df-spec: limit allowable inputs/outputs to 252

The maximum inputs and outputs are capped at 252. This effectively fixes the byte size of the input and output counts on the transaction to one (1).
ElementsProject · Mar 9, 2021 · bfa5db7 · bfa5db7
1 parent 26e4bae
commit bfa5db7
Showing 1 changed file with 35 additions and 6 deletions.
diff --git a/openingd/dualopend.c b/openingd/dualopend.c
@@ -74,15 +74,21 @@ enum tx_msgs {
 
 /*
  * BOLT-f53ca2301232db780843e894f55d95d512f297f9 #2:
- * The receiving node:
- *  ...
- *  - MUST fail the negotiation if: ...
- *    - if has received 4096 `tx_add_input` messages during this negotiation
- *     ...
- *    - it has received 4096 `tx_add_output` messages during this negotiation
+ * The maximum inputs and outputs are capped at 252. This effectively fixes
+ * the byte size of the input and output counts on the transaction to one (1).
  */
 #define MAX_TX_MSG_RCVD (1 << 12)
 
+/*
+ * BOLT-f53ca2301232db780843e894f55d95d512f297f9 #2:
+ * The receiving node: ...
+ * - MUST fail the negotiation if: ...
+ *  - there are more than 252 inputs
+ *  - there are more than 252 outputs
+ */
+#define MAX_FUNDING_INPUTS 252
+#define MAX_FUNDING_OUTPUTS 252
+
 /* State for a 'new' funding transaction. There should be one
  * for every new funding transaction attempt */
 struct tx_state {
@@ -560,6 +566,29 @@ static char *check_balances(const tal_t *ctx,
 				    &state->our_funding_pubkey,
 				    &state->their_funding_pubkey);
 
+	/*
+	 * BOLT-f53ca2301232db780843e894f55d95d512f297f9 #2:
+	 * The receiving node: ...
+	 * - MUST fail the negotiation if: ...
+	 *  - there are more than 252 inputs
+	 */
+	if (tx_state->psbt->num_inputs > MAX_FUNDING_INPUTS)
+		negotiation_failed(state, "Too many inputs. Have %zu,"
+				   " Max allowed %zu",
+				   tx_state->psbt->num_inputs,
+				   MAX_FUNDING_INPUTS);
+	/*
+	 * BOLT-f53ca2301232db780843e894f55d95d512f297f9 #2:
+	 * The receiving node: ...
+	 * - MUST fail the negotiation if: ...
+	 *  - there are more than 252 outputs
+	 */
+	if (tx_state->psbt->num_outputs > MAX_FUNDING_OUTPUTS)
+		negotiation_failed(state, "Too many inputs. Have %zu,"
+				   " Max allowed %zu",
+				   tx_state->psbt->num_outputs,
+				   MAX_FUNDING_OUTPUTS);
+
 	/* Find funding output, check balance */
 	if (find_txout(psbt,
 		       scriptpubkey_p2wsh(tmpctx, funding_wscript),