Skip to content

Fix panic when deserializing Duration#4172

Merged
tnull merged 1 commit intolightningdevkit:mainfrom
TheBlueMatt:2025-10-duration-deser-panic
Oct 27, 2025
Merged

Fix panic when deserializing Duration#4172
tnull merged 1 commit intolightningdevkit:mainfrom
TheBlueMatt:2025-10-duration-deser-panic

Conversation

@TheBlueMatt
Copy link
Collaborator

@TheBlueMatt TheBlueMatt commented Oct 24, 2025

Duration::new adds any nanoseconds in excess of a second to the second part. This can overflow, however, panicking. In 0.2 we introduced a few further cases where we store Durations, specifically some when handling network messages.

Sadly, that introduced a remotely-triggerable crash where someone can send us, for example, a malicious blinded path context which can cause us to panic.

Found by the onion_message fuzzer.

This doesn't seem super critical in 0.1, its basically only a reachable panic when deserializing ChannelManager (not a huge deal) or a scorer (which isn't great cause that can come from a third-party, but usually they're at least trusted enough to not be feeding you malicious panic-y crap). Still, worth backporting there in case we do another point release at some point.

@TheBlueMatt
Fix panic when deserializing Duration
7b9bde1 
`Duration::new` adds any nanoseconds in excess of a second to the
second part. This can overflow, however, panicking. In 0.2 we
introduced a few further cases where we store `Duration`s,
specifically some when handling network messages.

Sadly, that introduced a remotely-triggerable crash where someone
can send us, for example, a malicious blinded path context which
can cause us to panic.

Found by the `onion_message` fuzzer
@TheBlueMatt TheBlueMatt added this to the 0.2 milestone Oct 24, 2025
@ldk-reviews-bot
Copy link

ldk-reviews-bot commented Oct 24, 2025
edited
Loading

👋 Thanks for assigning @tnull as a reviewer!
I'll wait for their review and will help manage the review process.
Once they submit their review, I'll check if a second reviewer would be helpful.

@codecov
Copy link

codecov bot commented Oct 24, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 66.66667% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 88.79%. Comparing base (0eec30a) to head (7b9bde1).
⚠️ Report is 17 commits behind head on main.

Files with missing lines Patch % Lines
lightning/src/util/ser.rs 66.66% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4172      +/-   ##
==========================================
+ Coverage   88.78%   88.79%   +0.01%     
==========================================
  Files         180      180              
  Lines      137066   137068       +2     
  Branches   137066   137068       +2     
==========================================
+ Hits       121694   121715      +21     
+ Misses      12552    12538      -14     
+ Partials     2820     2815       -5
Flag Coverage Δ
fuzzing 20.97% <0.00%> (-0.60%) ⬇️
tests 88.64% <66.66%> (+0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@tnull tnull self-requested a review October 24, 2025 19:15
@ldk-reviews-bot
Copy link

ldk-reviews-bot commented Oct 27, 2025

🔔 1st Reminder

Hey @tnull! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

@tnull tnull merged commit c218818 into lightningdevkit:main Oct 27, 2025
22 of 25 checks passed
@TheBlueMatt TheBlueMatt mentioned this pull request Oct 29, 2025
Merged
@TheBlueMatt
Copy link
Collaborator Author

TheBlueMatt commented Oct 29, 2025

Backported to 0.2 in #4185.

@TheBlueMatt
Copy link
Collaborator Author

TheBlueMatt commented Nov 20, 2025

Backporting to 0.1 in #4235

@TheBlueMatt TheBlueMatt mentioned this pull request Nov 20, 2025
Merged
TheBlueMatt added a commit to TheBlueMatt/rust-lightning that referenced this pull request Dec 6, 2025
@TheBlueMatt
Merge tag 'v0.1.8' into 2025-12-0.1-bindings-updates
4562434 
v0.1.8 - Dec 2, 2025 - "Async Update Completion"

Bug Fixes
=========

 * In cases where an MPP payment is claimed while one channel is waiting on a
   counterparty's `revoke_and_ack` message and the `revoke_and_ack` message is
   received prior to the asynchronous completion of the MPP-claim
   `ChannelMonitorUpdate`, the channel will no longer hang (lightningdevkit#4236).
 * Deserializing invalid `Duration`s can no longer panic (lightningdevkit#4172).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tnull tnull tnull approved these changes

@jkczyz jkczyz jkczyz approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

0.2

Development

Successfully merging this pull request may close these issues.

4 participants

@TheBlueMatt @ldk-reviews-bot @tnull @jkczyz