From ee8cf69f281c78d47b838200c690378b0b3918a4 Mon Sep 17 00:00:00 2001 From: Matt Morehouse Date: Tue, 17 Oct 2023 11:29:18 -0500 Subject: [PATCH] bolt11: return error on unexpected lightning prefix Remove the assertion so that an error is returned for invalid bech32. An error is preferable to crashing the entire node if there's an extra "lightning:" prefix: $ lightning-cli pay "lightning:lightning:" Node log: pay: common/bolt11.c:718: bolt11_decode_nosig: Assertion `!has_lightning_prefix(str)' failed. pay: FATAL SIGNAL 6 ... INFO plugin-pay: Killing plugin: exited during normal operation **BROKEN** plugin-pay: Plugin marked as important, shutting down lightningd --- common/bolt11.c | 1 - .../crash-98a2112c93362e35310c629081b5d60390062962 | 1 + tests/fuzz/fuzz-bolt11.c | 6 ------ 3 files changed, 1 insertion(+), 7 deletions(-) create mode 100644 tests/fuzz/corpora/fuzz-bolt11/crash-98a2112c93362e35310c629081b5d60390062962 diff --git a/common/bolt11.c b/common/bolt11.c index f20862366..4b66fafdb 100644 --- a/common/bolt11.c +++ b/common/bolt11.c @@ -721,7 +721,6 @@ struct bolt11 *bolt11_decode_nosig(const tal_t *ctx, const char *str, memset(have_field, 0, sizeof(have_field)); b11->routes = tal_arr(b11, struct route_info *, 0); - assert(!has_lightning_prefix(str)); if (strlen(str) < 8) return decode_fail(b11, fail, "Bad bech32 string"); diff --git a/tests/fuzz/corpora/fuzz-bolt11/crash-98a2112c93362e35310c629081b5d60390062962 b/tests/fuzz/corpora/fuzz-bolt11/crash-98a2112c93362e35310c629081b5d60390062962 new file mode 100644 index 000000000..0e6c3610a --- /dev/null +++ b/tests/fuzz/corpora/fuzz-bolt11/crash-98a2112c93362e35310c629081b5d60390062962 @@ -0,0 +1 @@ +lightning: \ No newline at end of file diff --git a/tests/fuzz/fuzz-bolt11.c b/tests/fuzz/fuzz-bolt11.c index d83040357..f6c483f89 100644 --- a/tests/fuzz/fuzz-bolt11.c +++ b/tests/fuzz/fuzz-bolt11.c @@ -102,12 +102,6 @@ size_t LLVMFuzzerCustomMutator(uint8_t *fuzz_data, size_t size, size_t max_size, return initial_input(fuzz_data, size, max_size); } - // Strip (repeated) "lightning:" prefixes - while (strstarts(output, "lightning:") || - strstarts(output, "LIGHTNING:")) { - output = (char *)to_canonical_invstr(tmpctx, output); - } - // Write the result into `fuzz_data`. size_t output_len = strlen(output); if (output_len > max_size)