From f1426bad8e0266c558250eabf27e8f8d97a8146b Mon Sep 17 00:00:00 2001
From: Rusty Russell <rusty@rustcorp.com.au>
Date: Tue, 19 May 2020 10:58:13 +0930
Subject: [PATCH] bitcoin/tx: fix bug in fromwire_bitcoin_tx.

If we fail to unmarshal the tx (shouldn't happen, but...) we must
not dereference NULL.

Also tighten the check: towire_ must send 0 or all inputs.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
---
 bitcoin/tx.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/bitcoin/tx.c b/bitcoin/tx.c
index af281fdf2..3b9c112ea 100644
--- a/bitcoin/tx.c
+++ b/bitcoin/tx.c
@@ -602,10 +602,17 @@ struct bitcoin_tx *fromwire_bitcoin_tx(const tal_t *ctx,
 	size_t i;
 
 	tx = pull_bitcoin_tx(ctx, cursor, max);
+	if (!tx)
+		return fromwire_fail(cursor, max);
+
 	input_amts_len = fromwire_u16(cursor, max);
-	/* We don't serialize the amounts if they're not *all* populated */
-	if (input_amts_len != tal_count(tx->input_amounts))
-		return tx;
+
+	/* They must give us none or all */
+	if (input_amts_len != 0
+	    && input_amts_len != tal_count(tx->input_amounts)) {
+		tal_free(tx);
+		return fromwire_fail(cursor, max);
+	}
 
 	for (i = 0; i < input_amts_len; i++) {
 		struct amount_sat sat;