From 2ecf5e6bd55bd5e23bcb67de70c7d9f2ab32e960 Mon Sep 17 00:00:00 2001
From: Rusty Russell <rusty@rustcorp.com.au>
Date: Thu, 1 Aug 2024 09:33:34 +0930
Subject: [PATCH] BOLT12: reject zero-length blinded paths.

This is a good idea, but also specifically called out in the latest BOLT spec.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
---
 common/bolt12.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/common/bolt12.c b/common/bolt12.c
index ff1df9e04..3cf1143f5 100644
--- a/common/bolt12.c
+++ b/common/bolt12.c
@@ -228,6 +228,17 @@ struct tlv_offer *offer_decode(const tal_t *ctx,
 		return tal_free(offer);
 	}
 
+	/* BOLT-offers #12:
+	 *   - if `num_hops` is 0 in any `blinded_path` in `offer_paths`:
+	 *     - MUST NOT respond to the offer.
+	 */
+	for (size_t i = 0; i < tal_count(offer->offer_paths); i++) {
+		if (tal_count(offer->offer_paths[i]->path) == 0) {
+			*fail = tal_strdup(ctx, "Offer contains an empty offer_path");
+			return tal_free(offer);
+		}
+	}
+
 	return offer;
 }
 
@@ -285,6 +296,17 @@ struct tlv_invoice_request *invrequest_decode(const tal_t *ctx,
 		return tal_free(invrequest);
 	}
 
+	/* BOLT-offers #12:
+	 *   - if `num_hops` is 0 in any `blinded_path` in `invreq_paths`:
+	 *     - MUST fail the request.
+	 */
+	for (size_t i = 0; i < tal_count(invrequest->invreq_paths); i++) {
+		if (tal_count(invrequest->invreq_paths[i]->path) == 0) {
+			*fail = tal_strdup(ctx, "Invoice request contains an empty invreq_path");
+			return tal_free(invrequest);
+		}
+	}
+
 	return invrequest;
 }