core-lightning/common/psbt_internal.c
Rusty Russell cf55d40eca psbt: fix dual-funding memleak.
This happened occasionally in tests/test_opening.py::test_rbf_fails_to_broadcast:
we overwrote the witness stack without freeing the old one.

```
lightningd-2: 2022-03-18T02:23:32.113Z **BROKEN** 0266e4598d1d3c415f572a8488830b60f7e744ed9235eb0b1ba93283b315c03518-dualopend-chan#1: MEMLEAK: 0x559c375d9df8
lightningd-2: 2022-03-18T02:23:32.113Z **BROKEN** 0266e4598d1d3c415f572a8488830b60f7e744ed9235eb0b1ba93283b315c03518-dualopend-chan#1:   label=wally_tal
lightningd-2: 2022-03-18T02:23:32.114Z **BROKEN** 0266e4598d1d3c415f572a8488830b60f7e744ed9235eb0b1ba93283b315c03518-dualopend-chan#1:   backtrace:
lightningd-2: 2022-03-18T02:23:32.114Z **BROKEN** 0266e4598d1d3c415f572a8488830b60f7e744ed9235eb0b1ba93283b315c03518-dualopend-chan#1:     ccan/ccan/tal/tal.c:442 (tal_alloc_)
lightningd-2: 2022-03-18T02:23:32.114Z **BROKEN** 0266e4598d1d3c415f572a8488830b60f7e744ed9235eb0b1ba93283b315c03518-dualopend-chan#1:     ccan/ccan/tal/tal.c:471 (tal_alloc_arr_)
lightningd-2: 2022-03-18T02:23:32.114Z **BROKEN** 0266e4598d1d3c415f572a8488830b60f7e744ed9235eb0b1ba93283b315c03518-dualopend-chan#1:     common/setup.c:13 (wally_tal)
lightningd-2: 2022-03-18T02:23:32.114Z **BROKEN** 0266e4598d1d3c415f572a8488830b60f7e744ed9235eb0b1ba93283b315c03518-dualopend-chan#1:     ../../../libwally-core/src/internal.c:285 (wally_calloc)
lightningd-2: 2022-03-18T02:23:32.114Z **BROKEN** 0266e4598d1d3c415f572a8488830b60f7e744ed9235eb0b1ba93283b315c03518-dualopend-chan#1:     ../../../libwally-core/src/transaction.c:234 (wally_tx_witness_stack_init_alloc)
lightningd-2: 2022-03-18T02:23:32.114Z **BROKEN** 0266e4598d1d3c415f572a8488830b60f7e744ed9235eb0b1ba93283b315c03518-dualopend-chan#1:     ../../../libwally-core/src/psbt.c:1119 (pull_psbt_input)
lightningd-2: 2022-03-18T02:23:32.114Z **BROKEN** 0266e4598d1d3c415f572a8488830b60f7e744ed9235eb0b1ba93283b315c03518-dualopend-chan#1:     ../../../libwally-core/src/psbt.c:1411 (wally_psbt_from_bytes)
lightningd-2: 2022-03-18T02:23:32.114Z **BROKEN** 0266e4598d1d3c415f572a8488830b60f7e744ed9235eb0b1ba93283b315c03518-dualopend-chan#1:     bitcoin/psbt.c:722 (psbt_from_bytes)
lightningd-2: 2022-03-18T02:23:32.115Z **BROKEN** 0266e4598d1d3c415f572a8488830b60f7e744ed9235eb0b1ba93283b315c03518-dualopend-chan#1:     bitcoin/psbt.c:753 (fromwire_wally_psbt)
lightningd-2: 2022-03-18T02:23:32.115Z **BROKEN** 0266e4598d1d3c415f572a8488830b60f7e744ed9235eb0b1ba93283b315c03518-dualopend-chan#1:     openingd/dualopend_wiregen.c:246 (fromwire_dualopend_reinit)
lightningd-2: 2022-03-18T02:23:32.115Z **BROKEN** 0266e4598d1d3c415f572a8488830b60f7e744ed9235eb0b1ba93283b315c03518-dualopend-chan#1:     openingd/dualopend.c:3855 (main)
lightningd-2: 2022-03-18T02:23:32.115Z **BROKEN** 0266e4598d1d3c415f572a8488830b60f7e744ed9235eb0b1ba93283b315c03518-dualopend-chan#1:   parents:
lightningd-2: 2022-03-18T02:23:32.115Z **BROKEN** 0266e4598d1d3c415f572a8488830b60f7e744ed9235eb0b1ba93283b315c03518-dualopend-chan#1:     struct wally_psbt
lightningd-2: 2022-03-18T02:23:32.115Z **BROKEN** 0266e4598d1d3c415f572a8488830b60f7e744ed9235eb0b1ba93283b315c03518-dualopend-chan#1:     openingd/dualopend.c:3804:struct state
lightningd-2: 2022-03-18T02:23:32.115Z **BROKEN** 0266e4598d1d3c415f572a8488830b60f7e744ed9235eb0b1ba932
```

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2022-03-21 10:19:50 +10:30

106 lines
3.0 KiB
C

#include "config.h"
#include <bitcoin/script.h>
#include <common/psbt_internal.h>
#include <common/psbt_open.h>
#include <wire/peer_wire.h>
static void
psbt_input_set_final_witness_stack(const tal_t *ctx,
struct wally_psbt_input *in,
const struct witness_element **elements)
{
wally_tx_witness_stack_free(in->final_witness);
tal_wally_start();
wally_tx_witness_stack_init_alloc(tal_count(elements),
&in->final_witness);
for (size_t i = 0; i < tal_count(elements); i++)
wally_tx_witness_stack_add(in->final_witness,
elements[i]->witness,
tal_bytelen(elements[i]->witness));
tal_wally_end(ctx);
}
void psbt_finalize_input(const tal_t *ctx,
struct wally_psbt_input *in,
const struct witness_element **elements)
{
psbt_input_set_final_witness_stack(ctx, in, elements);
/* There's this horrible edgecase where we set the final_witnesses
* directly onto the PSBT, but the input is a P2SH-wrapped input
* (which has redeemscripts that belong in the scriptsig). Because
* of how the internal libwally stuff works calling 'finalize'
* on these just .. ignores it!? Murder. Anyway, here we do a final
* scriptsig check -- if there's a redeemscript field still around we
* just go ahead and mush it into the final_scriptsig field. */
if (in->redeem_script) {
u8 *redeemscript = tal_dup_arr(NULL, u8,
in->redeem_script,
in->redeem_script_len, 0);
in->final_scriptsig =
bitcoin_scriptsig_redeem(NULL,
take(redeemscript));
in->final_scriptsig_len =
tal_bytelen(in->final_scriptsig);
in->redeem_script = tal_free(in->redeem_script);
in->redeem_script_len = 0;
}
}
const struct witness_stack **
psbt_to_witness_stacks(const tal_t *ctx,
const struct wally_psbt *psbt,
enum tx_role side_to_stack)
{
size_t stack_index;
u64 serial_id;
const struct witness_stack **stacks
= tal_arr(ctx, const struct witness_stack *, psbt->num_inputs);
stack_index = 0;
for (size_t i = 0; i < psbt->num_inputs; i++) {
if (!psbt_get_serial_id(&psbt->inputs[i].unknowns,
&serial_id))
/* FIXME: throw an error ? */
return NULL;
/* BOLT-f53ca2301232db780843e894f55d95d512f297f9 #2:
* - if is the *initiator*:
* - MUST send even `serial_id`s
*/
if (serial_id % 2 == side_to_stack) {
struct wally_tx_witness_stack *wtx_s =
psbt->inputs[i].final_witness;
struct witness_stack *stack =
tal(stacks, struct witness_stack);
/* Convert the wally_tx_witness_stack to
* a witness_stack entry */
stack->witness_element =
tal_arr(stack, struct witness_element *,
wtx_s->num_items);
for (size_t j = 0; j < tal_count(stack->witness_element); j++) {
stack->witness_element[j] = tal(stack,
struct witness_element);
stack->witness_element[j]->witness =
tal_dup_arr(stack, u8,
wtx_s->items[j].witness,
wtx_s->items[j].witness_len,
0);
}
stacks[stack_index++] = stack;
}
}
if (stack_index == 0)
return tal_free(stacks);
tal_resize(&stacks, stack_index);
return stacks;
}