Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't crash if the PSBT is junk #5506

Merged
merged 3 commits into from
Aug 13, 2022
Merged

Don't crash if the PSBT is junk #5506

merged 3 commits into from
Aug 13, 2022

Conversation

niftynei
Copy link
Collaborator

@niftynei niftynei commented Aug 8, 2022

If you pass in a PSBT that's invalid (no inputs/outputs for example), lightningd blows up in the HSM.

Instead, let's catch bad PSBTs before we get that far.

Also uncovered a kinda fun "double entrance" into tal_wally code.

Waiting for confirmation from @fiatjaf

@niftynei niftynei added this to the v0.12 milestone Aug 8, 2022
rustyrussell
rustyrussell approved these changes Aug 9, 2022
View reviewed changes
Copy link
Contributor

@rustyrussell rustyrussell left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, this fails on an already-signed PSBT? Seems wrong...

rustyrussell
rustyrussell requested changes Aug 9, 2022
View reviewed changes
Copy link
Contributor

@rustyrussell rustyrussell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CI gets upset, since it seems an already-signed PSBT fails this check?

@fiatjaf fiatjaf mentioned this pull request Aug 9, 2022
Closed
@niftynei
psbt: dont crash when printing psbt to log
1d9a212 
We call `tal_wally_start` and then `tal_wally_start` again in
`type_to_string` for psbt.

end the last tal before calling type to string.

Fixes: ElementsProject#5499
Reported-By: @fiatjaf

lightning_hsmd: FATAL SIGNAL 6 (version v0.11.0.1-231-gddf8fbd-modded)
0x5574ca0d87ef send_backtrace
	common/daemon.c:33
0x5574ca0d8877 crashdump
	common/daemon.c:46
0x7f76ef63e8df ???
	???:0
0x7f76ef68e36c ???
	???:0
0x7f76ef63e837 ???
	???:0
0x7f76ef628534 ???
	???:0
0x5574ca0df55e tal_wally_start
	common/utils.c:27
0x5574ca0e4024 psbt_to_b64
	bitcoin/psbt.c:687
0x5574ca0e4093 fmt_wally_psbt_
	bitcoin/psbt.c:694
0x5574ca0df4b9 type_to_string_
	common/type_to_string.c:32
0x5574ca0d5139 sign_our_inputs
	hsmd/libhsmd.c:486
0x5574ca0d5206 handle_sign_withdrawal_tx
	hsmd/libhsmd.c:1029
0x5574ca0d63c4 hsmd_handle_client_message
	hsmd/libhsmd.c:1575
0x5574ca0ce763 handle_client
	hsmd/hsmd.c:671
0x5574ca100032 next_plan
	ccan/ccan/io/io.c:59
0x5574ca1004b9 do_plan
	ccan/ccan/io/io.c:407
0x5574ca100552 io_ready
	ccan/ccan/io/io.c:417
0x5574ca101daf io_loop
	ccan/ccan/io/poll.c:453
0x5574ca0ceb7b main
	hsmd/hsmd.c:739
0x7f76ef62928f ???
	???:0
0x7f76ef629349 ???
	???:0
0x5574ca0cda04 ???
	../sysdeps/x86_64/start.S:115
@niftynei
signpsbt: add utxo info to inputs
b7c3b29 
If you build a PSBT externally from CLN and attempt to sign for the
output, we would crash. Now we don't crash.

Changelog-Changed: JSON-RPC: `signpsbt` will now add redeemscript + witness-utxo to the PSBT for an input that we can sign for, before signing it.

Fixes ElementsProject#5499 ?
@niftynei
signpsbt: don't crash if HSM doesn't like your psbt, just return err
382a994 
Changelog-Changed: JSON-RPC: `signpsbt` no longer crashes if it doesn't like what your PSBT is
@rustyrussell
Copy link
Contributor

Ack b7c3b29

@niftynei niftynei merged commit 4e7f89f into ElementsProject:master Aug 13, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rustyrussell rustyrussell rustyrussell approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v0.12
Development

Successfully merging this pull request may close these issues.
2 participants
@niftynei @rustyrussell