Use LengthLimitedReadable for all read-to-end Readables

When deserializing these structs, they will consume the reader until it is out
of bytes. Therefore, it's safer if they are only provided with readers that
limit how much of the byte stream will be read.

Most of the relevant structs were updated in the previous commit when we
transitioned impl_writeable_msg to use LengthReadable, here we finish the job.

Author: valentinewallace

lightning/src/ln/msgs.rs

@@ -2412,8 +2412,8 @@ impl Writeable for AcceptChannel {
 	}
 }
 
-impl Readable for AcceptChannel {
-	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
+impl LengthReadable for AcceptChannel {
+	fn read_from_fixed_length_buffer<R: LengthLimitedRead>(r: &mut R) -> Result<Self, DecodeError> {
 		let temporary_channel_id: ChannelId = Readable::read(r)?;
 		let dust_limit_satoshis: u64 = Readable::read(r)?;
 		let max_htlc_value_in_flight_msat: u64 = Readable::read(r)?;
@@ -2497,8 +2497,8 @@ impl Writeable for AcceptChannelV2 {
 	}
 }
 
-impl Readable for AcceptChannelV2 {
-	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
+impl LengthReadable for AcceptChannelV2 {
+	fn read_from_fixed_length_buffer<R: LengthLimitedRead>(r: &mut R) -> Result<Self, DecodeError> {
 		let temporary_channel_id: ChannelId = Readable::read(r)?;
 		let funding_satoshis: u64 = Readable::read(r)?;
 		let dust_limit_satoshis: u64 = Readable::read(r)?;
@@ -2760,8 +2760,8 @@ impl Writeable for Init {
 	}
 }
 
-impl Readable for Init {
-	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
+impl LengthReadable for Init {
+	fn read_from_fixed_length_buffer<R: LengthLimitedRead>(r: &mut R) -> Result<Self, DecodeError> {
 		let global_features: InitFeatures = Readable::read(r)?;
 		let features: InitFeatures = Readable::read(r)?;
 		let mut remote_network_address: Option<SocketAddress> = None;
@@ -2806,8 +2806,8 @@ impl Writeable for OpenChannel {
 	}
 }
 
-impl Readable for OpenChannel {
-	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
+impl LengthReadable for OpenChannel {
+	fn read_from_fixed_length_buffer<R: LengthLimitedRead>(r: &mut R) -> Result<Self, DecodeError> {
 		let chain_hash: ChainHash = Readable::read(r)?;
 		let temporary_channel_id: ChannelId = Readable::read(r)?;
 		let funding_satoshis: u64 = Readable::read(r)?;
@@ -2890,8 +2890,8 @@ impl Writeable for OpenChannelV2 {
 	}
 }
 
-impl Readable for OpenChannelV2 {
-	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
+impl LengthReadable for OpenChannelV2 {
+	fn read_from_fixed_length_buffer<R: LengthLimitedRead>(r: &mut R) -> Result<Self, DecodeError> {
 		let chain_hash: ChainHash = Readable::read(r)?;
 		let temporary_channel_id: ChannelId = Readable::read(r)?;
 		let funding_feerate_sat_per_1000_weight: u32 = Readable::read(r)?;

lightning/src/ln/wire.rs

@@ -257,7 +257,9 @@ where
 	H::Target: CustomMessageReader<CustomMessage = T>,
 {
 	match message_type {
-		msgs::Init::TYPE => Ok(Message::Init(Readable::read(buffer)?)),
+		msgs::Init::TYPE => {
+			Ok(Message::Init(LengthReadable::read_from_fixed_length_buffer(buffer)?))
+		},
 		msgs::ErrorMessage::TYPE => Ok(Message::Error(Readable::read(buffer)?)),
 		msgs::WarningMessage::TYPE => Ok(Message::Warning(Readable::read(buffer)?)),
 		msgs::Ping::TYPE => Ok(Message::Ping(Readable::read(buffer)?)),
@@ -268,10 +270,18 @@ where
 		msgs::PeerStorageRetrieval::TYPE => Ok(Message::PeerStorageRetrieval(
 			LengthReadable::read_from_fixed_length_buffer(buffer)?,
 		)),
-		msgs::OpenChannel::TYPE => Ok(Message::OpenChannel(Readable::read(buffer)?)),
-		msgs::OpenChannelV2::TYPE => Ok(Message::OpenChannelV2(Readable::read(buffer)?)),
-		msgs::AcceptChannel::TYPE => Ok(Message::AcceptChannel(Readable::read(buffer)?)),
-		msgs::AcceptChannelV2::TYPE => Ok(Message::AcceptChannelV2(Readable::read(buffer)?)),
+		msgs::OpenChannel::TYPE => {
+			Ok(Message::OpenChannel(LengthReadable::read_from_fixed_length_buffer(buffer)?))
+		},
+		msgs::OpenChannelV2::TYPE => {
+			Ok(Message::OpenChannelV2(LengthReadable::read_from_fixed_length_buffer(buffer)?))
+		},
+		msgs::AcceptChannel::TYPE => {
+			Ok(Message::AcceptChannel(LengthReadable::read_from_fixed_length_buffer(buffer)?))
+		},
+		msgs::AcceptChannelV2::TYPE => {
+			Ok(Message::AcceptChannelV2(LengthReadable::read_from_fixed_length_buffer(buffer)?))
+		},
 		msgs::FundingCreated::TYPE => {
 			Ok(Message::FundingCreated(LengthReadable::read_from_fixed_length_buffer(buffer)?))
 		},

lightning/src/offers/invoice.rs

@@ -148,8 +148,8 @@ use crate::offers::signer::{self, Metadata};
 use crate::types::features::{Bolt12InvoiceFeatures, InvoiceRequestFeatures, OfferFeatures};
 use crate::types::payment::PaymentHash;
 use crate::util::ser::{
-	CursorReadable, HighZeroBytesDroppedBigSize, Iterable, Readable, WithoutLength, Writeable,
-	Writer,
+	CursorReadable, HighZeroBytesDroppedBigSize, Iterable, LengthLimitedRead, LengthReadable,
+	WithoutLength, Writeable, Writer,
 };
 use crate::util::string::PrintableString;
 use bitcoin::address::Address;
@@ -1398,9 +1398,11 @@ impl Writeable for Bolt12Invoice {
 	}
 }
 
-impl Readable for Bolt12Invoice {
-	fn read<R: io::Read>(reader: &mut R) -> Result<Self, DecodeError> {
-		let bytes: WithoutLength<Vec<u8>> = Readable::read(reader)?;
+impl LengthReadable for Bolt12Invoice {
+	fn read_from_fixed_length_buffer<R: LengthLimitedRead>(
+		reader: &mut R,
+	) -> Result<Self, DecodeError> {
+		let bytes: WithoutLength<Vec<u8>> = LengthReadable::read_from_fixed_length_buffer(reader)?;
 		Self::try_from(bytes.0).map_err(|_| DecodeError::InvalidValue)
 	}
 }

lightning/src/offers/invoice_request.rs

@@ -86,7 +86,8 @@ use crate::onion_message::dns_resolution::HumanReadableName;
 use crate::types::features::InvoiceRequestFeatures;
 use crate::types::payment::PaymentHash;
 use crate::util::ser::{
-	CursorReadable, HighZeroBytesDroppedBigSize, Readable, WithoutLength, Writeable, Writer,
+	CursorReadable, HighZeroBytesDroppedBigSize, LengthLimitedRead, LengthReadable, Readable,
+	WithoutLength, Writeable, Writer,
 };
 use crate::util::string::{PrintableString, UntrustedString};
 use bitcoin::constants::ChainHash;
@@ -1119,9 +1120,9 @@ impl Writeable for InvoiceRequestContents {
 	}
 }
 
-impl Readable for InvoiceRequest {
-	fn read<R: io::Read>(reader: &mut R) -> Result<Self, DecodeError> {
-		let bytes: WithoutLength<Vec<u8>> = Readable::read(reader)?;
+impl LengthReadable for InvoiceRequest {
+	fn read_from_fixed_length_buffer<R: LengthLimitedRead>(r: &mut R) -> Result<Self, DecodeError> {
+		let bytes: WithoutLength<Vec<u8>> = LengthReadable::read_from_fixed_length_buffer(r)?;
 		Self::try_from(bytes.0).map_err(|_| DecodeError::InvalidValue)
 	}
 }

lightning/src/offers/offer.rs

@@ -88,7 +88,8 @@ use crate::offers::parse::{Bech32Encode, Bolt12ParseError, Bolt12SemanticError,
 use crate::offers::signer::{self, Metadata, MetadataMaterial};
 use crate::types::features::OfferFeatures;
 use crate::util::ser::{
-	CursorReadable, HighZeroBytesDroppedBigSize, Readable, WithoutLength, Writeable, Writer,
+	CursorReadable, HighZeroBytesDroppedBigSize, LengthLimitedRead, LengthReadable, Readable,
+	WithoutLength, Writeable, Writer,
 };
 use crate::util::string::PrintableString;
 use bitcoin::constants::ChainHash;
@@ -1033,9 +1034,11 @@ impl OfferContents {
 	}
 }
 
-impl Readable for Offer {
-	fn read<R: io::Read>(reader: &mut R) -> Result<Self, DecodeError> {
-		let bytes: WithoutLength<Vec<u8>> = Readable::read(reader)?;
+impl LengthReadable for Offer {
+	fn read_from_fixed_length_buffer<R: LengthLimitedRead>(
+		reader: &mut R,
+	) -> Result<Self, DecodeError> {
+		let bytes: WithoutLength<Vec<u8>> = LengthReadable::read_from_fixed_length_buffer(reader)?;
 		Self::try_from(bytes.0).map_err(|_| DecodeError::InvalidValue)
 	}
 }

lightning/src/offers/refund.rs

@@ -102,7 +102,9 @@ use crate::offers::signer::{self, Metadata, MetadataMaterial};
 use crate::sign::EntropySource;
 use crate::types::features::InvoiceRequestFeatures;
 use crate::types::payment::PaymentHash;
-use crate::util::ser::{CursorReadable, Readable, WithoutLength, Writeable, Writer};
+use crate::util::ser::{
+	CursorReadable, LengthLimitedRead, LengthReadable, WithoutLength, Writeable, Writer,
+};
 use crate::util::string::PrintableString;
 use bitcoin::constants::ChainHash;
 use bitcoin::network::Network;
@@ -822,9 +824,11 @@ impl RefundContents {
 	}
 }
 
-impl Readable for Refund {
-	fn read<R: io::Read>(reader: &mut R) -> Result<Self, DecodeError> {
-		let bytes: WithoutLength<Vec<u8>> = Readable::read(reader)?;
+impl LengthReadable for Refund {
+	fn read_from_fixed_length_buffer<R: LengthLimitedRead>(
+		reader: &mut R,
+	) -> Result<Self, DecodeError> {
+		let bytes: WithoutLength<Vec<u8>> = LengthReadable::read_from_fixed_length_buffer(reader)?;
 		Self::try_from(bytes.0).map_err(|_| DecodeError::InvalidValue)
 	}
 }

lightning/src/util/ser.rs

@@ -740,10 +740,10 @@ impl Writeable for WithoutLength<&String> {
 		w.write_all(self.0.as_bytes())
 	}
 }
-impl Readable for WithoutLength<String> {
+impl LengthReadable for WithoutLength<String> {
 	#[inline]
-	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
-		let v: WithoutLength<Vec<u8>> = Readable::read(r)?;
+	fn read_from_fixed_length_buffer<R: LengthLimitedRead>(r: &mut R) -> Result<Self, DecodeError> {
+		let v: WithoutLength<Vec<u8>> = LengthReadable::read_from_fixed_length_buffer(r)?;
 		Ok(Self(String::from_utf8(v.0).map_err(|_| DecodeError::InvalidValue)?))
 	}
 }
@@ -772,10 +772,10 @@ impl Writeable for WithoutLength<&UntrustedString> {
 		WithoutLength(&self.0 .0).write(w)
 	}
 }
-impl Readable for WithoutLength<UntrustedString> {
+impl LengthReadable for WithoutLength<UntrustedString> {
 	#[inline]
-	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
-		let s: WithoutLength<String> = Readable::read(r)?;
+	fn read_from_fixed_length_buffer<R: LengthLimitedRead>(r: &mut R) -> Result<Self, DecodeError> {
+		let s: WithoutLength<String> = LengthReadable::read_from_fixed_length_buffer(r)?;
 		Ok(Self(UntrustedString(s.0)))
 	}
 }
@@ -808,9 +808,11 @@ impl<S: AsWriteableSlice> Writeable for WithoutLength<S> {
 	}
 }
 
-impl<T: MaybeReadable> Readable for WithoutLength<Vec<T>> {
+impl<T: MaybeReadable> LengthReadable for WithoutLength<Vec<T>> {
 	#[inline]
-	fn read<R: Read>(reader: &mut R) -> Result<Self, DecodeError> {
+	fn read_from_fixed_length_buffer<R: LengthLimitedRead>(
+		reader: &mut R,
+	) -> Result<Self, DecodeError> {
 		let mut values = Vec::new();
 		loop {
 			let mut track_read = ReadTrackingReader::new(reader);
@@ -841,10 +843,10 @@ impl Writeable for WithoutLength<&ScriptBuf> {
 	}
 }
 
-impl Readable for WithoutLength<ScriptBuf> {
+impl LengthReadable for WithoutLength<ScriptBuf> {
 	#[inline]
-	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
-		let v: WithoutLength<Vec<u8>> = Readable::read(r)?;
+	fn read_from_fixed_length_buffer<R: LengthLimitedRead>(r: &mut R) -> Result<Self, DecodeError> {
+		let v: WithoutLength<Vec<u8>> = LengthReadable::read_from_fixed_length_buffer(r)?;
 		Ok(WithoutLength(script::Builder::from(v.0).into_script()))
 	}
 }

lightning/src/util/ser_macros.rs

@@ -409,7 +409,7 @@ macro_rules! _decode_tlv {
 		$field = $trait::read(&mut $reader $(, $read_arg)*)?;
 	}};
 	($outer_reader: expr, $reader: expr, $field: ident, required_vec) => {{
-		let f: $crate::util::ser::WithoutLength<Vec<_>> = $crate::util::ser::Readable::read(&mut $reader)?;
+		let f: $crate::util::ser::WithoutLength<Vec<_>> = $crate::util::ser::LengthReadable::read_from_fixed_length_buffer(&mut $reader)?;
 		$field = f.0;
 	}};
 	($outer_reader: expr, $reader: expr, $field: ident, option) => {{
@@ -427,7 +427,7 @@ macro_rules! _decode_tlv {
 		_decode_tlv!($outer_reader, $reader, $field, required);
 	}};
 	($outer_reader: expr, $reader: expr, $field: ident, optional_vec) => {{
-		let f: $crate::util::ser::WithoutLength<Vec<_>> = $crate::util::ser::Readable::read(&mut $reader)?;
+		let f: $crate::util::ser::WithoutLength<Vec<_>> = $crate::util::ser::LengthReadable::read_from_fixed_length_buffer(&mut $reader)?;
 		$field = Some(f.0);
 	}};
 	// `upgradable_required` indicates we're reading a required TLV that may have been upgraded