Add DecodeError::DangerousValue for decoding invalid channel managers

benthecarman · benthecarman · commit db33ab492946 · 2024-03-27T13:54:55.000-05:00
This would help distinguish different types of errors when deserialzing
a channel manager. InvalidValue was used previously but this could be
because it is an old serialization format, whereas DangerousValue is a
lot more clear on why the deserialization failed.
diff --git a/lightning/src/ln/channelmanager.rs b/lightning/src/ln/channelmanager.rs
@@ -10927,13 +10927,13 @@ where
 						log_error!(logger, " client applications must ensure that ChannelMonitor data is always available and the latest to avoid funds loss!");
 						log_error!(logger, " Without the latest ChannelMonitor we cannot continue without risking funds.");
 						log_error!(logger, " Please ensure the chain::Watch API requirements are met and file a bug report at https://github.com/lightningdevkit/rust-lightning");
-						return Err(DecodeError::InvalidValue);
+						return Err(DecodeError::DangerousValue);
 					}
 				} else {
 					// We shouldn't have persisted (or read) any unfunded channel types so none should have been
 					// created in this `channel_by_id` map.
 					debug_assert!(false);
-					return Err(DecodeError::InvalidValue);
+					return Err(DecodeError::DangerousValue);
 				}
 			}
 		}
diff --git a/lightning/src/ln/msgs.rs b/lightning/src/ln/msgs.rs
@@ -91,6 +91,11 @@ pub enum DecodeError {
 	Io(io::ErrorKind),
 	/// The message included zlib-compressed values, which we don't support.
 	UnsupportedCompression,
+	/// Value is validly encoded but is dangerous to use.
+	/// This is used for things like [`crate::ln::channelmanager::ChannelManager`] deserialization
+	/// where we want to ensure that we don't use a [`crate::ln::channelmanager::ChannelManager`]
+	/// which is in the past.
+	DangerousValue,
 }
 
 /// An [`init`] message to be sent to or received from a peer.
@@ -1796,6 +1801,7 @@ impl fmt::Display for DecodeError {
 			DecodeError::BadLengthDescriptor => f.write_str("A length descriptor in the packet didn't describe the later data correctly"),
 			DecodeError::Io(ref e) => fmt::Debug::fmt(e, f),
 			DecodeError::UnsupportedCompression => f.write_str("We don't support receiving messages with zlib-compressed fields"),
+			DecodeError::DangerousValue => f.write_str("Value would be dangerous to continue execution with"),
 		}
 	}
 }
diff --git a/lightning/src/ln/peer_handler.rs b/lightning/src/ln/peer_handler.rs
@@ -1551,6 +1551,7 @@ impl<Descriptor: SocketDescriptor, CM: Deref, RM: Deref, OM: Deref, L: Deref, CM
 												}
 												(msgs::DecodeError::BadLengthDescriptor, _) => return Err(PeerHandleError { }),
 												(msgs::DecodeError::Io(_), _) => return Err(PeerHandleError { }),
+												(msgs::DecodeError::DangerousValue, _) => return Err(PeerHandleError { }),
 											}
 										}
 									};

Original file line number	Diff line number	Diff line change
`@@ -10927,13 +10927,13 @@ where`
`10927`	`10927`	`log_error!(logger, " client applications must ensure that ChannelMonitor data is always available and the latest to avoid funds loss!");`
`10928`	`10928`	`log_error!(logger, " Without the latest ChannelMonitor we cannot continue without risking funds.");`
`10929`	`10929`	`log_error!(logger, " Please ensure the chain::Watch API requirements are met and file a bug report at https://github.com/lightningdevkit/rust-lightning");`
`10930`		`- return Err(DecodeError::InvalidValue);`
	`10930`	`+ return Err(DecodeError::DangerousValue);`
`10931`	`10931`	`}`
`10932`	`10932`	`} else {`
`10933`	`10933`	`// We shouldn't have persisted (or read) any unfunded channel types so none should have been`
`10934`	`10934`	// created in this `channel_by_id` map.
`10935`	`10935`	`debug_assert!(false);`
`10936`		`- return Err(DecodeError::InvalidValue);`
	`10936`	`+ return Err(DecodeError::DangerousValue);`
`10937`	`10937`	`}`
`10938`	`10938`	`}`
`10939`	`10939`	`}`
Original file line number	Diff line number	Diff line change
`@@ -91,6 +91,11 @@ pub enum DecodeError {`
`91`	`91`	`Io(io::ErrorKind),`
`92`	`92`	`/// The message included zlib-compressed values, which we don't support.`
`93`	`93`	`UnsupportedCompression,`
	`94`	`+ /// Value is validly encoded but is dangerous to use.`
	`95`	+ /// This is used for things like [`crate::ln::channelmanager::ChannelManager`] deserialization
	`96`	+ /// where we want to ensure that we don't use a [`crate::ln::channelmanager::ChannelManager`]
	`97`	`+ /// which is in the past.`
	`98`	`+ DangerousValue,`
`94`	`99`	`}`
`95`	`100`
`96`	`101`	/// An [`init`] message to be sent to or received from a peer.
`@@ -1796,6 +1801,7 @@ impl fmt::Display for DecodeError {`
`1796`	`1801`	`DecodeError::BadLengthDescriptor => f.write_str("A length descriptor in the packet didn't describe the later data correctly"),`
`1797`	`1802`	`DecodeError::Io(ref e) => fmt::Debug::fmt(e, f),`
`1798`	`1803`	`DecodeError::UnsupportedCompression => f.write_str("We don't support receiving messages with zlib-compressed fields"),`
	`1804`	`+ DecodeError::DangerousValue => f.write_str("Value would be dangerous to continue execution with"),`
`1799`	`1805`	`}`
`1800`	`1806`	`}`
`1801`	`1807`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1551,6 +1551,7 @@ impl<Descriptor: SocketDescriptor, CM: Deref, RM: Deref, OM: Deref, L: Deref, CM`
`1551`	`1551`	`}`
`1552`	`1552`	`(msgs::DecodeError::BadLengthDescriptor, _) => return Err(PeerHandleError { }),`
`1553`	`1553`	`(msgs::DecodeError::Io(_), _) => return Err(PeerHandleError { }),`
	`1554`	`+ (msgs::DecodeError::DangerousValue, _) => return Err(PeerHandleError { }),`
`1554`	`1555`	`}`
`1555`	`1556`	`}`
`1556`	`1557`	`};`