Disallow sending invalid custom OM TLVs

Onion message data TLV types must be >= 64, enforce this on send
2025-03-15 15:39:09 +01:00 · 2022-10-18 13:33:45 -04:00 · 2022-10-18 13:33:45 -04:00 · 4905268b65
commit 4905268b65
parent 7664957bc9
2 changed files with 32 additions and 0 deletions
--- a/lightning/src/onion_message/functional_tests.rs
+++ b/lightning/src/onion_message/functional_tests.rs
@ -217,6 +217,33 @@ fn reply_path() {
 		format!("Received an onion message with path_id None and a reply_path").to_string(), 2);
 }

+#[test]
+fn invalid_custom_message_type() {
+	let nodes = create_nodes(2);
+
+	struct InvalidCustomMessage{}
+	impl CustomOnionMessageContents for InvalidCustomMessage {
+		fn tlv_type(&self) -> u64 {
+			// Onion message contents must have a TLV >= 64.
+			63
+		}
+	}
+
+	impl Writeable for InvalidCustomMessage {
+		fn write<W: Writer>(&self, _w: &mut W) -> Result<(), io::Error> { unreachable!() }
+	}
+
+	impl MaybeReadableArgs<u64> for InvalidCustomMessage {
+		fn read<R: io::Read>(_buffer: &mut R, _message_type: u64) -> Result<Option<Self>, DecodeError> where Self: Sized {
+			unreachable!()
+		}
+	}
+
+	let test_msg = OnionMessageContents::Custom(InvalidCustomMessage {});
+	let err = nodes[0].messenger.send_onion_message(&[], Destination::Node(nodes[1].get_node_pk()), test_msg, None).unwrap_err();
+	assert_eq!(err, SendError::InvalidMessage);
+}
+
 #[test]
 fn peer_buffer_full() {
 	let nodes = create_nodes(2);
--- a/lightning/src/onion_message/messenger.rs
+++ b/lightning/src/onion_message/messenger.rs
@ -156,6 +156,8 @@ pub enum SendError {
 	TooFewBlindedHops,
 	/// Our next-hop peer was offline or does not support onion message forwarding.
 	InvalidFirstHop,
+	/// Onion message contents must have a TLV type >= 64.
+	InvalidMessage,
 	/// Our next-hop peer's buffer was full or our total outbound buffer was full.
 	BufferFull,
 }
@ -205,6 +207,9 @@ impl<Signer: Sign, K: Deref, L: Deref, CMH: Deref> OnionMessenger<Signer, K, L,
 				return Err(SendError::TooFewBlindedHops);
 			}
 		}
+		let OnionMessageContents::Custom(ref msg) = message;
+		if msg.tlv_type() < 64 { return Err(SendError::InvalidMessage) }
+
 		let blinding_secret_bytes = self.keys_manager.get_secure_random_bytes();
 		let blinding_secret = SecretKey::from_slice(&blinding_secret_bytes[..]).expect("RNG is busted");
 		let (introduction_node_id, blinding_point) = if intermediate_nodes.len() != 0 {