lightningd: don't send uninialized malformed fields to channeld.

==1224== Uninitialised byte(s) found during client check request ==1224== at 0x152CAD: memcheck_ (mem.h:247) ==1224== by 0x152D18: towire (towire.c:17) ==1224== by 0x152DA1: towire_u16 (towire.c:28) ==1224== by 0x142189: towire_failed_htlc (htlc_wire.c:29) ==1224== by 0x16343F: towire_channel_init (gen_channel_wire.c:596) ==1224== by 0x115C2C: peer_start_channeld (channel_control.c:249) ==1224== by 0x131701: peer_connected (peer_control.c:503) ==1224== by 0x117820: gossip_msg (gossip_control.c:182) ==1224== by 0x139D97: sd_msg_read (subd.c:500) ==1224== by 0x139676: read_fds (subd.c:327) ==1224== by 0x179D52: next_plan (io.c:59) ==1224== by 0x17A84F: do_plan (io.c:387) ==1224== Address 0x1ffefffabe is on thread 1's stack ==1224== in frame #2, created by towire_u16 (towire.c:26) Followed by: 2018-06-18T21:53:04.129Z lightningd(1224): 03933884aaf1d6b108397e5efe5c86bcf2d8ca8d2f700eda99db9214fc2712b134 chan #1: Peer permanent failure in CHANNELD_NORMAL: lightning_channeld: received ERROR channel d0101486543e1a8b6871556a4fe1fba4ad4d83ce7f6f92919fd17bd1545d2fd5: UpdateFailMalformedHtlc message doesn't have BADONION bit set Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
rustyrussell · Jun 26, 2018 · 48aa31a · 48aa31a
1 parent e59489f
commit 48aa31a
Showing 1 changed file with 13 additions and 8 deletions.
diff --git a/lightningd/peer_htlcs.c b/lightningd/peer_htlcs.c
@@ -1384,6 +1384,7 @@ static void add_fulfill(u64 id, enum side side,
 }
 
 static void add_fail(u64 id, enum side side,
+		     enum onion_type malformed,
 		     const u8 *failuremsg,
 		     const struct failed_htlc ***failed_htlcs,
 		     enum side **failed_sides)
@@ -1396,8 +1397,12 @@ static void add_fail(u64 id, enum side side,
 
 	*f = tal(*failed_htlcs, struct failed_htlc);
 	(*f)->id = id;
-	(*f)->failreason
-		= tal_dup_arr(*f, u8, failuremsg, tal_len(failuremsg), 0);
+	(*f)->malformed = malformed;
+	if (failuremsg)
+		(*f)->failreason
+			= tal_dup_arr(*f, u8, failuremsg, tal_len(failuremsg), 0);
+	else
+		(*f)->failreason = NULL;
 	*s = side;
 }
 
@@ -1435,9 +1440,9 @@ void peer_htlcs(const tal_t *ctx,
 			 hin->cltv_expiry, hin->onion_routing_packet,
 			 hin->hstate);
 
-		if (hin->failuremsg)
-			add_fail(hin->key.id, REMOTE, hin->failuremsg,
-				 failed_htlcs, failed_sides);
+		if (hin->failuremsg || hin->failcode)
+			add_fail(hin->key.id, REMOTE, hin->failcode,
+				 hin->failuremsg, failed_htlcs, failed_sides);
 		if (hin->preimage)
 			add_fulfill(hin->key.id, REMOTE, hin->preimage,
 				    fulfilled_htlcs, fulfilled_sides);
@@ -1454,9 +1459,9 @@ void peer_htlcs(const tal_t *ctx,
 			 hout->cltv_expiry, hout->onion_routing_packet,
 			 hout->hstate);
 
-		if (hout->failuremsg)
-			add_fail(hout->key.id, LOCAL, hout->failuremsg,
-				 failed_htlcs, failed_sides);
+		if (hout->failuremsg || hout->failcode)
+			add_fail(hout->key.id, LOCAL, hout->failcode,
+				 hout->failuremsg, failed_htlcs, failed_sides);
 		if (hout->preimage)
 			add_fulfill(hout->key.id, LOCAL, hout->preimage,
 				    fulfilled_htlcs, fulfilled_sides);