rangeproof: check that points deserialize correctly when verifying rangeproof

apoelstra · real-or-random · commit c50b21869888 · 2020-07-24T14:50:48.000+02:00
diff --git a/src/modules/rangeproof/rangeproof_impl.h b/src/modules/rangeproof/rangeproof_impl.h
@@ -609,8 +609,10 @@ SECP256K1_INLINE static int secp256k1_rangeproof_verify_impl(const secp256k1_ecm
     }
     for(i = 0; i < rings - 1; i++) {
         secp256k1_fe fe;
-        secp256k1_fe_set_b32(&fe, &proof[offset]);
-        secp256k1_ge_set_xquad(&c, &fe);
+        if (!secp256k1_fe_set_b32(&fe, &proof[offset]) ||
+            !secp256k1_ge_set_xquad(&c, &fe)) {
+            return 0;
+        }
         if (signs[i]) {
             secp256k1_ge_neg(&c, &c);
         }

Original file line number	Diff line number	Diff line change
`@@ -609,8 +609,10 @@ SECP256K1_INLINE static int secp256k1_rangeproof_verify_impl(const secp256k1_ecm`
`609`	`609`	`}`
`610`	`610`	`for(i = 0; i < rings - 1; i++) {`
`611`	`611`	`secp256k1_fe fe;`
`612`		`- secp256k1_fe_set_b32(&fe, &proof[offset]);`
`613`		`- secp256k1_ge_set_xquad(&c, &fe);`
	`612`	`+ if (!secp256k1_fe_set_b32(&fe, &proof[offset]) \|\|`
	`613`	`+ !secp256k1_ge_set_xquad(&c, &fe)) {`
	`614`	`+ return 0;`
	`615`	`+ }`
`614`	`616`	`if (signs[i]) {`
`615`	`617`	`secp256k1_ge_neg(&c, &c);`
`616`	`618`	`}`