From d97575d6d2d57d2cdbd9b72cc62d91de957fbe4d Mon Sep 17 00:00:00 2001
From: nsa <elziegel@gmail.com>
Date: Fri, 1 Sep 2017 08:26:57 -0400
Subject: [PATCH] lnwire: ensure that addrs in ClosedSigned are below 35 bytes

This is a very simple bug that go-fuzz found. If length of an address
within CloseSigned is greater than 34, a runtime error: slice bounds out
of range happens. An error should be returned instead.
---
 lnwire/lnwire.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lnwire/lnwire.go b/lnwire/lnwire.go
index 529e8782..1a9ea7f3 100644
--- a/lnwire/lnwire.go
+++ b/lnwire/lnwire.go
@@ -587,6 +587,9 @@ func readElement(r io.Reader, element interface{}) error {
 		length := binary.BigEndian.Uint16(addrLen[:])
 
 		var addrBytes [34]byte
+		if length > 34 {
+			return fmt.Errorf("Cannot read %d bytes into addrBytes", length)
+		}
 		if _, err = io.ReadFull(r, addrBytes[:length]); err != nil {
 			return err
 		}