offer: fix path validation to only require non-empty paths when issuer_id is missing#4018
Merged
TheBlueMatt merged 1 commit intolightningdevkit:mainfrom Aug 18, 2025
Merged
Conversation
|
👋 Thanks for assigning @jkczyz as a reviewer! |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #4018 +/- ##
==========================================
+ Coverage 88.84% 88.86% +0.02%
==========================================
Files 175 175
Lines 127723 127725 +2
Branches 127723 127725 +2
==========================================
+ Hits 113472 113501 +29
+ Misses 11686 11662 -24
+ Partials 2565 2562 -3
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
…r_id is missing When an offer has an issuer_id, empty paths should be allowed since the issuer_id can be used for signing. Only when issuer_id is None should we require non-empty paths to extract the blinded node ID for signing.
6de2c90 to
5314ebb
Compare
jkczyz
reviewed
Aug 18, 2025
Comment on lines
2005
to
2007
| let mut builder = OfferBuilder::new(pubkey(42)); | ||
| builder.offer.issuer_signing_pubkey = None; | ||
| builder.offer.paths = Some(vec![]); |
Contributor
There was a problem hiding this comment.
Could you add a case that shows we can accept empty paths as long as the issuer id is set?
Contributor
Author
There was a problem hiding this comment.
Yes, I will open a follow-up PR!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When an offer has an
issuer_id, empty paths should be allowed since theissuer_idcan be used for signing. Only whenissuer_idisNoneshould we require non-empty paths to extract the blinded node ID for signing.Find through differential fuzzing where c-lightning is accepting an offer with empty
offer_pathsand withissuer_idwhile rust-lightning is rejecting it, even though it's a valid offer.offer:
lno1zqqpyqtezcss8qpgggggggggggggggwjqgll03wgqgll03wgggg8ylllpgpqppqqq