Skip to content

common/bolt11: validate public keys in routing hints #8282

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 16, 2025
Merged

common/bolt11: validate public keys in routing hints #8282

merged 1 commit into from
May 16, 2025

Conversation

@erickcestari
Copy link
Contributor

@erickcestari erickcestari commented May 13, 2025

This PR adds validation of public keys in BOLT11 routing hints to prevent processing of malformed public keys. Without this validation, invalid public keys could be accepted.

Checklist

Before submitting the PR, ensure the following tasks are completed. If an item is not applicable to your PR, please mark it as checked:

  • The changelog has been updated in the relevant commit(s) according to the guidelines.
  • Tests have been added or modified to reflect the changes.
  • Documentation has been reviewed and updated as needed.
  • Related issues have been listed and linked, including any that this PR closes.

@erickcestari erickcestari force-pushed the check-pubkey-private-route branch from 1315871 to 4acaf43 Compare May 13, 2025 17:55
@erickcestari erickcestari changed the title bolt11: validate public keys in routing hints common/bolt11: validate public keys in routing hints May 13, 2025
@erickcestari
common/bolt11: validate public keys in routing hints
e93fe72 
Changelog-Fixed: Validated public keys in BOLT11 routing hints to
prevent processing of malformed public keys.
@erickcestari erickcestari force-pushed the check-pubkey-private-route branch from 4acaf43 to e93fe72 Compare May 13, 2025 20:11
rustyrussell
rustyrussell approved these changes May 16, 2025
View reviewed changes
Copy link
Contributor

@rustyrussell rustyrussell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ack e93fe72

@rustyrussell rustyrussell added this to the v25.05 milestone May 16, 2025
@rustyrussell rustyrussell merged commit 9b662a8 into ElementsProject:master May 16, 2025
38 of 40 checks passed
@rustyrussell
Copy link
Contributor

rustyrussell commented May 16, 2025

Thanks! This is great spotting. Would not have happened if we'd use a struct pubkey instead of struct node_id for that type, which I think we should seriously consider, though that's a larger change.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rustyrussell rustyrussell rustyrussell approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

v25.05

Development

Successfully merging this pull request may close these issues.

2 participants

@erickcestari @rustyrussell