onion: Do not leak parsed TLV if it is invalid
We were freeing the payload but not the TLV from which we extracted the payload.
This commit is contained in:
parent
9529529815
commit
0ba6aba7d1
|
@ -243,9 +243,11 @@ struct onion_payload *onion_decode(const tal_t *ctx,
|
|||
case ONION_TLV_PAYLOAD:
|
||||
tlv = tlv_tlv_payload_new(p);
|
||||
if (!fromwire_tlv_payload(&cursor, &max, tlv))
|
||||
return tal_free(p);
|
||||
if (!tlv_payload_is_valid(tlv, NULL))
|
||||
return tal_free(p);
|
||||
goto fail;
|
||||
|
||||
if (!tlv_payload_is_valid(tlv, failtlvpos))
|
||||
goto fail;
|
||||
|
||||
|
||||
/* BOLT #4:
|
||||
*
|
||||
|
@ -254,7 +256,7 @@ struct onion_payload *onion_decode(const tal_t *ctx,
|
|||
* `outgoing_cltv_value` are not present.
|
||||
*/
|
||||
if (!tlv->amt_to_forward || !tlv->outgoing_cltv_value)
|
||||
return tal_free(p);
|
||||
goto fail;
|
||||
|
||||
amount_msat_from_u64(&p->amt_to_forward,
|
||||
tlv->amt_to_forward->amt_to_forward);
|
||||
|
@ -269,7 +271,7 @@ struct onion_payload *onion_decode(const tal_t *ctx,
|
|||
*/
|
||||
if (rs->nextcase == ONION_FORWARD) {
|
||||
if (!tlv->short_channel_id)
|
||||
return tal_free(p);
|
||||
goto fail;
|
||||
p->forward_channel = tal(p, struct short_channel_id);
|
||||
*p->forward_channel
|
||||
= tlv->short_channel_id->short_channel_id;
|
||||
|
@ -300,4 +302,8 @@ struct onion_payload *onion_decode(const tal_t *ctx,
|
|||
|
||||
/* You said it was a valid type! */
|
||||
abort();
|
||||
fail:
|
||||
tal_free(tlv);
|
||||
tal_free(p);
|
||||
return NULL;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue