From 7ed496cc780489f9bb8fe13c4d97885666e0dfaf Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Wed, 25 Jul 2018 10:10:46 +0100 Subject: [PATCH] ringct: error out when hashToPoint* returns the point at infinity Reported by QuarksLab. --- src/ringct/bulletproofs.cc | 4 +++- src/ringct/rctSigs.cpp | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/ringct/bulletproofs.cc b/src/ringct/bulletproofs.cc index 3f4a6fd10..2964fc469 100644 --- a/src/ringct/bulletproofs.cc +++ b/src/ringct/bulletproofs.cc @@ -130,7 +130,9 @@ static rct::key get_exponent(const rct::key &base, size_t idx) { static const std::string salt("bulletproof"); std::string hashed = std::string((const char*)base.bytes, sizeof(base)) + salt + tools::get_varint_data(idx); - return rct::hashToPoint(rct::hash2rct(crypto::cn_fast_hash(hashed.data(), hashed.size()))); + const rct::key e = rct::hashToPoint(rct::hash2rct(crypto::cn_fast_hash(hashed.data(), hashed.size()))); + CHECK_AND_ASSERT_THROW_MES(!(e == rct::identity()), "Exponent is point at infinity"); + return e; } static void init_exponents() diff --git a/src/ringct/rctSigs.cpp b/src/ringct/rctSigs.cpp index ae58ad12c..e98e62903 100644 --- a/src/ringct/rctSigs.cpp +++ b/src/ringct/rctSigs.cpp @@ -277,6 +277,7 @@ namespace rct { for (j = 0; j < dsRows; j++) { addKeys2(L, rv.ss[i][j], c_old, pk[i][j]); hashToPoint(Hi, pk[i][j]); + CHECK_AND_ASSERT_MES(!(Hi == rct::identity()), false, "Data hashed to point at infinity"); addKeys3(R, rv.ss[i][j], Hi, c_old, Ip[j].k); toHash[3 * j + 1] = pk[i][j]; toHash[3 * j + 2] = L;