mirrors/core-lightning
1
0
Fork 0
mirror of https://github.com/ElementsProject/lightning.git synced 2025-01-19 05:44:12 +01:00
Code Issues Projects Releases Wiki Activity

lightningd: don't run off end of buffer if db_hook returns nonsense.

Browse Source 
It shouldn't return nonsense, but it did, and we segfaulted.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This commit is contained in:
Rusty Russell 2022-06-26 14:16:01 +09:30
parent 6221ac621d
commit b4820d6706
1 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
lightningd/plugin_hook.c
View File

@ -303,7 +303,10 @@ static void db_hook_response(const char *buffer, const jsmntok_t *toks,
resulttok = json_get_member(buffer, toks, "result");
if (!resulttok)
fatal("Plugin '%s' returned an invalid response to the "
"db_write hook: %s", dwh_req->plugin->cmd, buffer);
"db_write hook: %.*s",
dwh_req->plugin->cmd,
json_tok_full_len(toks),
json_tok_full(buffer, toks));
/* We expect result: { 'result' : 'continue' }.
* Anything else we abort.
@ -311,14 +314,16 @@ static void db_hook_response(const char *buffer, const jsmntok_t *toks,
resulttok = json_get_member(buffer, resulttok, "result");
if (resulttok) {
if (!json_tok_streq(buffer, resulttok, "continue"))
fatal("Plugin '%s' returned failed db_write: %s.",
fatal("Plugin '%s' returned failed db_write: %.*s.",
dwh_req->plugin->cmd,
buffer);
json_tok_full_len(toks),
json_tok_full(buffer, toks));
} else
fatal("Plugin '%s' returned an invalid result to the db_write "
"hook: %s",
"hook: %.*s",
dwh_req->plugin->cmd,
buffer);
json_tok_full_len(toks),
json_tok_full(buffer, toks));
assert((*dwh_req->num_hooks) != 0);
--(*dwh_req->num_hooks);