highperfocused/lnd
1
0
Fork 0
mirror of https://github.com/lightningnetwork/lnd.git synced 2025-06-30 18:43:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

multi: update to tlv/v1.1.0 and use new *P2P tlv decoding variants

Browse Source 
This changes the call-sites in several places to use the *P2P variants
to not trigger an OOM on untrusted input. This makes the code safe with
the new tlv version. Note that the call-sites prior to this change were
also safe.
This commit is contained in:
eugene
2022-12-02 14:51:53 -05:00
parent 91c0a19807
commit 032632b4e0
5 changed files with 13 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lnwire/extra_bytes.go
View File

@ -97,7 +97,9 @@ func (e *ExtraOpaqueData) ExtractRecords(recordProducers ...tlv.RecordProducer)
return nil, err
}
return tlvStream.DecodeWithParsedTypes(extraBytesReader)
// Since ExtraOpaqueData is provided by a potentially malicious peer,
// pass it into the P2P decoding variant.
return tlvStream.DecodeWithParsedTypesP2P(extraBytesReader)
}
// EncodeMessageExtraData encodes the given recordProducers into the given