highperfocused/lnd
1
0
Fork 0
mirror of https://github.com/lightningnetwork/lnd.git synced 2025-08-27 14:11:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

lnwire: validate that gossip messages contain valid TLV

Browse Source 
In this commit, we check that the extra bytes appended to gossip
messages contain valid TLV streams. We do this here for:
- channel_announcement
- channel_announcement_2
- channel_update
- channel_update_2
- node_announcement

This is in preparation for the SQL version of the graph store which will
normalise TLV streams at persistence time.
This commit is contained in:
Elle Mouton
2025-05-07 10:36:05 +02:00
parent 0db91304cf
commit 1410a0949d
7 changed files with 47 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docs/release-notes/release-notes-0.20.0.md
View File

@@ -34,7 +34,8 @@
* Graph Store SQL implementation and migration project: * Graph Store SQL implementation and migration project:
* Introduce an [abstract graph * Introduce an [abstract graph
store](https://github.com/lightningnetwork/lnd/pull/9791) interface. store](https://github.com/lightningnetwork/lnd/pull/9791) interface.
* Start [validating](https://github.com/lightningnetwork/lnd/pull/9787) that
byte blobs at the end of gossip messages are valid TLV streams.
## RPC Updates ## RPC Updates

9
lnwire/channel_announcement.go
View File

@@ -70,8 +70,8 @@ var _ SizeableMessage = (*ChannelAnnouncement1)(nil)
// io.Reader observing the specified protocol version. // io.Reader observing the specified protocol version.
// //
// This is part of the lnwire.Message interface. // This is part of the lnwire.Message interface.
func (a *ChannelAnnouncement1) Decode(r io.Reader, pver uint32) error { func (a *ChannelAnnouncement1) Decode(r io.Reader, _ uint32) error {
return ReadElements(r, err := ReadElements(r,
&a.NodeSig1, &a.NodeSig1,
&a.NodeSig2, &a.NodeSig2,
&a.BitcoinSig1, &a.BitcoinSig1,
@@ -85,6 +85,11 @@ func (a *ChannelAnnouncement1) Decode(r io.Reader, pver uint32) error {
&a.BitcoinKey2, &a.BitcoinKey2,
&a.ExtraOpaqueData, &a.ExtraOpaqueData,
) )
if err != nil {
return err
}
return a.ExtraOpaqueData.ValidateTLV()
} }
// Encode serializes the target ChannelAnnouncement into the passed io.Writer // Encode serializes the target ChannelAnnouncement into the passed io.Writer

2
lnwire/channel_announcement_2.go
View File

@@ -126,7 +126,7 @@ func (c *ChannelAnnouncement2) DecodeTLVRecords(r io.Reader) error {
c.ExtraOpaqueData = tlvRecords c.ExtraOpaqueData = tlvRecords
} }
return nil return c.ExtraOpaqueData.ValidateTLV()
} }
// Encode serializes the target AnnounceSignatures1 into the passed io.Writer // Encode serializes the target AnnounceSignatures1 into the passed io.Writer

9
lnwire/channel_update.go
View File

@@ -132,7 +132,7 @@ var _ SizeableMessage = (*ChannelUpdate1)(nil)
// io.Reader observing the specified protocol version. // io.Reader observing the specified protocol version.
// //
// This is part of the lnwire.Message interface. // This is part of the lnwire.Message interface.
func (a *ChannelUpdate1) Decode(r io.Reader, pver uint32) error { func (a *ChannelUpdate1) Decode(r io.Reader, _ uint32) error {
err := ReadElements(r, err := ReadElements(r,
&a.Signature, &a.Signature,
a.ChainHash[:], a.ChainHash[:],
@@ -156,7 +156,12 @@ func (a *ChannelUpdate1) Decode(r io.Reader, pver uint32) error {
} }
} }
return a.ExtraOpaqueData.Decode(r) err = a.ExtraOpaqueData.Decode(r)
if err != nil {
return err
}
return a.ExtraOpaqueData.ValidateTLV()
} }
// Encode serializes the target ChannelUpdate into the passed io.Writer // Encode serializes the target ChannelUpdate into the passed io.Writer

2
lnwire/channel_update_2.go
View File

@@ -154,7 +154,7 @@ func (c *ChannelUpdate2) DecodeTLVRecords(r io.Reader) error {
c.ExtraOpaqueData = tlvRecords c.ExtraOpaqueData = tlvRecords
} }
return nil return c.ExtraOpaqueData.ValidateTLV()
} }
// Encode serializes the target ChannelUpdate2 into the passed io.Writer // Encode serializes the target ChannelUpdate2 into the passed io.Writer

22
lnwire/extra_bytes.go
View File

@@ -63,6 +63,28 @@ func (e *ExtraOpaqueData) Decode(r io.Reader) error {
return nil return nil
} }
// ValidateTLV checks that the raw bytes that make up the ExtraOpaqueData
// instance are a valid TLV stream.
func (e *ExtraOpaqueData) ValidateTLV() error {
// There is nothing to validate if the ExtraOpaqueData is nil or empty.
if e == nil || len(*e) == 0 {
return nil
}
tlvStream, err := tlv.NewStream()
if err != nil {
return err
}
// Ensure that the TLV stream is valid by attempting to decode it.
_, err = tlvStream.DecodeWithParsedTypesP2P(bytes.NewReader(*e))
if err != nil {
return fmt.Errorf("invalid TLV stream: %w: %v", err, *e)
}
return nil
}
// PackRecords attempts to encode the set of tlv records into the target // PackRecords attempts to encode the set of tlv records into the target
// ExtraOpaqueData instance. The records will be encoded as a raw TLV stream // ExtraOpaqueData instance. The records will be encoded as a raw TLV stream
// and stored within the backing slice pointer. // and stored within the backing slice pointer.

9
lnwire/node_announcement.go
View File

@@ -112,8 +112,8 @@ var _ SizeableMessage = (*NodeAnnouncement)(nil)
// io.Reader observing the specified protocol version. // io.Reader observing the specified protocol version.
// //
// This is part of the lnwire.Message interface. // This is part of the lnwire.Message interface.
func (a *NodeAnnouncement) Decode(r io.Reader, pver uint32) error { func (a *NodeAnnouncement) Decode(r io.Reader, _ uint32) error {
return ReadElements(r, err := ReadElements(r,
&a.Signature, &a.Signature,
&a.Features, &a.Features,
&a.Timestamp, &a.Timestamp,
@@ -123,6 +123,11 @@ func (a *NodeAnnouncement) Decode(r io.Reader, pver uint32) error {
&a.Addresses, &a.Addresses,
&a.ExtraOpaqueData, &a.ExtraOpaqueData,
) )
if err != nil {
return err
}
return a.ExtraOpaqueData.ValidateTLV()
} }
// Encode serializes the target NodeAnnouncement into the passed io.Writer // Encode serializes the target NodeAnnouncement into the passed io.Writer