From 81db5896e134b8bd50ddfde372e4040917f1e1fe Mon Sep 17 00:00:00 2001
From: Rusty Russell <rusty@rustcorp.com.au>
Date: Tue, 24 Oct 2017 12:53:43 +1030
Subject: [PATCH] common/json: remove asserts() which may trigger from user
 input.

They don't currently, since callers check, but be safe.  In addition,
handle NULL returns from these in the bitcoind code.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
---
 common/json.c         | 10 ++++++----
 lightningd/bitcoind.c |  8 ++++++++
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/common/json.c b/common/json.c
index 0995af3ff..afb237ee3 100644
--- a/common/json.c
+++ b/common/json.c
@@ -157,7 +157,8 @@ const jsmntok_t *json_get_member(const char *buffer, const jsmntok_t tok[],
 {
 	const jsmntok_t *t, *end;
 
-	assert(tok->type == JSMN_OBJECT);
+	if (tok->type != JSMN_OBJECT)
+		return NULL;
 
 	end = json_next(tok);
 	for (t = tok + 1; t < end; t = json_next(t+1))
@@ -171,7 +172,8 @@ const jsmntok_t *json_get_arr(const jsmntok_t tok[], size_t index)
 {
 	const jsmntok_t *t, *end;
 
-	assert(tok->type == JSMN_ARRAY);
+	if (tok->type != JSMN_ARRAY)
+		return NULL;
 
 	end = json_next(tok);
 	for (t = tok + 1; t < end; t = json_next(t)) {
@@ -235,8 +237,8 @@ bool json_get_params(const char *buffer, const jsmntok_t param[], ...)
 		else
 			p = param + 1;
 		end = json_next(param);
-	} else
-		assert(param->type == JSMN_OBJECT);
+	} else if (param->type != JSMN_OBJECT)
+		return false;
 
 	va_start(ap, param);
 	while ((name = va_arg(ap, const char *)) != NULL) {
diff --git a/lightningd/bitcoind.c b/lightningd/bitcoind.c
index 7ef13564b..fdaff76b7 100644
--- a/lightningd/bitcoind.c
+++ b/lightningd/bitcoind.c
@@ -342,6 +342,14 @@ static void process_chaintips(struct bitcoin_cli *bcli)
 		const jsmntok_t *status = json_get_member(bcli->output, t, "status");
 		const jsmntok_t *hash = json_get_member(bcli->output, t, "hash");
 
+		if (!status || !hash) {
+			log_broken(bcli->bitcoind->log,
+				   "%s: No status & hash: %.*s",
+				    bcli_args(bcli),
+				    (int)bcli->output_bytes, bcli->output);
+			continue;
+		}
+
 		if (!json_tok_streq(bcli->output, status, "active")) {
 			log_debug(bcli->bitcoind->log,
 				  "Ignoring chaintip %.*s status %.*s",