ringct: error out when hashToPoint* returns the point at infinity

Reported by QuarksLab.
author: moneromooo-monero <moneromooo-monero@users.noreply.github.com> 2018-07-25 10:10:46 +0100
committer: moneromooo-monero <moneromooo-monero@users.noreply.github.com> 2018-09-11 13:38:16 +0000
commit: 7ed496cc780489f9bb8fe13c4d97885666e0dfaf (patch)
tree: 30a8184777b05cd0ab54739395bc957a74838ac1 /src/ringct/bulletproofs.cc
parent: cryptonote_basic: check output type before using it (diff)
download: monero-7ed496cc780489f9bb8fe13c4d97885666e0dfaf.tar.xz
1 files changed, 3 insertions, 1 deletions
diff --git a/src/ringct/bulletproofs.cc b/src/ringct/bulletproofs.cc
index 3f4a6fd10..2964fc469 100644
--- a/src/ringct/bulletproofs.cc
+++ b/src/ringct/bulletproofs.cc
@@ -130,7 +130,9 @@ static rct::key get_exponent(const rct::key &base, size_t idx)
 {
   static const std::string salt("bulletproof");
   std::string hashed = std::string((const char*)base.bytes, sizeof(base)) + salt + tools::get_varint_data(idx);
-  return rct::hashToPoint(rct::hash2rct(crypto::cn_fast_hash(hashed.data(), hashed.size())));
+  const rct::key e = rct::hashToPoint(rct::hash2rct(crypto::cn_fast_hash(hashed.data(), hashed.size())));
+  CHECK_AND_ASSERT_THROW_MES(!(e == rct::identity()), "Exponent is point at infinity");
+  return e;
 }
 
 static void init_exponents()
author	moneromooo-monero <moneromooo-monero@users.noreply.github.com>	2018-07-25 10:10:46 +0100
committer	moneromooo-monero <moneromooo-monero@users.noreply.github.com>	2018-09-11 13:38:16 +0000
commit	7ed496cc780489f9bb8fe13c4d97885666e0dfaf (patch)
tree	30a8184777b05cd0ab54739395bc957a74838ac1 /src/ringct/bulletproofs.cc
parent	cryptonote_basic: check output type before using it (diff)
download	monero-7ed496cc780489f9bb8fe13c4d97885666e0dfaf.tar.xz