From 6a3e1423d269c075ac6c21fda430c0cdfad4772e Mon Sep 17 00:00:00 2001
From: "Johan T. Halseth" <johanth@gmail.com>
Date: Thu, 17 Jan 2019 14:11:56 +0100
Subject: [PATCH] channeldb/addr: sanity check onion address length before
 writing to db

---
 channeldb/addr.go | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/channeldb/addr.go b/channeldb/addr.go
index 18e8bba1..dd057265 100644
--- a/channeldb/addr.go
+++ b/channeldb/addr.go
@@ -69,7 +69,8 @@ func encodeTCPAddr(w io.Writer, addr *net.TCPAddr) error {
 // representation.
 func encodeOnionAddr(w io.Writer, addr *tor.OnionAddr) error {
 	var suffixIndex int
-	switch len(addr.OnionService) {
+	hostLen := len(addr.OnionService)
+	switch hostLen {
 	case tor.V2Len:
 		if _, err := w.Write([]byte{byte(v2OnionAddr)}); err != nil {
 			return err
@@ -84,12 +85,29 @@ func encodeOnionAddr(w io.Writer, addr *tor.OnionAddr) error {
 		return errors.New("unknown onion service length")
 	}
 
+	suffix := addr.OnionService[suffixIndex:]
+	if suffix != tor.OnionSuffix {
+		return fmt.Errorf("invalid suffix \"%v\"", suffix)
+	}
+
 	host, err := tor.Base32Encoding.DecodeString(
 		addr.OnionService[:suffixIndex],
 	)
 	if err != nil {
 		return err
 	}
+
+	// Sanity check the decoded length.
+	switch {
+	case hostLen == tor.V2Len && len(host) != tor.V2DecodedLen:
+		return fmt.Errorf("onion service %v decoded to invalid host %x",
+			addr.OnionService, host)
+
+	case hostLen == tor.V3Len && len(host) != tor.V3DecodedLen:
+		return fmt.Errorf("onion service %v decoded to invalid host %x",
+			addr.OnionService, host)
+	}
+
 	if _, err := w.Write(host); err != nil {
 		return err
 	}