hout->preimage, fulfilled_htlcs, fulfilled_sides);