decode: fix crash when decoding invalid rune.

If rune contains invalid UTF-8, offers (which implements decode) would produce JSON with invalid UTF-8, which causes lightningd to complain and kill it, and then die because it's an important plugin. So don't decode invalid UTF-8! Reported-by: @jb55 Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2026-01-03 22:34:21 +01:00 · 2022-07-25 10:53:30 +09:30
parent 0fd8a6492e
commit da4e33cd0d
4 changed files with 94 additions and 6 deletions
--- a/plugins/offers.c
+++ b/plugins/offers.c
@@ -819,11 +819,26 @@ static void json_add_invoice_request(struct json_stream *js,

 static void json_add_rune(struct command *cmd, struct json_stream *js, const struct rune *rune)
 {
+	const char *string;
+
+	/* Simplest to check everything for UTF-8 compliance at once.
+	 * Since separators are | and & (which cannot appear inside
+	 * UTF-8 multichars), if the entire thing is valid UTF-8 then
+	 * each part is. */
+	string = rune_to_string(tmpctx, rune);
+	if (!utf8_check(string, strlen(string))) {
+		json_add_hex(js, "hex", string, strlen(string));
+		json_add_string(js, "warning_rune_invalid_utf8",
+				"Rune contains invalid UTF-8 strings");
+		json_add_bool(js, "valid", false);
+		return;
+	}
+
 	if (rune->unique_id)
 		json_add_string(js, "unique_id", rune->unique_id);
 	if (rune->version)
 		json_add_string(js, "version", rune->version);
-	json_add_string(js, "string", take(rune_to_string(NULL, rune)));
+	json_add_string(js, "string", take(string));

 	json_array_start(js, "restrictions");
 	for (size_t i = rune->unique_id ? 1 : 0; i < tal_count(rune->restrs); i++) {