From adec5a16383f1704d80d7c767b2a65d9221cee08 Mon Sep 17 00:00:00 2001 From: Elichai Turkel Date: Thu, 30 Jul 2020 12:26:28 +0300 Subject: [PATCH] Add missing null check for ctx and input keys in the public API --- include/secp256k1.h | 2 +- include/secp256k1_preallocated.h | 2 +- src/modules/recovery/main_impl.h | 6 +++--- src/secp256k1.c | 2 ++ 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/include/secp256k1.h b/include/secp256k1.h index 26c19a6011770..576953f49d4aa 100644 --- a/include/secp256k1.h +++ b/include/secp256k1.h @@ -247,7 +247,7 @@ SECP256K1_API secp256k1_context* secp256k1_context_clone( */ SECP256K1_API void secp256k1_context_destroy( secp256k1_context* ctx -); +) SECP256K1_ARG_NONNULL(1); /** Set a callback function to be called when an illegal argument is passed to * an API call. It will only trigger for violations that are mentioned diff --git a/include/secp256k1_preallocated.h b/include/secp256k1_preallocated.h index 1ab8b7d6c7480..d2d9014f02881 100644 --- a/include/secp256k1_preallocated.h +++ b/include/secp256k1_preallocated.h @@ -119,7 +119,7 @@ SECP256K1_API secp256k1_context* secp256k1_context_preallocated_clone( */ SECP256K1_API void secp256k1_context_preallocated_destroy( secp256k1_context* ctx -); +) SECP256K1_ARG_NONNULL(1); #ifdef __cplusplus } diff --git a/src/modules/recovery/main_impl.h b/src/modules/recovery/main_impl.h index 9e19f2a2dc9c8..3f29570198cb5 100644 --- a/src/modules/recovery/main_impl.h +++ b/src/modules/recovery/main_impl.h @@ -40,7 +40,7 @@ int secp256k1_ecdsa_recoverable_signature_parse_compact(const secp256k1_context* int ret = 1; int overflow = 0; - (void)ctx; + VERIFY_CHECK(ctx != NULL); ARG_CHECK(sig != NULL); ARG_CHECK(input64 != NULL); ARG_CHECK(recid >= 0 && recid <= 3); @@ -60,7 +60,7 @@ int secp256k1_ecdsa_recoverable_signature_parse_compact(const secp256k1_context* int secp256k1_ecdsa_recoverable_signature_serialize_compact(const secp256k1_context* ctx, unsigned char *output64, int *recid, const secp256k1_ecdsa_recoverable_signature* sig) { secp256k1_scalar r, s; - (void)ctx; + VERIFY_CHECK(ctx != NULL); ARG_CHECK(output64 != NULL); ARG_CHECK(sig != NULL); ARG_CHECK(recid != NULL); @@ -75,7 +75,7 @@ int secp256k1_ecdsa_recoverable_signature_convert(const secp256k1_context* ctx, secp256k1_scalar r, s; int recid; - (void)ctx; + VERIFY_CHECK(ctx != NULL); ARG_CHECK(sig != NULL); ARG_CHECK(sigin != NULL); diff --git a/src/secp256k1.c b/src/secp256k1.c index 9908cab8642a5..adff3ae1be543 100644 --- a/src/secp256k1.c +++ b/src/secp256k1.c @@ -771,6 +771,7 @@ int secp256k1_ec_pubkey_combine(const secp256k1_context* ctx, secp256k1_pubkey * secp256k1_gej Qj; secp256k1_ge Q; + VERIFY_CHECK(ctx != NULL); ARG_CHECK(pubnonce != NULL); memset(pubnonce, 0, sizeof(*pubnonce)); ARG_CHECK(n >= 1); @@ -779,6 +780,7 @@ int secp256k1_ec_pubkey_combine(const secp256k1_context* ctx, secp256k1_pubkey * secp256k1_gej_set_infinity(&Qj); for (i = 0; i < n; i++) { + ARG_CHECK(pubnonces[i] != NULL); secp256k1_pubkey_load(ctx, &Q, pubnonces[i]); secp256k1_gej_add_ge(&Qj, &Qj, &Q); }