From 9a063355e2f1689895eabb3ea3a68dae48f48112 Mon Sep 17 00:00:00 2001
From: Oliver Gugger <gugger@gmail.com>
Date: Thu, 1 Oct 2020 16:21:47 +0200
Subject: [PATCH] walletrpc: disallow locking with internal ID

The internal lock ID that the wallet kit subserver uses to lock inputs
for itself shouldn't be allowed to be used when locking inputs manually
over the RPC.
---
 lnrpc/walletrpc/walletkit_server.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lnrpc/walletrpc/walletkit_server.go b/lnrpc/walletrpc/walletkit_server.go
index f30c3d71..c39aa793 100644
--- a/lnrpc/walletrpc/walletkit_server.go
+++ b/lnrpc/walletrpc/walletkit_server.go
@@ -329,6 +329,12 @@ func (w *WalletKit) LeaseOutput(ctx context.Context,
 		return nil, errors.New("id must be 32 random bytes")
 	}
 
+	// Don't allow our internal ID to be used externally for locking. Only
+	// unlocking is allowed.
+	if lockID == LndInternalLockID {
+		return nil, errors.New("reserved id cannot be used")
+	}
+
 	op, err := unmarshallOutPoint(req.Outpoint)
 	if err != nil {
 		return nil, err