akovalenko/lnd.xprv
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

rpc: ensure we don't leak unadvertised nodes within invoice routing hints

Browse Source 
In this commit, we ensure that we don't include routing hints for
unadvertised nodes at the time of invoice creation. Otherwise, this
would lead us to leak these unadvertised nodes to anyone who can get
their hands on the invoice being created. To prevent this, we'll now
look at the network graph and ensure that the node in unadvertised if
all of their edges are unadvertised and only extend to us.
This commit is contained in:
Wilmer Paulino 2018-10-17 16:13:37 -07:00
parent cbab298154
commit e87d61b7f7
No known key found for this signature in database
GPG Key ID: 6DF57B9F9514972F
1 changed files with 24 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
rpcserver.go
View File

@ -2759,12 +2759,34 @@ func (r *rpcServer) AddInvoice(ctx context.Context,
}
if !link.EligibleToForward() {
rpcsLog.Debugf("Skipping link %v due to not "+
rpcsLog.Debugf("Skipping channel %v due to not "+
"being eligible to forward payments",
chanPoint)
continue
}
// To ensure we don't leak unadvertised nodes, we'll
// make sure our counterparty is publicly advertised
// within the network. Otherwise, we'll end up leaking
// information about nodes that intend to stay
// unadvertised, like in the case of a node only having
// private channels.
var remotePub [33]byte
copy(remotePub[:], channel.IdentityPub.SerializeCompressed())
isRemoteNodePublic, err := graph.IsPublicNode(remotePub)
if err != nil {
rpcsLog.Errorf("Unable to determine if node %x "+
"is advertised: %v", remotePub, err)
continue
}
if !isRemoteNodePublic {
rpcsLog.Debugf("Skipping channel %v due to "+
"counterparty %x being unadvertised",
chanPoint, remotePub)
continue
}
// Fetch the policies for each end of the channel.
chanID := channel.ShortChanID().ToUint64()
info, p1, p2, err := graph.FetchChannelEdgesByID(chanID)
@ -2778,8 +2800,7 @@ func (r *rpcServer) AddInvoice(ctx context.Context,
// Now, we'll need to determine which is the correct
// policy for HTLCs being sent from the remote node.
var remotePolicy *channeldb.ChannelEdgePolicy
remotePub := channel.IdentityPub.SerializeCompressed()
if bytes.Equal(remotePub, info.NodeKey1Bytes[:]) {
if bytes.Equal(remotePub[:], info.NodeKey1Bytes[:]) {
remotePolicy = p1
} else {
remotePolicy = p2