Check for overflows when order is added at recovery

2025-07-09 01:40:27 +02:00 · 2013-11-07 20:25:03 +01:00
parent 32b60cb5fb
commit ad52495d72
1 changed files with 4 additions and 1 deletions
--- a/src/impl/ecdsa.h
+++ b/src/impl/ecdsa.h
@ -123,8 +123,11 @@ int static secp256k1_ecdsa_sig_recover(const secp256k1_ecdsa_sig_t *sig, secp256
    secp256k1_num_t rx;
    secp256k1_num_init(&rx);
    secp256k1_num_copy(&rx, &sig->r);
-    if (recid & 2)
+    if (recid & 2) {
        secp256k1_num_add(&rx, &rx, &c->order);
+        if (secp256k1_num_cmp(&rx, &secp256k1_fe_consts->p) >= 0)
+            return 0;
+    }
    unsigned char brx[32];
    secp256k1_num_get_bin(brx, 32, &rx);
    secp256k1_num_free(&rx);