wire: remove erroneous witness size check in wire parsing #1896
+17
−15
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Pull Request Test Coverage Report for Build 3216248240
💛 - Coveralls |
otech47
reviewed
Oct 10, 2022
otech47
approved these changes
Oct 10, 2022
|
tACK |
In this commit, we fix a bug that would cause nodes to be unable to parse a given block from the wire. The block would be properly accepted if fed in via other mechanisms. The issue here is that the old checks for the maximum witness size, circa segwit v0 where placed in the wire package _as well_ as the tx engine. This check should only be in the engine, since it's properly gated by other related scrip validation flags. The fix itself is simple: limit witnesses only based on the maximum block size in bytes, or ~4MB.
Roasbeef
force-pushed
the
witness-wire-hot-fix
branch
from
7fdaf69
to
f523d4c
Compare
This was referenced Oct 10, 2022
ziggie1984
reviewed
Oct 10, 2022
| @@ -586,8 +587,9 @@ func (msg *MsgTx) BtcDecode(r io.Reader, pver uint32, enc MessageEncoding) error | |||
| // item itself. | |||
| txin.Witness = make([][]byte, witCount) | |||
| for j := uint64(0); j < witCount; j++ { | |||
| txin.Witness[j], err = readScript(r, pver, | |||
| maxWitnessItemSize, "script witness item") | |||
| txin.Witness[j], err = readScript( | |||
There was a problem hiding this comment.
I am wondering why we do not enforce the different size limits for the different segwit version here ? For v_0 we stay with 11kb and for v_1 4MB ?
There was a problem hiding this comment.
So that check is deeper in the consensus validation logic, this is a wire level DDoS defense limit/value.
nepet
added a commit
to nepet/peerswap
that referenced
this pull request
Oct 10, 2022
We need a fast update to the newest lnd version as there was a security issue detected. lightningnetwork/lnd#7002 As the bug was part of the btcd dependencies the fix applied in btcsuite/btcd#1896 brings a long tail of dependency updates. This commit updates the dependencies and adapts for all changes that are introduced by this new dependencies.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In this commit, we fix a bug that would cause nodes to be unable to parse a given block from the wire. The block would be properly accepted if fed in via other mechanisms.
The issue here is that the old checks for the maximum witness size, circa segwit v0 where placed in the wire package as well as the tx engine. This check should only be in the engine, since it's properly gated by other related scrip validation flags.
The fix itself is simple: limit witnesses only based on the maximum block size in bytes, or ~4MB.