Skip to content

keysend: enforce BOLT11 description length limit#8535

Merged
rustyrussell merged 2 commits intoElementsProject:masterfrom
noblepayne:fix_keysend_large_tlv_sizes
Nov 13, 2025
Merged

keysend: enforce BOLT11 description length limit#8535
rustyrussell merged 2 commits intoElementsProject:masterfrom
noblepayne:fix_keysend_large_tlv_sizes

Conversation

@noblepayne
Copy link
Contributor

@noblepayne noblepayne commented Sep 5, 2025

The keysend plugin uses > 1023 as the cutoff for description length when inserting an invoice. This was inconsistent with lightnind/invoice.c, which enforces the BOLT11 description field limit defined in common/bolt11.h.

This patch switches to using BOLT11_FIELD_BYTE_LIMIT directly. As a result, keysend no longer fails on descriptions between 641–1023 bytes, which previously caused unexpected failures.

A new regression test (test_keysend_description_size_limit) exercises boundary cases just below, at, and above the limit.

Changelog-None

Checklist

Before submitting the PR, ensure the following tasks are completed. If an item is not applicable to your PR, please mark it as checked:

  • The changelog has been updated in the relevant commit(s) according to the guidelines.
  • Tests have been added or modified to reflect the changes.
  • Documentation has been reviewed and updated as needed.
  • Related issues have been listed and linked, including any that this PR closes.

noblepayne
noblepayne commented Sep 5, 2025
View reviewed changes
plugins/keysend.c Outdated
json_add_string(req->js, "description", desc);
/* Don't exceed max possible desc length! */
if (strlen(desc) > 1023)
if (strlen(desc) >= BOLT11_FIELD_BYTE_LIMIT)
Copy link
Contributor Author

@noblepayne noblepayne Sep 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be > or >=? lightningd/invoice.c uses >, however the BOLT11 spec says:

Note that the maximum length of a Tagged Field's data is constricted by the maximum value of data_length. This is 1023 x 5 bits, or 639 bytes.

In common/bolt11.c BOLT11_FIELD_BYTE_LIMIT has a value of 640.

Far from an expert here and appreciate any insight. Happy to update as needed.

Copy link
Contributor

@rustyrussell rustyrussell Oct 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, we should fix invoice.c too. Let me write a test.

@rustyrussell rustyrussell force-pushed the fix_keysend_large_tlv_sizes branch from 4a7cfe3 to 68241bf Compare October 1, 2025 23:54
@rustyrussell rustyrussell added this to the v25.12 milestone Oct 1, 2025
@rustyrussell rustyrussell added the Type::Bug An error, flaw, or fault that produces an incorrect or unexpected result label Oct 1, 2025
@rustyrussell
Copy link
Contributor

rustyrussell commented Oct 1, 2025

OK, I fixed the invoice 640-byte desc error you found! And I modified the Changelog-None to a proper changelog line for your fix.

Thanks!

@rustyrussell rustyrussell force-pushed the fix_keysend_large_tlv_sizes branch 3 times, most recently from f4eb101 to 5a35a72 Compare November 10, 2025 06:30
@rustyrussell rustyrussell enabled auto-merge (rebase) November 10, 2025 06:30
@rustyrussell rustyrussell force-pushed the fix_keysend_large_tlv_sizes branch from 5a35a72 to cecf436 Compare November 10, 2025 06:41
noblepayne and others added 2 commits November 11, 2025 09:59
@noblepayne @rustyrussell
keysend: enforce BOLT11 description length limit
0158f64 
The keysend plugin previously used `> 1023` as the cutoff for
description length when inserting an invoice. This was
inconsistent with invoice.c, which enforces the BOLT11 description
field limit defined in `common/bolt11.h`.

This patch switches to using `BOLT11_FIELD_BYTE_LIMIT` directly.
As a result, keysend no longer fails on descriptions between
641–1023 bytes, which previously caused unexpected failures.

A new regression test (`test_keysend_description_size_limit`)
exercises boundary cases just below, at, and above the limit.

Changelog-Fixed: Protocol: `keysend` with descriptions of length 640-1023 bytes fixed.
Signed-off-by: Wes Payne <[email protected]>
@rustyrussell
lightningd: don't allow invoices with 640 byte descriptions.
dbe99aa 
They are invalid!  This is because our BOLT11_FIELD_BYTE_LIMIT is not the limit,
it's one greater than the limit.

Reported-by: https://github.com/noblepayne
Signed-off-by: Rusty Russell <[email protected]>
Changelog-Fixed: JSON-RPC: `invoice` no longer accepts 640-byte descriptions (it would produce malformed invoices).
@rustyrussell rustyrussell force-pushed the fix_keysend_large_tlv_sizes branch from cecf436 to dbe99aa Compare November 10, 2025 23:29
@rustyrussell rustyrussell merged commit b05dbef into ElementsProject:master Nov 13, 2025
34 of 39 checks passed
@noblepayne noblepayne deleted the fix_keysend_large_tlv_sizes branch December 21, 2025 20:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rustyrussell rustyrussell rustyrussell left review comments

Assignees

No one assigned

Labels

Type::Bug An error, flaw, or fault that produces an incorrect or unexpected result

Projects

None yet

Milestone

v25.12

Development

Successfully merging this pull request may close these issues.

2 participants

@noblepayne @rustyrussell