From 17f7b9f322d5547edb7bed4ec04855281f922df1 Mon Sep 17 00:00:00 2001 From: adiabat Date: Thu, 9 Feb 2023 19:28:47 -0500 Subject: [PATCH] routerrpc: Check for nil IncomingCircuitKey The grpc stream.Recv() will decode an ForwardHtlcInterceptResponse without an IncomingCircuit, which will leave that pointer nil, causing a nil pointer dereferece when components of in.IncomingCircuitKey are used in the resolveFromClient() function. This commit checks for the nil pointer and returns an error before the rest of the parsing. --- docs/release-notes/release-notes-0.16.0.md | 3 +++ lnrpc/routerrpc/forward_interceptor.go | 5 +++++ 2 files changed, 8 insertions(+) diff --git a/docs/release-notes/release-notes-0.16.0.md b/docs/release-notes/release-notes-0.16.0.md index 411abb84c..6bb1b51f9 100644 --- a/docs/release-notes/release-notes-0.16.0.md +++ b/docs/release-notes/release-notes-0.16.0.md @@ -125,6 +125,9 @@ current gossip sync query status. update in order to use the new versioned RPC and upgrade any on-chain outputs to the new version. +* [A bug has been fixed which could cause `lnd` to crash when parsing a + malformed HTLC intercept message](https://github.com/lightningnetwork/lnd/pull/7392). + ## Wallet * [Allows Taproot public keys and tap scripts to be imported as watch-only diff --git a/lnrpc/routerrpc/forward_interceptor.go b/lnrpc/routerrpc/forward_interceptor.go index 3ee11f1b1..8af1a21f6 100644 --- a/lnrpc/routerrpc/forward_interceptor.go +++ b/lnrpc/routerrpc/forward_interceptor.go @@ -100,6 +100,11 @@ func (r *forwardInterceptor) onIntercept( func (r *forwardInterceptor) resolveFromClient( in *ForwardHtlcInterceptResponse) error { + if in.IncomingCircuitKey == nil { + return status.Errorf(codes.InvalidArgument, + "CircuitKey missing from ForwardHtlcInterceptResponse") + } + log.Tracef("Resolving intercepted packet %v", in) circuitKey := models.CircuitKey{