From e87d61b7f792a2784259d8bfaf97992de25558e5 Mon Sep 17 00:00:00 2001 From: Wilmer Paulino Date: Wed, 17 Oct 2018 16:13:37 -0700 Subject: [PATCH] rpc: ensure we don't leak unadvertised nodes within invoice routing hints In this commit, we ensure that we don't include routing hints for unadvertised nodes at the time of invoice creation. Otherwise, this would lead us to leak these unadvertised nodes to anyone who can get their hands on the invoice being created. To prevent this, we'll now look at the network graph and ensure that the node in unadvertised if all of their edges are unadvertised and only extend to us. --- rpcserver.go | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/rpcserver.go b/rpcserver.go index 5afcc6cc..a9052af1 100644 --- a/rpcserver.go +++ b/rpcserver.go @@ -2759,12 +2759,34 @@ func (r *rpcServer) AddInvoice(ctx context.Context, } if !link.EligibleToForward() { - rpcsLog.Debugf("Skipping link %v due to not "+ + rpcsLog.Debugf("Skipping channel %v due to not "+ "being eligible to forward payments", chanPoint) continue } + // To ensure we don't leak unadvertised nodes, we'll + // make sure our counterparty is publicly advertised + // within the network. Otherwise, we'll end up leaking + // information about nodes that intend to stay + // unadvertised, like in the case of a node only having + // private channels. + var remotePub [33]byte + copy(remotePub[:], channel.IdentityPub.SerializeCompressed()) + isRemoteNodePublic, err := graph.IsPublicNode(remotePub) + if err != nil { + rpcsLog.Errorf("Unable to determine if node %x "+ + "is advertised: %v", remotePub, err) + continue + } + + if !isRemoteNodePublic { + rpcsLog.Debugf("Skipping channel %v due to "+ + "counterparty %x being unadvertised", + chanPoint, remotePub) + continue + } + // Fetch the policies for each end of the channel. chanID := channel.ShortChanID().ToUint64() info, p1, p2, err := graph.FetchChannelEdgesByID(chanID) @@ -2778,8 +2800,7 @@ func (r *rpcServer) AddInvoice(ctx context.Context, // Now, we'll need to determine which is the correct // policy for HTLCs being sent from the remote node. var remotePolicy *channeldb.ChannelEdgePolicy - remotePub := channel.IdentityPub.SerializeCompressed() - if bytes.Equal(remotePub, info.NodeKey1Bytes[:]) { + if bytes.Equal(remotePub[:], info.NodeKey1Bytes[:]) { remotePolicy = p1 } else { remotePolicy = p2