fixup: only apply DoS protections for state allocating operations.

martinsaposnic · martinsaposnic · commit e9e2add74a95 · 2025-08-22T13:08:48.000-03:00
don't ignore all messages from the peer on lsps5. just the state allocating ones
diff --git a/lightning-liquidity/src/lsps5/msgs.rs b/lightning-liquidity/src/lsps5/msgs.rs
@@ -640,6 +640,12 @@ pub enum LSPS5Request {
 	RemoveWebhook(RemoveWebhookRequest),
 }
 
+impl LSPS5Request {
+	pub(crate) fn is_state_allocating(&self) -> bool {
+		matches!(self, LSPS5Request::SetWebhook(_))
+	}
+}
+
 /// An LSPS5 protocol response.
 #[derive(Clone, Debug, PartialEq, Eq)]
 pub enum LSPS5Response {
diff --git a/lightning-liquidity/src/manager.rs b/lightning-liquidity/src/manager.rs
@@ -568,30 +568,34 @@ where
 			LSPSMessage::LSPS5(msg @ LSPS5Message::Request(..)) => {
 				match &self.lsps5_service_handler {
 					Some(lsps5_service_handler) => {
-						let lsps2_has_active_requests = self
-							.lsps2_service_handler
-							.as_ref()
-							.map_or(false, |h| h.has_active_requests(sender_node_id));
-						#[cfg(lsps1_service)]
-						let lsps1_has_active_requests = self
-							.lsps1_service_handler
-							.as_ref()
-							.map_or(false, |h| h.has_active_requests(sender_node_id));
-						#[cfg(not(lsps1_service))]
-						let lsps1_has_active_requests = false;
-
-						if !lsps5_service_handler.can_accept_request(
-							sender_node_id,
-							lsps2_has_active_requests,
-							lsps1_has_active_requests,
-						) {
-							return Err(LightningError {
-                                    err: format!(
-                                        "Rejecting LSPS5 request from {:?} without prior activity (requires open channel or active LSPS1 or LSPS2 flow)",
-                                        sender_node_id
-                                    ),
-                                    action: ErrorAction::IgnoreAndLog(Level::Debug),
-                                });
+						if let LSPS5Message::Request(_, ref req) = msg {
+							if req.is_state_allocating() {
+								let lsps2_has_active_requests = self
+									.lsps2_service_handler
+									.as_ref()
+									.map_or(false, |h| h.has_active_requests(sender_node_id));
+								#[cfg(lsps1_service)]
+								let lsps1_has_active_requests = self
+									.lsps1_service_handler
+									.as_ref()
+									.map_or(false, |h| h.has_active_requests(sender_node_id));
+								#[cfg(not(lsps1_service))]
+								let lsps1_has_active_requests = false;
+
+								if !lsps5_service_handler.can_accept_request(
+									sender_node_id,
+									lsps2_has_active_requests,
+									lsps1_has_active_requests,
+								) {
+									return Err(LightningError {
+										err: format!(
+											"Rejecting LSPS5 request from {:?} without prior activity (requires open channel or active LSPS1 or LSPS2 flow)",
+											sender_node_id
+										),
+										action: ErrorAction::IgnoreAndLog(Level::Debug),
+									});
+								}
+							}
 						}
 
 						lsps5_service_handler.handle_message(msg, sender_node_id)?;
