CVE-2022-44797: wire: remove erroneous witness size check in wire parsing by Roasbeef · Pull Request #1896 · btcsuite/btcd

Conversation

In this commit, we fix a bug that would cause nodes to be unable to parse a given block from the wire. The block would be properly accepted if fed in via other mechanisms.

The issue here is that the old checks for the maximum witness size, circa segwit v0 where placed in the wire package _as well_ as the tx engine. This check should only be in the engine, since it’s properly gated by other related scrip validation flags.

The fix itself is simple: limit witnesses only based on the maximum block size in bytes, or ~4MB.

This was referenced

Oct 10, 2022

@@ -586,8 +587,9 @@ func (msg *MsgTx) BtcDecode(r io.Reader, pver uint32, enc MessageEncoding) error

// item itself.

txin.Witness = make([][]byte, witCount)

for j := uint64(0); j < witCount; j++ {

txin.Witness[j], err = readScript(r, pver,

maxWitnessItemSize, “script witness item”)

txin.Witness[j], err = readScript(

nepet added a commit to nepet/peerswap that referenced this pull request

Oct 10, 2022

We need a fast update to the newest lnd version as there was a security issue detected. lightningnetwork/lnd#7002

As the bug was part of the btcd dependencies the fix applied in btcsuite/btcd#1896 brings a long tail of dependency updates.

This commit updates the dependencies and adapts for all changes that are introduced by this new dependencies.

nepet mentioned this pull request

Oct 10, 2022