f Upper-bound read channels/nodes, avoid u64/usize overflows

tnull · tnull · commit 01e163e7c364 · 2026-01-14T12:12:35.000+01:00
diff --git a/lightning/src/routing/gossip.rs b/lightning/src/routing/gossip.rs
@@ -1682,10 +1682,18 @@ where
 	fn read<R: io::Read>(reader: &mut R, logger: L) -> Result<NetworkGraph<L>, DecodeError> {
 		let _ver = read_ver_prefix!(reader, SERIALIZATION_VERSION);
 
+		const MAX_CHAN_COUNT_LIMIT: usize = 100_000_000;
+		const MAX_NODE_COUNT_LIMIT: usize = 10_000_000;
+
 		let chain_hash: ChainHash = Readable::read(reader)?;
 		let channels_count: u64 = Readable::read(reader)?;
 		// Pre-allocate 115% of the known channel count to avoid unnecessary reallocations.
-		let channels_map_capacity = (channels_count * 115 / 100) as usize;
+		let channels_map_capacity = (channels_count as u128 * 115 / 100)
+			.try_into()
+			.map_err(|_| DecodeError::InvalidValue)?;
+		if channels_map_capacity > MAX_CHAN_COUNT_LIMIT {
+			return Err(DecodeError::InvalidValue);
+		}
 		let mut channels = IndexedMap::with_capacity(channels_map_capacity);
 		for _ in 0..channels_count {
 			let chan_id: u64 = Readable::read(reader)?;
@@ -1699,7 +1707,11 @@ where
 			return Err(DecodeError::InvalidValue);
 		}
 		// Pre-allocate 115% of the known channel count to avoid unnecessary reallocations.
-		let nodes_map_capacity = (nodes_count * 115 / 100) as usize;
+		let nodes_map_capacity: usize =
+			(nodes_count as u128 * 115 / 100).try_into().map_err(|_| DecodeError::InvalidValue)?;
+		if nodes_map_capacity > MAX_NODE_COUNT_LIMIT {
+			return Err(DecodeError::InvalidValue);
+		}
 		let mut nodes = IndexedMap::with_capacity(nodes_map_capacity);
 		for i in 0..nodes_count {
 			let node_id = Readable::read(reader)?;
