Use LengthLimitedReadable for all read-to-end Readables

valentinewallace · valentinewallace · commit db171784dec9 · 2025-03-07T14:30:49.000-05:00
When deserializing these structs, they will consume the reader until it is out
of bytes. Therefore, it's safer if they are only provided with readers that
limit how much of the byte stream will be read.

Most of the relevant structs were updated in the previous commit when we
transitioned impl_writeable_msg to use LengthReadable, here we finish the job.
diff --git a/lightning/src/ln/msgs.rs b/lightning/src/ln/msgs.rs
@@ -2412,8 +2412,8 @@ impl Writeable for AcceptChannel {
 	}
 }
 
-impl Readable for AcceptChannel {
-	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
+impl LengthReadable for AcceptChannel {
+	fn read_from_fixed_length_buffer<R: LengthLimitedRead>(r: &mut R) -> Result<Self, DecodeError> {
 		let temporary_channel_id: ChannelId = Readable::read(r)?;
 		let dust_limit_satoshis: u64 = Readable::read(r)?;
 		let max_htlc_value_in_flight_msat: u64 = Readable::read(r)?;
@@ -2497,8 +2497,8 @@ impl Writeable for AcceptChannelV2 {
 	}
 }
 
-impl Readable for AcceptChannelV2 {
-	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
+impl LengthReadable for AcceptChannelV2 {
+	fn read_from_fixed_length_buffer<R: LengthLimitedRead>(r: &mut R) -> Result<Self, DecodeError> {
 		let temporary_channel_id: ChannelId = Readable::read(r)?;
 		let funding_satoshis: u64 = Readable::read(r)?;
 		let dust_limit_satoshis: u64 = Readable::read(r)?;
@@ -2760,8 +2760,8 @@ impl Writeable for Init {
 	}
 }
 
-impl Readable for Init {
-	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
+impl LengthReadable for Init {
+	fn read_from_fixed_length_buffer<R: LengthLimitedRead>(r: &mut R) -> Result<Self, DecodeError> {
 		let global_features: InitFeatures = Readable::read(r)?;
 		let features: InitFeatures = Readable::read(r)?;
 		let mut remote_network_address: Option<SocketAddress> = None;
@@ -2806,8 +2806,8 @@ impl Writeable for OpenChannel {
 	}
 }
 
-impl Readable for OpenChannel {
-	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
+impl LengthReadable for OpenChannel {
+	fn read_from_fixed_length_buffer<R: LengthLimitedRead>(r: &mut R) -> Result<Self, DecodeError> {
 		let chain_hash: ChainHash = Readable::read(r)?;
 		let temporary_channel_id: ChannelId = Readable::read(r)?;
 		let funding_satoshis: u64 = Readable::read(r)?;
@@ -2890,8 +2890,8 @@ impl Writeable for OpenChannelV2 {
 	}
 }
 
-impl Readable for OpenChannelV2 {
-	fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {
+impl LengthReadable for OpenChannelV2 {
+	fn read_from_fixed_length_buffer<R: LengthLimitedRead>(r: &mut R) -> Result<Self, DecodeError> {
 		let chain_hash: ChainHash = Readable::read(r)?;
 		let temporary_channel_id: ChannelId = Readable::read(r)?;
 		let funding_feerate_sat_per_1000_weight: u32 = Readable::read(r)?;
diff --git a/lightning/src/ln/wire.rs b/lightning/src/ln/wire.rs
@@ -257,7 +257,9 @@ where
 	H::Target: CustomMessageReader<CustomMessage = T>,
 {
 	match message_type {
-		msgs::Init::TYPE => Ok(Message::Init(Readable::read(buffer)?)),
+		msgs::Init::TYPE => {
+			Ok(Message::Init(LengthReadable::read_from_fixed_length_buffer(buffer)?))
+		},
 		msgs::ErrorMessage::TYPE => Ok(Message::Error(Readable::read(buffer)?)),
 		msgs::WarningMessage::TYPE => Ok(Message::Warning(Readable::read(buffer)?)),
 		msgs::Ping::TYPE => Ok(Message::Ping(Readable::read(buffer)?)),
@@ -268,10 +270,18 @@ where
 		msgs::PeerStorageRetrieval::TYPE => Ok(Message::PeerStorageRetrieval(
 			LengthReadable::read_from_fixed_length_buffer(buffer)?,
 		)),
-		msgs::OpenChannel::TYPE => Ok(Message::OpenChannel(Readable::read(buffer)?)),
-		msgs::OpenChannelV2::TYPE => Ok(Message::OpenChannelV2(Readable::read(buffer)?)),
-		msgs::AcceptChannel::TYPE => Ok(Message::AcceptChannel(Readable::read(buffer)?)),
-		msgs::AcceptChannelV2::TYPE => Ok(Message::AcceptChannelV2(Readable::read(buffer)?)),
+		msgs::OpenChannel::TYPE => {
+			Ok(Message::OpenChannel(LengthReadable::read_from_fixed_length_buffer(buffer)?))
+		},
+		msgs::OpenChannelV2::TYPE => {
+			Ok(Message::OpenChannelV2(LengthReadable::read_from_fixed_length_buffer(buffer)?))
+		},
+		msgs::AcceptChannel::TYPE => {
+			Ok(Message::AcceptChannel(LengthReadable::read_from_fixed_length_buffer(buffer)?))
+		},
+		msgs::AcceptChannelV2::TYPE => {
+			Ok(Message::AcceptChannelV2(LengthReadable::read_from_fixed_length_buffer(buffer)?))
+		},
 		msgs::FundingCreated::TYPE => {
 			Ok(Message::FundingCreated(LengthReadable::read_from_fixed_length_buffer(buffer)?))
 		},
diff --git a/lightning/src/offers/invoice.rs b/lightning/src/offers/invoice.rs
@@ -148,8 +148,8 @@ use crate::offers::signer::{self, Metadata};
 use crate::types::features::{Bolt12InvoiceFeatures, InvoiceRequestFeatures, OfferFeatures};
 use crate::types::payment::PaymentHash;
 use crate::util::ser::{
-	CursorReadable, HighZeroBytesDroppedBigSize, Iterable, Readable, WithoutLength, Writeable,
-	Writer,
+	CursorReadable, HighZeroBytesDroppedBigSize, Iterable, LengthLimitedRead, LengthReadable,
+	Readable, WithoutLength, Writeable, Writer,
 };
 use crate::util::string::PrintableString;
 use bitcoin::address::Address;
@@ -1398,8 +1398,10 @@ impl Writeable for Bolt12Invoice {
 	}
 }
 
-impl Readable for Bolt12Invoice {
-	fn read<R: io::Read>(reader: &mut R) -> Result<Self, DecodeError> {
+impl LengthReadable for Bolt12Invoice {
+	fn read_from_fixed_length_buffer<R: LengthLimitedRead>(
+		reader: &mut R,
+	) -> Result<Self, DecodeError> {
 		let bytes: WithoutLength<Vec<u8>> = Readable::read(reader)?;
 		Self::try_from(bytes.0).map_err(|_| DecodeError::InvalidValue)
 	}
diff --git a/lightning/src/offers/invoice_request.rs b/lightning/src/offers/invoice_request.rs
@@ -86,7 +86,8 @@ use crate::onion_message::dns_resolution::HumanReadableName;
 use crate::types::features::InvoiceRequestFeatures;
 use crate::types::payment::PaymentHash;
 use crate::util::ser::{
-	CursorReadable, HighZeroBytesDroppedBigSize, Readable, WithoutLength, Writeable, Writer,
+	CursorReadable, HighZeroBytesDroppedBigSize, LengthLimitedRead, LengthReadable, Readable,
+	WithoutLength, Writeable, Writer,
 };
 use crate::util::string::{PrintableString, UntrustedString};
 use bitcoin::constants::ChainHash;
@@ -1119,9 +1120,9 @@ impl Writeable for InvoiceRequestContents {
 	}
 }
 
-impl Readable for InvoiceRequest {
-	fn read<R: io::Read>(reader: &mut R) -> Result<Self, DecodeError> {
-		let bytes: WithoutLength<Vec<u8>> = Readable::read(reader)?;
+impl LengthReadable for InvoiceRequest {
+	fn read_from_fixed_length_buffer<R: LengthLimitedRead>(r: &mut R) -> Result<Self, DecodeError> {
+		let bytes: WithoutLength<Vec<u8>> = Readable::read(r)?;
 		Self::try_from(bytes.0).map_err(|_| DecodeError::InvalidValue)
 	}
 }
diff --git a/lightning/src/offers/offer.rs b/lightning/src/offers/offer.rs
@@ -88,7 +88,8 @@ use crate::offers::parse::{Bech32Encode, Bolt12ParseError, Bolt12SemanticError,
 use crate::offers::signer::{self, Metadata, MetadataMaterial};
 use crate::types::features::OfferFeatures;
 use crate::util::ser::{
-	CursorReadable, HighZeroBytesDroppedBigSize, Readable, WithoutLength, Writeable, Writer,
+	CursorReadable, HighZeroBytesDroppedBigSize, LengthLimitedRead, LengthReadable, Readable,
+	WithoutLength, Writeable, Writer,
 };
 use crate::util::string::PrintableString;
 use bitcoin::constants::ChainHash;
@@ -1033,8 +1034,10 @@ impl OfferContents {
 	}
 }
 
-impl Readable for Offer {
-	fn read<R: io::Read>(reader: &mut R) -> Result<Self, DecodeError> {
+impl LengthReadable for Offer {
+	fn read_from_fixed_length_buffer<R: LengthLimitedRead>(
+		reader: &mut R,
+	) -> Result<Self, DecodeError> {
 		let bytes: WithoutLength<Vec<u8>> = Readable::read(reader)?;
 		Self::try_from(bytes.0).map_err(|_| DecodeError::InvalidValue)
 	}

Original file line number	Diff line number	Diff line change
`@@ -2412,8 +2412,8 @@ impl Writeable for AcceptChannel {`
`2412`	`2412`	`}`
`2413`	`2413`	`}`
`2414`	`2414`
`2415`		`-impl Readable for AcceptChannel {`
`2416`		`- fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {`
	`2415`	`+impl LengthReadable for AcceptChannel {`
	`2416`	`+ fn read_from_fixed_length_buffer<R: LengthLimitedRead>(r: &mut R) -> Result<Self, DecodeError> {`
`2417`	`2417`	`let temporary_channel_id: ChannelId = Readable::read(r)?;`
`2418`	`2418`	`let dust_limit_satoshis: u64 = Readable::read(r)?;`
`2419`	`2419`	`let max_htlc_value_in_flight_msat: u64 = Readable::read(r)?;`
`@@ -2497,8 +2497,8 @@ impl Writeable for AcceptChannelV2 {`
`2497`	`2497`	`}`
`2498`	`2498`	`}`
`2499`	`2499`
`2500`		`-impl Readable for AcceptChannelV2 {`
`2501`		`- fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {`
	`2500`	`+impl LengthReadable for AcceptChannelV2 {`
	`2501`	`+ fn read_from_fixed_length_buffer<R: LengthLimitedRead>(r: &mut R) -> Result<Self, DecodeError> {`
`2502`	`2502`	`let temporary_channel_id: ChannelId = Readable::read(r)?;`
`2503`	`2503`	`let funding_satoshis: u64 = Readable::read(r)?;`
`2504`	`2504`	`let dust_limit_satoshis: u64 = Readable::read(r)?;`
`@@ -2760,8 +2760,8 @@ impl Writeable for Init {`
`2760`	`2760`	`}`
`2761`	`2761`	`}`
`2762`	`2762`
`2763`		`-impl Readable for Init {`
`2764`		`- fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {`
	`2763`	`+impl LengthReadable for Init {`
	`2764`	`+ fn read_from_fixed_length_buffer<R: LengthLimitedRead>(r: &mut R) -> Result<Self, DecodeError> {`
`2765`	`2765`	`let global_features: InitFeatures = Readable::read(r)?;`
`2766`	`2766`	`let features: InitFeatures = Readable::read(r)?;`
`2767`	`2767`	`let mut remote_network_address: Option<SocketAddress> = None;`
`@@ -2806,8 +2806,8 @@ impl Writeable for OpenChannel {`
`2806`	`2806`	`}`
`2807`	`2807`	`}`
`2808`	`2808`
`2809`		`-impl Readable for OpenChannel {`
`2810`		`- fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {`
	`2809`	`+impl LengthReadable for OpenChannel {`
	`2810`	`+ fn read_from_fixed_length_buffer<R: LengthLimitedRead>(r: &mut R) -> Result<Self, DecodeError> {`
`2811`	`2811`	`let chain_hash: ChainHash = Readable::read(r)?;`
`2812`	`2812`	`let temporary_channel_id: ChannelId = Readable::read(r)?;`
`2813`	`2813`	`let funding_satoshis: u64 = Readable::read(r)?;`
`@@ -2890,8 +2890,8 @@ impl Writeable for OpenChannelV2 {`
`2890`	`2890`	`}`
`2891`	`2891`	`}`
`2892`	`2892`
`2893`		`-impl Readable for OpenChannelV2 {`
`2894`		`- fn read<R: Read>(r: &mut R) -> Result<Self, DecodeError> {`
	`2893`	`+impl LengthReadable for OpenChannelV2 {`
	`2894`	`+ fn read_from_fixed_length_buffer<R: LengthLimitedRead>(r: &mut R) -> Result<Self, DecodeError> {`
`2895`	`2895`	`let chain_hash: ChainHash = Readable::read(r)?;`
`2896`	`2896`	`let temporary_channel_id: ChannelId = Readable::read(r)?;`
`2897`	`2897`	`let funding_feerate_sat_per_1000_weight: u32 = Readable::read(r)?;`
Original file line number	Diff line number	Diff line change
`@@ -86,7 +86,8 @@ use crate::onion_message::dns_resolution::HumanReadableName;`
`86`	`86`	`use crate::types::features::InvoiceRequestFeatures;`
`87`	`87`	`use crate::types::payment::PaymentHash;`
`88`	`88`	`use crate::util::ser::{`
`89`		`- CursorReadable, HighZeroBytesDroppedBigSize, Readable, WithoutLength, Writeable, Writer,`
	`89`	`+ CursorReadable, HighZeroBytesDroppedBigSize, LengthLimitedRead, LengthReadable, Readable,`
	`90`	`+ WithoutLength, Writeable, Writer,`
`90`	`91`	`};`
`91`	`92`	`use crate::util::string::{PrintableString, UntrustedString};`
`92`	`93`	`use bitcoin::constants::ChainHash;`
`@@ -1119,9 +1120,9 @@ impl Writeable for InvoiceRequestContents {`
`1119`	`1120`	`}`
`1120`	`1121`	`}`
`1121`	`1122`
`1122`		`-impl Readable for InvoiceRequest {`
`1123`		`- fn read<R: io::Read>(reader: &mut R) -> Result<Self, DecodeError> {`
`1124`		`- let bytes: WithoutLength<Vec<u8>> = Readable::read(reader)?;`
	`1123`	`+impl LengthReadable for InvoiceRequest {`
	`1124`	`+ fn read_from_fixed_length_buffer<R: LengthLimitedRead>(r: &mut R) -> Result<Self, DecodeError> {`
	`1125`	`+ let bytes: WithoutLength<Vec<u8>> = Readable::read(r)?;`
`1125`	`1126`	`Self::try_from(bytes.0).map_err(\|_\| DecodeError::InvalidValue)`
`1126`	`1127`	`}`
`1127`	`1128`	`}`