Skip to content

Commit e9e2add

Browse files
fixup: only apply DoS protections for state allocating operations.
don't ignore all messages from the peer on lsps5. just the state allocating ones
1 parent 4c1b4a1 commit e9e2add

File tree

2 files changed

+34
-24
lines changed

2 files changed

+34
-24
lines changed

lightning-liquidity/src/lsps5/msgs.rs

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -640,6 +640,12 @@ pub enum LSPS5Request {
640640
RemoveWebhook(RemoveWebhookRequest),
641641
}
642642

643+
impl LSPS5Request {
644+
pub(crate) fn is_state_allocating(&self) -> bool {
645+
matches!(self, LSPS5Request::SetWebhook(_))
646+
}
647+
}
648+
643649
/// An LSPS5 protocol response.
644650
#[derive(Clone, Debug, PartialEq, Eq)]
645651
pub enum LSPS5Response {

lightning-liquidity/src/manager.rs

Lines changed: 28 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -568,30 +568,34 @@ where
568568
LSPSMessage::LSPS5(msg @ LSPS5Message::Request(..)) => {
569569
match &self.lsps5_service_handler {
570570
Some(lsps5_service_handler) => {
571-
let lsps2_has_active_requests = self
572-
.lsps2_service_handler
573-
.as_ref()
574-
.map_or(false, |h| h.has_active_requests(sender_node_id));
575-
#[cfg(lsps1_service)]
576-
let lsps1_has_active_requests = self
577-
.lsps1_service_handler
578-
.as_ref()
579-
.map_or(false, |h| h.has_active_requests(sender_node_id));
580-
#[cfg(not(lsps1_service))]
581-
let lsps1_has_active_requests = false;
582-
583-
if !lsps5_service_handler.can_accept_request(
584-
sender_node_id,
585-
lsps2_has_active_requests,
586-
lsps1_has_active_requests,
587-
) {
588-
return Err(LightningError {
589-
err: format!(
590-
"Rejecting LSPS5 request from {:?} without prior activity (requires open channel or active LSPS1 or LSPS2 flow)",
591-
sender_node_id
592-
),
593-
action: ErrorAction::IgnoreAndLog(Level::Debug),
594-
});
571+
if let LSPS5Message::Request(_, ref req) = msg {
572+
if req.is_state_allocating() {
573+
let lsps2_has_active_requests = self
574+
.lsps2_service_handler
575+
.as_ref()
576+
.map_or(false, |h| h.has_active_requests(sender_node_id));
577+
#[cfg(lsps1_service)]
578+
let lsps1_has_active_requests = self
579+
.lsps1_service_handler
580+
.as_ref()
581+
.map_or(false, |h| h.has_active_requests(sender_node_id));
582+
#[cfg(not(lsps1_service))]
583+
let lsps1_has_active_requests = false;
584+
585+
if !lsps5_service_handler.can_accept_request(
586+
sender_node_id,
587+
lsps2_has_active_requests,
588+
lsps1_has_active_requests,
589+
) {
590+
return Err(LightningError {
591+
err: format!(
592+
"Rejecting LSPS5 request from {:?} without prior activity (requires open channel or active LSPS1 or LSPS2 flow)",
593+
sender_node_id
594+
),
595+
action: ErrorAction::IgnoreAndLog(Level::Debug),
596+
});
597+
}
598+
}
595599
}
596600

597601
lsps5_service_handler.handle_message(msg, sender_node_id)?;

0 commit comments

Comments
 (0)