From 85f065a6e71468f872f63eb374132d9d353d5c0f Mon Sep 17 00:00:00 2001 From: Rusty Russell Date: Fri, 15 Dec 2017 20:59:37 +1030 Subject: [PATCH] peer_control: close leak in sign_last_tx. We can call this multiple times. The best solution is to add and remove the signature so it's always unsigned as we expect it. Signed-off-by: Rusty Russell --- lightningd/peer_control.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lightningd/peer_control.c b/lightningd/peer_control.c index 7af4550e7..a927a65f4 100644 --- a/lightningd/peer_control.c +++ b/lightningd/peer_control.c @@ -146,6 +146,8 @@ static void sign_last_tx(struct peer *peer) struct secrets secrets; secp256k1_ecdsa_signature sig; + assert(!peer->last_tx->input[0].witness); + derive_basepoints(peer->seed, &local_funding_pubkey, NULL, &secrets, NULL); @@ -170,6 +172,12 @@ static void sign_last_tx(struct peer *peer) tal_free(tmpctx); } +static void remove_sig(struct bitcoin_tx *signed_tx) +{ + signed_tx->input[0].amount = tal_free(signed_tx->input[0].amount); + signed_tx->input[0].witness = tal_free(signed_tx->input[0].witness); +} + static void drop_to_chain(struct peer *peer) { sign_last_tx(peer); @@ -177,6 +185,7 @@ static void drop_to_chain(struct peer *peer) /* Keep broadcasting until we say stop (can fail due to dup, * if they beat us to the broadcast). */ broadcast_tx(peer->ld->topology, peer, peer->last_tx, NULL); + remove_sig(peer->last_tx); } /* This lets us give a more detailed error than just a destructor. */ @@ -2745,6 +2754,7 @@ static void json_sign_last_tx(struct command *cmd, tal_count(peer->last_tx->output)); sign_last_tx(peer); linear = linearize_tx(cmd, peer->last_tx); + remove_sig(peer->last_tx); json_object_start(response, NULL); json_add_hex(response, "tx", linear, tal_len(linear));