fixup: only apply DoS protections for state allocating operations.

martinsaposnic · martinsaposnic · commit 5148642b2645 · 2025-08-22T13:02:05.000-03:00
don't ignore all messages from the peer on lsps5. just the state allocating ones
diff --git a/lightning-liquidity/src/lsps5/msgs.rs b/lightning-liquidity/src/lsps5/msgs.rs
@@ -640,6 +640,12 @@ pub enum LSPS5Request {
 	RemoveWebhook(RemoveWebhookRequest),
 }
 
+impl LSPS5Request {
+    pub(crate) fn is_state_allocating(&self) -> bool {
+        matches!(self, LSPS5Request::SetWebhook(_))
+    }
+}
+
 /// An LSPS5 protocol response.
 #[derive(Clone, Debug, PartialEq, Eq)]
 pub enum LSPS5Response {
diff --git a/lightning-liquidity/src/manager.rs b/lightning-liquidity/src/manager.rs
@@ -565,36 +565,38 @@ where
 					},
 				}
 			},
-			LSPSMessage::LSPS5(msg @ LSPS5Message::Request(..)) => {
+			LSPSMessage::LSPS5(ref msg @ LSPS5Message::Request(_, ref req)) => {
 				match &self.lsps5_service_handler {
 					Some(lsps5_service_handler) => {
-						let lsps2_has_active_requests = self
-							.lsps2_service_handler
-							.as_ref()
-							.map_or(false, |h| h.has_active_requests(sender_node_id));
-						#[cfg(lsps1_service)]
-						let lsps1_has_active_requests = self
-							.lsps1_service_handler
-							.as_ref()
-							.map_or(false, |h| h.has_active_requests(sender_node_id));
-						#[cfg(not(lsps1_service))]
-						let lsps1_has_active_requests = false;
-
-						if !lsps5_service_handler.can_accept_request(
-							sender_node_id,
-							lsps2_has_active_requests,
-							lsps1_has_active_requests,
-						) {
-							return Err(LightningError {
-                                    err: format!(
-                                        "Rejecting LSPS5 request from {:?} without prior activity (requires open channel or active LSPS1 or LSPS2 flow)",
-                                        sender_node_id
-                                    ),
-                                    action: ErrorAction::IgnoreAndLog(Level::Debug),
-                                });
+						if req.is_state_allocating() {
+							let lsps2_has_active_requests = self
+								.lsps2_service_handler
+								.as_ref()
+								.map_or(false, |h| h.has_active_requests(sender_node_id));
+							#[cfg(lsps1_service)]
+							let lsps1_has_active_requests = self
+								.lsps1_service_handler
+								.as_ref()
+								.map_or(false, |h| h.has_active_requests(sender_node_id));
+							#[cfg(not(lsps1_service))]
+							let lsps1_has_active_requests = false;
+
+							if !lsps5_service_handler.can_accept_request(
+								sender_node_id,
+								lsps2_has_active_requests,
+								lsps1_has_active_requests,
+							) {
+								return Err(LightningError {
+										err: format!(
+											"Rejecting LSPS5 request from {:?} without prior activity (requires open channel or active LSPS1 or LSPS2 flow)",
+											sender_node_id
+										),
+										action: ErrorAction::IgnoreAndLog(Level::Debug),
+									});
+							}
 						}
 
-						lsps5_service_handler.handle_message(msg, sender_node_id)?;
+						lsps5_service_handler.handle_message(msg.clone(), sender_node_id)?;
 					},
 					None => {
 						return Err(LightningError { err: format!("Received LSPS5 request message without LSPS5 service handler configured. From node = {:?}", sender_node_id), action: ErrorAction::IgnoreAndLog(Level::Debug)});
