highperfocused/lnd
1
0
Fork 0
mirror of https://github.com/lightningnetwork/lnd.git synced 2025-06-26 00:31:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

rpc: limit the larger invoice expiry to 1 year

Browse Source 
This is a follow up to the prior commit. In order to add an additional
layer of defense, we'll reject any expiry greater than 1 year.
This commit is contained in:
Olaoluwa Osuntokun 2018-03-29 16:25:03 -07:00
parent 10847170ee
commit ef4512d1d8
No known key found for this signature in database
GPG Key ID: 964EA263DD637C21
1 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
rpcserver.go
View File

@ -2122,8 +2122,21 @@ func (r *rpcServer) AddInvoice(ctx context.Context,
// will be explicitly added to this payment request, which will imply // will be explicitly added to this payment request, which will imply
// the default 3600 seconds. // the default 3600 seconds.
if invoice.Expiry > 0 { if invoice.Expiry > 0 {
exp := time.Duration(invoice.Expiry) * time.Second
options = append(options, zpay32.Expiry(exp)) // We'll ensure that the specified expiry is restricted to sane
// number of seconds. As a result, we'll reject an invoice with
// an expiry greater than 1 year.
maxExpiry := time.Hour * 24 * 365
expSeconds := invoice.Expiry
if float64(expSeconds) > maxExpiry.Seconds() {
return nil, fmt.Errorf("expiry of %v seconds "+
"greater than max expiry of %v seconds",
float64(expSeconds), maxExpiry.Seconds())
}
expiry := time.Duration(invoice.Expiry) * time.Second
options = append(options, zpay32.Expiry(expiry))
} }
// If the description hash is set, then we add it do the list of options. // If the description hash is set, then we add it do the list of options.