secp256k1_rangeproof_genrand insufficient validation of signed argument #51
Description
The signed argument len of the secp256k1_rangeproof_genrand function must not be greater than 10 but its sign is not verified.. A negative len value will result in an unbounded copy operation to the rngseed buffer on the stack. Exploitable code paths were not identified.
See elements/src/secp256k1/src/modules/rangeproof/rangeproof_impl.h line 149 9d91a9f
secp256k1_rangeproof_genrand(secp256k1_scalar_t *sec, secp256k1_scalar_t *s,
unsigned char *message, int *rsizes, int rings, const unsigned char *nonce,
const unsigned char *commit, const unsigned char *proof, int len) {
unsigned char tmp[32];
unsigned char rngseed[32 + 33 + 10];
[...]
VERIFY_CHECK(len <= 10);
memcpy(rngseed, nonce, 32);
memcpy(rngseed + 32, commit, 33);
memcpy(rngseed + 65, proof, len);