Skip to content

Fix fuzzer-found panic from duplicate channel outpoint #1080

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 30, 2021
Merged

Fix fuzzer-found panic from duplicate channel outpoint #1080

merged 2 commits into from
Sep 30, 2021

Conversation

valentinewallace
Copy link
Contributor

And update Watch docs. See added comments for more details.

Fuzz fail repro script:

export TARGET="full_stack" # adjust for your output
export HEX="010100001300000000000000000000000000000000000000000000000000
000000000000010003000000000000000000000000000000000000000000
000000000000000000000203003200030000000000feffffff0000000000
000000000000000000000000000000000002030000000000000000000000
00000000030012000a0300000000000000000000000000000003001a0010
000220000002200003000000000000000000000000000000030012014103
0000000000000000000000000000000300fe002075000000000000000000
00000000000000000000000000000000000000000000ff4f00f805273c1b
203bb5ebf8436bfde57b3be8c2f5e95d9491dbb181909679000000000000
c3500000000000000000000000000000014affffffffffffffff00000000
000002220000000000000000000000fd000601e303000000000000000000
000000000000000000000000000000000000000000000103000000000000
000000000000000000000000000000000000000000000000000203000000
000000000000000000000000000000000000000000000000000000000303
2d0000000000000000000000000000000000000000000000000000000000
000403005303000000000000000000000000000000000000000000000000
00000000000000050209000000000000000000000000000000000000ffff
ffffffffffffff74000000010300000000000000000000000000000000fd
00fd00fd0300120084030000000000000000000000000000000300940022
ff4f00f805273c1b203bb5ebf8436bfde57b3be8c2f5e95d9491dbb18190
96793a000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000002101000000000000000000000000000000000000000000
00000000000000000000030000000000000000000000000000000c005e02
000000010000000000000000000000000000000000000000000000000000
0000000000000000000000ffffffff0150c3000000000000220020ae0000
000000000000000000000000000000000000000000000000000000000000
0000000c00000c00000c00000c00000c00000e000c00000c00000c00000c
00000c00000c00000c000003001200430300000000000000000000000000
000003005300243d00000000000000000000000000000000000000000000
000000000000000000020800000000000000000000000000000000000000
000000000000000000000000030000000000000000000000000000000103
013200030000000000000000000000000000000000000000000000000000
000000000007030000000000000000000000000000000301420003020000
000000000000000000000000000000000000000000000000000000000003
000000000000000000000000000000030000000000000000000000000000
00030112000a0100000000000000000000000000000003011a0010000220
000002200001000000000000000000000000000000050103020000000000
000000000000000000000000000000000000000000000000000000c35000
03e800fd0301120110010000000000000000000000000000000301ff0021
000000000000000000000000000000000000000000000000000000000000
0e05000000000000014a00000000004c4b4000000000000003e800000000
000003e80000000203f00005030000000000000000000000000000000000
000000000000000000000000000100030000000000000000000000000000
000000000000000000000000000000000200030000000000000000000000
000000000000000000000000000000000000000300030000000000000000
000000000000000000000000000000000000000000000400030000000000
000000000000000000000000000000000000000000000000000500026600
000000000000000000000000000301210000000000000000000000000000
000000010000000000000000000000000000000a03011200620100000000
000000000000000000000003017200233a00000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000007c00010000000000000000
000000000000000000000000000000000000000000000100000000000000
000000000000000003001201410300000000000000000000000000000003
00fe00207500000000000000000000000000000000000000000000000000
000000000000ff4f00f805273c1b203bb5ebf8436bfde57b3be8c2f5e95d
9491dbb181909679000000000000c3500000000000000000000000000000
014affffffffffffffff00000000000002220000000000000000000000fd
000601e30300000000000000000000000000000000000000000000000000
000000000000010300000000000000000000000000000000000000000000
000000000000000000020300000000000000000000000000000000000000
00000000000000000000000003032d000000000000000000000000000000
000000000000000000000000000000040300530300000000000000000000
000000000000000000000000000000000000000000050209000000000000
000000000000000000000000ffffffffffffffffff740000000103000000
00000000000000000000000000fd00fd00fd030012008403000000000000
0000000000000000000300940022ff4f00f805273c1b203bb5ebf8436bfd
e57b3be8c2f5e95d9491dbb1819096793d00000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000210100000000000000
000000000000000000000000000000000000000000000000030000000000
000000000000000000000c005e0200000001000000000000000000000000
00000000000000000000000000000000000000000000000000ffffffff01
50c3000000000000220020ae000000000000000000000000000000000000
00000000000000000000000000000000000c00000c00000c00000c00000c
00000e000c00000c00000000000000000000000000000100000000000000
00000000000000000b0301120000000000000b0301120000000000000000
000000000000000000000300000000000000000000000000"

mkdir -p ./test_cases/$TARGET
echo $HEX | xxd -r -p > ./test_cases/$TARGET/any_filename_works

export RUSTFLAGS="--cfg=fuzzing"
export RUST_BACKTRACE=1
cargo test &> output.txt

@valentinewallace
Don't apply monitor updates after watch_channel PermFail
e06484b 
The full stack fuzzer found an unreachable panic where we receive a
FundingSigned with a duplicate channel outpoint.
@valentinewallace
Update Watch docs to disallow dup channel outpoints
612d1fb 
on watch_channel
@codecov
Copy link

codecov bot commented Sep 17, 2021
edited
Loading

Codecov Report

Merging #1080 (612d1fb) into main (b3be420) will increase coverage by 1.89%.
The diff coverage is 88.88%.

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #1080      +/-   ##
==========================================
+ Coverage   90.85%   92.75%   +1.89%     
==========================================
  Files          65       65              
  Lines       33229    43072    +9843     
==========================================
+ Hits        30191    39952    +9761     
- Misses       3038     3120      +82
Impacted Files Coverage Δ
lightning/src/chain/mod.rs 58.82% <ø> (ø)
lightning/src/ln/channelmanager.rs 89.33% <88.88%> (+3.49%) ⬆️
lightning/src/util/enforcing_trait_impls.rs 88.97% <0.00%> (-0.31%) ⬇️
lightning/src/util/ser_macros.rs 87.72% <0.00%> (-0.18%) ⬇️
lightning/src/ln/chanmon_update_fail_tests.rs 97.75% <0.00%> (-0.14%) ⬇️
lightning/src/ln/monitor_tests.rs 100.00% <0.00%> (ø)
lightning/src/ln/reorg_tests.rs 99.78% <0.00%> (+0.07%) ⬆️
lightning/src/ln/onion_utils.rs 95.36% <0.00%> (+0.44%) ⬆️
lightning/src/ln/chan_utils.rs 98.00% <0.00%> (+0.59%) ⬆️
lightning/src/ln/onion_route_tests.rs 98.10% <0.00%> (+0.99%) ⬆️
... and 17 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b3be420...612d1fb. Read the comment docs.

@TheBlueMatt TheBlueMatt merged commit 730d563 into lightningdevkit:main Sep 30, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TheBlueMatt TheBlueMatt TheBlueMatt approved these changes

@arik-so arik-so arik-so approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@valentinewallace @TheBlueMatt @arik-so