frost/secp256k1-zkp
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Avoid out-of-bound pointers and integer overflows in size comparisons

Browse Source 
This changes pointer calculations in size comparions to a form that
ensures that no out-of-bound pointers are computed, because even their
computation yields undefined behavior.
Also, this changes size comparions to a form that ensures that neither
the left-hand side nor the right-hand side can overflow.
This commit is contained in:
Tim Ruffing
2018-11-07 16:17:57 +01:00
parent 01ee1b3b3c
commit ec8f20babd
3 changed files with 7 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/ecdsa_impl.h
View File

@@ -157,12 +157,8 @@ static int secp256k1_ecdsa_sig_parse(secp256k1_scalar *rr, secp256k1_scalar *rs,
if (secp256k1_der_read_len(&rlen, &sig, sigend) == 0) {
return 0;
}
if (sig + rlen > sigend) {
/* Tuple exceeds bounds */
return 0;
}
if (sig + rlen != sigend) {
/* Garbage after tuple. */
if (rlen != (size_t)(sigend - sig)) {
/* Tuple exceeds bounds or garage after tuple. */
return 0;
}