rpc: limit the larger invoice expiry to 1 year

This is a follow up to the prior commit. In order to add an additional layer of defense, we'll reject any expiry greater than 1 year.
2025-02-23 06:35:07 +01:00 · 2018-03-29 16:25:03 -07:00 · 2018-03-29 16:25:03 -07:00 · ef4512d1d8
commit ef4512d1d8
parent 10847170ee
1 changed files with 15 additions and 2 deletions
--- a/rpcserver.go
+++ b/rpcserver.go
@ -2122,8 +2122,21 @@ func (r *rpcServer) AddInvoice(ctx context.Context,
 	// will be explicitly added to this payment request, which will imply
 	// the default 3600 seconds.
 	if invoice.Expiry > 0 {
-		exp := time.Duration(invoice.Expiry) * time.Second
-		options = append(options, zpay32.Expiry(exp))
+
+		// We'll ensure that the specified expiry is restricted to sane
+		// number of seconds. As a result, we'll reject an invoice with
+		// an expiry greater than 1 year.
+		maxExpiry := time.Hour * 24 * 365
+		expSeconds := invoice.Expiry
+
+		if float64(expSeconds) > maxExpiry.Seconds() {
+			return nil, fmt.Errorf("expiry of %v seconds "+
+				"greater than max expiry of %v seconds",
+				float64(expSeconds), maxExpiry.Seconds())
+		}
+
+		expiry := time.Duration(invoice.Expiry) * time.Second
+		options = append(options, zpay32.Expiry(expiry))
 	}

 	// If the description hash is set, then we add it do the list of options.