Commit Graph

24 Commits

Author SHA1 Message Date
Conner Fromknecht
4c872c438b
channeldb: complete migration 12 for TLV invoices 2019-11-22 02:24:28 -08:00
nsa
0f6e11c35f
zpay32: check invoice length while decoding
This commit checks that the size of the bech32 encoded invoice is not
greater than 7092 bytes, which is the maximum number of bytes that can
fit into a QR code. This mitigates a potential DoS vector where an attacker
could craft a very large bech32 invoice string containing an absurd amount
of route and/or hop hints. If sent to an application that processes
payment requests, this would allocate a burdensome amount of memory
due to the public key parsing for each route/hop hint.

For a 1.7MB payment request, this yielded about 38MB in allocations
from just parsing public keys:

```
   45.51MB  7.31% 92.07%    45.51MB  7.31%  math/big.nat.make
   25.50MB  4.09% 96.16%    25.50MB  4.09%  github.com/lightningnetwork/lnd/zpay32.bech32VerifyChecksum
       1MB  0.16% 96.32%    39.50MB  6.34%  github.com/lightningnetwork/lnd/zpay32.parseRouteHint
       1MB  0.16% 96.48%    33.50MB  5.38%  github.com/btcsuite/btcd/btcec.decompressPoint
    0.50MB  0.08% 96.56%     7.50MB  1.20%  crypto/elliptic.(*CurveParams).doubleJacobian
    0.50MB  0.08% 96.64%       38MB  6.10%  github.com/btcsuite/btcd/btcec.ParsePubKey
         0     0% 96.64%       12MB  1.93%  crypto/ecdsa.Verify
         0     0% 96.64%        8MB  1.28%  crypto/elliptic.(*CurveParams).ScalarBaseMult
         0     0% 96.64%       12MB  1.93%  crypto/elliptic.(*CurveParams).ScalarMult
```

With this change, memory usage will be far lower as decoding will exit
early with an error if the invoice is too large.
2019-09-24 06:21:27 -04:00
Joost Jager
1e0ed1e52f
multi: fix dropped errors 2019-09-13 09:50:38 +02:00
Conner Fromknecht
1311baf51f
zpay32: add BOLT 11 feature bits and test vectors 2019-08-27 15:51:24 -07:00
Joost Jager
2be1051fb6
zpay32: move HopHint and DefaultFinalCLTVDelta 2019-03-15 10:08:32 +01:00
Conner Fromknecht
1ded697e8d
multi: sort import paths with gofmt 2018-08-02 18:20:49 -07:00
Olaoluwa Osuntokun
6f60f139f4 multi: switch over import paths from roasbeef/* to btcsuite/* 2018-07-13 17:05:39 -07:00
Wilmer Paulino
ea9e609ef0
zpay32: modify an invoice's r field to allow multiple routes
Before this commit, if an invoice encoded multiple `r` fields, we would
decode them as one single route. We fix this by allowing an invoice to
store multiple routes.
2018-04-20 04:01:34 -04:00
Sean Erle Johnson
c6499f095a zpay32: improve "wrong network" error message 2018-04-18 12:37:28 -07:00
Olaoluwa Osuntokun
10847170ee
zpay32: adjust uint64 encoding to account for math.MaxUnit64
In this commit, we fix a logic error in our routine for converting a
uint64 to/from base32. Before this commit, we assumed that the max
number of groups was 12. However, the math.MaxUint64 (1<<64 - 1) can
actually consume more than 12 groups with an extra set of bits. Before
this commit, we would panic when attempting to parse an invoice
generated like so:
  * addinvoice --amt 1337000 --expiry 99999999999999999

To fix this issue, we modify our logic to expect at most 13 groups.
Additionally, we've added a new test that would panic before applying
this commit.

Fixes #972.
2018-03-29 16:24:20 -07:00
Daniel McNally
fdbdcf1560 zpay32: handle segwit prefixes > 2 chars
This change fixes a bug when an invoice is decoded for a network
whose bech32 segwit prefix is longer than 2 characters. The length
of the Bech32HRPSegwit network parameter is used to determine
where in the human-readable portion of the invoice the amount
begins, rather than assuming it begins after the first four
characters.

Decode() now throws an error when the encoded invoice does
not match the active network.

Changes the minimum hrp length check to >= 3 instead of >= 4.

Also removes a redundant "if ...; err != nil check" that was raising
a warning in invoice.go.
2018-02-19 10:18:16 -05:00
Olaoluwa Osuntokun
9f0214428a
zpay32: update parsing to use new lnwire.Sig API 2018-02-06 20:14:33 -08:00
Wilmer Paulino
cfb19b8d51
invoice: avoid negative msat amounts 2018-01-23 14:38:20 -05:00
Wilmer Paulino
07ac278771
invoice: properly parse the field data length
When accessing a value from a byte slice, the value is returned as a
byte, which is just a uint8. When the first byte takes more than 3 bits
of space, shifting 5 bits left results in data loss.
2018-01-19 10:52:24 -05:00
Wilmer Paulino
fa2cc57ca6
invoice: sanity check routing info field
This commit allows parseRoutingInfo to return an error when parsing a
routing info field whose length is not a multiple of 51 bytes, rather
than crash.
2018-01-19 10:52:23 -05:00
Wilmer Paulino
db7154a401
invoice: sanity check empty fallback addr field
This commit allows parseFallbackAddr to return an error when parsing an
empty fallback address field, rather than crash.
2018-01-19 10:52:22 -05:00
Wilmer Paulino
00d530bd91
invoice: remove duplicate code when parsing the timestamp 2018-01-19 10:52:21 -05:00
Wilmer Paulino
6f5d673679
invoice: refactor parsing tagged fields
This commit refactors parsing each of the tagged fields of an invoice
into their own method. This makes the code easier to read and will allow
us to introduce unit tests for each parsing method.
2018-01-19 10:52:21 -05:00
Wilmer Paulino
445e11db5c bolt11: handle r field fee spec change
Updates the way fees are handled for routing payments.
See lightningnetwork/lightning-rfc#317.
2018-01-04 13:23:56 +01:00
Matt Drollette
adf0d98194 multi: fix several typos in godoc comments 2017-12-17 18:40:05 -08:00
Olaoluwa Osuntokun
a29210f089
rpc: properly interpret and parse cltvDelta from payreqs (if exists) 2017-10-22 18:37:00 -07:00
Olaoluwa Osuntokun
c54e6fc803
zpay32: add new 'c' field to payreqs for specifying final cltv delta 2017-10-22 18:36:53 -07:00
Johan T. Halseth
070eb0ec3e
zpay32: make expiry time only accessable using Expiry()
This commit renames the invoice field Expiry to expiry, and changes
the type from time.Time to time.Duration. Getting the value of the
field will now have to be done using the getter Expiry(), which
will also return the default invoice expiry (3600s) if it is not set
explicitly by the the invoice.
2017-09-27 13:17:18 +02:00
Johan T. Halseth
b645f02418
zpay32: move the BOLT-11 compatible invoice format to zpay32 namespace 2017-09-27 12:26:06 +02:00