Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

wire: remove erroneous witness size check in wire parsing #1896

Merged
merged 1 commit into from
Oct 10, 2022

Conversation

Roasbeef
Copy link
Member

In this commit, we fix a bug that would cause nodes to be unable to parse a given block from the wire. The block would be properly accepted if fed in via other mechanisms.

The issue here is that the old checks for the maximum witness size, circa segwit v0 where placed in the wire package as well as the tx engine. This check should only be in the engine, since it's properly gated by other related scrip validation flags.

The fix itself is simple: limit witnesses only based on the maximum block size in bytes, or ~4MB.

@coveralls
Copy link

coveralls commented Oct 10, 2022

Pull Request Test Coverage Report for Build 3216248240

  • 3 of 3 (100.0%) changed or added relevant lines in 1 file are covered.
  • 4 unchanged lines in 2 files lost coverage.
  • Overall coverage decreased (-17.5%) to 54.763%

Files with Coverage Reduction New Missed Lines %
connmgr/connmanager.go 2 86.79%
txscript/taproot.go 2 95.93%
Totals Coverage Status
Change from base Build 3045304354: -17.5%
Covered Lines: 26001
Relevant Lines: 47479

💛 - Coveralls

wire/msgtx.go Show resolved Hide resolved
@kaloudis
Copy link

tACK

In this commit, we fix a bug that would cause nodes to be unable to
parse a given block from the wire. The block would be properly accepted
if fed in via other mechanisms.

The issue here is that the old checks for the maximum witness size,
circa segwit v0 where placed in the wire package _as well_ as the tx
engine. This check should only be in the engine, since it's properly
gated by other related scrip validation flags.

The fix itself is simple: limit witnesses only based on the maximum
block size in bytes, or ~4MB.
@@ -586,8 +587,9 @@ func (msg *MsgTx) BtcDecode(r io.Reader, pver uint32, enc MessageEncoding) error
// item itself.
txin.Witness = make([][]byte, witCount)
for j := uint64(0); j < witCount; j++ {
txin.Witness[j], err = readScript(r, pver,
maxWitnessItemSize, "script witness item")
txin.Witness[j], err = readScript(
Copy link
Contributor

@ziggie1984 ziggie1984 Oct 10, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am wondering why we do not enforce the different size limits for the different segwit version here ? For v_0 we stay with 11kb and for v_1 4MB ?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So that check is deeper in the consensus validation logic, this is a wire level DDoS defense limit/value.

nepet added a commit to nepet/peerswap that referenced this pull request Oct 10, 2022
We need a fast update to the newest lnd version as there was a
security issue detected.
lightningnetwork/lnd#7002

As the bug was part of the btcd dependencies the fix applied in
btcsuite/btcd#1896 brings a long tail
of dependency updates.

This commit updates the dependencies and adapts for all changes
that are introduced by this new dependencies.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants