frost/secp256k1-zkp
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add check preventing integer multiplication wrapping around in scratch_max_allocation

Browse Source
This commit is contained in:
Jonas Nick 2019-07-12 09:56:56 +00:00
parent fa33017135
commit 4edaf06fb0
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/scratch_impl.h
View File

@ -60,6 +60,10 @@ static size_t secp256k1_scratch_max_allocation(const secp256k1_callback* error_c
secp256k1_callback_call(error_callback, "invalid scratch space"); secp256k1_callback_call(error_callback, "invalid scratch space");
return 0; return 0;
} }
/* Ensure that multiplication will not wrap around */
if (ALIGNMENT > 1 && objects > SIZE_MAX/(ALIGNMENT - 1)) {
return 0;
}
if (scratch->max_size - scratch->alloc_size <= objects * (ALIGNMENT - 1)) { if (scratch->max_size - scratch->alloc_size <= objects * (ALIGNMENT - 1)) {
return 0; return 0;
} }

8
src/tests.c
View File

@ -400,6 +400,14 @@ void run_scratch_tests(void) {
secp256k1_scratch_space_destroy(none, scratch); secp256k1_scratch_space_destroy(none, scratch);
CHECK(ecount == 5); CHECK(ecount == 5);
/* Test that large integers do not wrap around in a bad way */
scratch = secp256k1_scratch_space_create(none, 1000);
/* Try max allocation with a large number of objects. Only makes sense if
* ALIGNMENT is greater than 1 because otherwise the objects take no extra
* space. */
CHECK(ALIGNMENT <= 1 || !secp256k1_scratch_max_allocation(&none->error_callback, scratch, (SIZE_MAX / (ALIGNMENT - 1)) + 1));
secp256k1_scratch_space_destroy(none, scratch);
/* cleanup */ /* cleanup */
secp256k1_scratch_space_destroy(none, NULL); /* no-op */ secp256k1_scratch_space_destroy(none, NULL); /* no-op */
secp256k1_context_destroy(none); secp256k1_context_destroy(none);