Sanitize outgoing HTLC cltv_value

Antoine Riard · Antoine Riard · commit ead89eb9332a · 2020-04-09T22:27:09.000-04:00
diff --git a/lightning/src/ln/channel.rs b/lightning/src/ln/channel.rs
@@ -3538,8 +3538,6 @@ impl<ChanSigner: ChannelKeys> Channel<ChanSigner> {
 			return Err(ChannelError::Ignore("Cannot send value that would put us over their reserve value"));
 		}
 
-		//TODO: Check cltv_expiry? Do this in channel manager?
-
 		// Now update local state:
 		if (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32)) == (ChannelState::AwaitingRemoteRevoke as u32) {
 			self.holding_cell_htlc_updates.push(HTLCUpdateAwaitingACK::AddHTLC {
diff --git a/lightning/src/ln/channelmanager.rs b/lightning/src/ln/channelmanager.rs
@@ -1110,6 +1110,13 @@ impl<ChanSigner: ChannelKeys, M: Deref, T: Deref, K: Deref, F: Deref> ChannelMan
 					if msg.cltv_expiry > cur_height + CLTV_FAR_FAR_AWAY as u32 { // expiry_too_far
 						break Some(("CLTV expiry is too far in the future", 21, None));
 					}
+					// We should be safe against unintentional channel-closure by our onchain logic due to this later
+					// offering a LATENCY_GRACE_PERIOD_BLOCKS. But to make our policy coherent with reception, apply
+					// same delay.
+					if (*outgoing_cltv_value) as u64 <= (cur_height + CLTV_CLAIM_BUFFER + LATENCY_GRACE_PERIOD_BLOCKS) as u64 {
+						break Some(("Outgoing CLTV value is too close", 0x1000 | 14, Some(self.get_channel_update(chan).unwrap())));
+					}
+
 					break None;
 				}
 				{

Original file line number	Diff line number	Diff line change
`@@ -3538,8 +3538,6 @@ impl<ChanSigner: ChannelKeys> Channel<ChanSigner> {`
`3538`	`3538`	`return Err(ChannelError::Ignore("Cannot send value that would put us over their reserve value"));`
`3539`	`3539`	`}`
`3540`	`3540`
`3541`		`- //TODO: Check cltv_expiry? Do this in channel manager?`
`3542`		`-`
`3543`	`3541`	`// Now update local state:`
`3544`	`3542`	`if (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32)) == (ChannelState::AwaitingRemoteRevoke as u32) {`
`3545`	`3543`	`self.holding_cell_htlc_updates.push(HTLCUpdateAwaitingACK::AddHTLC {`
Original file line number	Diff line number	Diff line change
`@@ -1110,6 +1110,13 @@ impl<ChanSigner: ChannelKeys, M: Deref, T: Deref, K: Deref, F: Deref> ChannelMan`
`1110`	`1110`	`if msg.cltv_expiry > cur_height + CLTV_FAR_FAR_AWAY as u32 { // expiry_too_far`
`1111`	`1111`	`break Some(("CLTV expiry is too far in the future", 21, None));`
`1112`	`1112`	`}`
	`1113`	`+ // We should be safe against unintentional channel-closure by our onchain logic due to this later`
	`1114`	`+ // offering a LATENCY_GRACE_PERIOD_BLOCKS. But to make our policy coherent with reception, apply`
	`1115`	`+ // same delay.`
	`1116`	`+ if (*outgoing_cltv_value) as u64 <= (cur_height + CLTV_CLAIM_BUFFER + LATENCY_GRACE_PERIOD_BLOCKS) as u64 {`
	`1117`	`+ break Some(("Outgoing CLTV value is too close", 0x1000 \| 14, Some(self.get_channel_update(chan).unwrap())));`
	`1118`	`+ }`
	`1119`	`+`
`1113`	`1120`	`break None;`
`1114`	`1121`	`}`
`1115`	`1122`	`{`