fix(bolt12): Add ASCII validation for offer currency field

erickcestari · erickcestari · commit 91e633ab750c · 2025-05-31T12:03:43.000-03:00
Validate that offer_currency contains valid ASCII bytes as required by
BOLT12 specification. ISO 4217 currency codes must be valid 3-letter
ASCII strings, which are a subset of UTF-8.
diff --git a/lightning/src/offers/offer.rs b/lightning/src/offers/offer.rs
@@ -1216,6 +1216,15 @@ impl TryFrom<FullOfferTlvStream> for OfferContents {
 			return Err(Bolt12SemanticError::MissingDescription);
 		}
 
+		if let Some(currency_bytes) = currency {
+			let currency_str = core::str::from_utf8(&currency_bytes)
+				.map_err(|_| Bolt12SemanticError::InvalidCurrencyCode)?;
+
+			if !currency_str.chars().all(|c| c.is_ascii_uppercase()) {
+				return Err(Bolt12SemanticError::InvalidCurrencyCode);
+			}
+		}
+
 		let features = features.unwrap_or_else(OfferFeatures::empty);
 
 		let absolute_expiry =
@@ -1820,6 +1829,36 @@ mod tests {
 				Bolt12ParseError::InvalidSemantics(Bolt12SemanticError::InvalidAmount)
 			),
 		}
+
+		let mut tlv_stream = offer.as_tlv_stream();
+		tlv_stream.0.amount = Some(1000);
+		tlv_stream.0.currency = Some(b"\xFF\xFE\xFD"); // invalid UTF-8 bytes
+
+		let mut encoded_offer = Vec::new();
+		tlv_stream.write(&mut encoded_offer).unwrap();
+
+		match Offer::try_from(encoded_offer) {
+			Ok(_) => panic!("expected error"),
+			Err(e) => assert_eq!(
+				e,
+				Bolt12ParseError::InvalidSemantics(Bolt12SemanticError::InvalidCurrencyCode)
+			),
+		}
+
+		let mut tlv_stream = offer.as_tlv_stream();
+		tlv_stream.0.amount = Some(1000);
+		tlv_stream.0.currency = Some(b"usd"); // invalid ISO 4217 code
+
+		let mut encoded_offer = Vec::new();
+		tlv_stream.write(&mut encoded_offer).unwrap();
+
+		match Offer::try_from(encoded_offer) {
+			Ok(_) => panic!("expected error"),
+			Err(e) => assert_eq!(
+				e,
+				Bolt12ParseError::InvalidSemantics(Bolt12SemanticError::InvalidCurrencyCode)
+			),
+		}
 	}
 
 	#[test]
diff --git a/lightning/src/offers/parse.rs b/lightning/src/offers/parse.rs
@@ -149,6 +149,8 @@ pub enum Bolt12SemanticError {
 	MissingAmount,
 	/// The amount exceeded the total bitcoin supply or didn't match an expected amount.
 	InvalidAmount,
+	/// The currency code did not contain valid ASCII uppercase letters.
+	InvalidCurrencyCode,
 	/// An amount was provided but was not sufficient in value.
 	InsufficientAmount,
 	/// An amount was provided but was not expected.
