mirror of
https://git.wownero.com/wownero/wownero.git
synced 2024-08-15 01:03:23 +00:00
Check inputs to addKeys are in range
Reported by QuarksLab.
This commit is contained in:
parent
fe0fa3b9c5
commit
a1359ad43c
2 changed files with 6 additions and 0 deletions
|
@ -1108,6 +1108,8 @@ namespace rct {
|
||||||
DP("C");
|
DP("C");
|
||||||
DP(C);
|
DP(C);
|
||||||
key Ctmp;
|
key Ctmp;
|
||||||
|
CHECK_AND_ASSERT_THROW_MES(sc_check(mask.bytes) == 0, "warning, bad ECDH mask");
|
||||||
|
CHECK_AND_ASSERT_THROW_MES(sc_check(amount.bytes) == 0, "warning, bad ECDH amount");
|
||||||
addKeys2(Ctmp, mask, amount, H);
|
addKeys2(Ctmp, mask, amount, H);
|
||||||
DP("Ctmp");
|
DP("Ctmp");
|
||||||
DP(Ctmp);
|
DP(Ctmp);
|
||||||
|
@ -1136,6 +1138,8 @@ namespace rct {
|
||||||
DP("C");
|
DP("C");
|
||||||
DP(C);
|
DP(C);
|
||||||
key Ctmp;
|
key Ctmp;
|
||||||
|
CHECK_AND_ASSERT_THROW_MES(sc_check(mask.bytes) == 0, "warning, bad ECDH mask");
|
||||||
|
CHECK_AND_ASSERT_THROW_MES(sc_check(amount.bytes) == 0, "warning, bad ECDH amount");
|
||||||
addKeys2(Ctmp, mask, amount, H);
|
addKeys2(Ctmp, mask, amount, H);
|
||||||
DP("Ctmp");
|
DP("Ctmp");
|
||||||
DP(Ctmp);
|
DP(Ctmp);
|
||||||
|
|
|
@ -9422,6 +9422,8 @@ void wallet2::check_tx_key_helper(const crypto::hash &txid, const crypto::key_de
|
||||||
hwdev.ecdhDecode(ecdh_info, rct::sk2rct(scalar1));
|
hwdev.ecdhDecode(ecdh_info, rct::sk2rct(scalar1));
|
||||||
const rct::key C = tx.rct_signatures.outPk[n].mask;
|
const rct::key C = tx.rct_signatures.outPk[n].mask;
|
||||||
rct::key Ctmp;
|
rct::key Ctmp;
|
||||||
|
THROW_WALLET_EXCEPTION_IF(sc_check(ecdh_info.mask.bytes) != 0, error::wallet_internal_error, "Bad ECDH input mask");
|
||||||
|
THROW_WALLET_EXCEPTION_IF(sc_check(ecdh_info.amount.bytes) != 0, error::wallet_internal_error, "Bad ECDH input amount");
|
||||||
rct::addKeys2(Ctmp, ecdh_info.mask, ecdh_info.amount, rct::H);
|
rct::addKeys2(Ctmp, ecdh_info.mask, ecdh_info.amount, rct::H);
|
||||||
if (rct::equalKeys(C, Ctmp))
|
if (rct::equalKeys(C, Ctmp))
|
||||||
amount = rct::h2d(ecdh_info.amount);
|
amount = rct::h2d(ecdh_info.amount);
|
||||||
|
|
Loading…
Reference in a new issue