aljaz/lightning
1
0
Fork 0
mirror of https://github.com/aljazceru/lightning.git synced 2025-12-19 15:14:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

offers: make sure quantity limits are sane.

Browse Source 
You could have quantity_min of 0, which makes no sense; spec has been
updated, so quote and enforce that.

Reported-by: @shesek
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This commit is contained in:
Rusty Russell
2021-07-21 15:07:08 +09:30
committed by neil saitug
parent 7769903f1a
commit 0a0b2ce940
2 changed files with 42 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
plugins/offers_offer.c
View File

@@ -319,6 +319,28 @@ struct command_result *json_offer(struct command *cmd,
NULL))
return command_param_failed();
/* BOLT-offers #12:
* - MUST NOT set `quantity_min` or `quantity_max` less than 1.
*/
if (offer->quantity_min && *offer->quantity_min < 1)
return command_fail_badparam(cmd, "quantity_min",
buffer, params,
"must be >= 1");
if (offer->quantity_max && *offer->quantity_max < 1)
return command_fail_badparam(cmd, "quantity_max",
buffer, params,
"must be >= 1");
/* BOLT-offers #12:
* - if both:
* - MUST set `quantity_min` less than or equal to `quantity_max`.
*/
if (offer->quantity_min && offer->quantity_max) {
if (*offer->quantity_min > *offer->quantity_max)
return command_fail_badparam(cmd, "quantity_min",
buffer, params,
"must be <= quantity_max");
}
/* BOLT-offers #12:
*
* - if the chain for the invoice is not solely bitcoin: