From: Mark Wooding <mdw@distorted.org.uk>
Date: Thu, 21 Nov 2019 19:53:22 +0000 (+0000)
Subject: buffer.c, ec.c: Fix required size for EC `buffer' encoding.
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/catacomb-python/commitdiff_plain/f52568b48a26bce7f62c3c03402e9f705f16332b

buffer.c, ec.c: Fix required size for EC `buffer' encoding.

The problem is zero coordinates: the point at infinity is encoded as a
zero length word, so zero coordinates must be encoded as a single zero
byte, preceded by a length word of 1 -- which overruns the output buffer
provided, unless we take special care, which we haven't.
---

diff --git a/buffer.c b/buffer.c
index b15a245..ac3e56b 100644
--- a/buffer.c
+++ b/buffer.c
@@ -446,8 +446,7 @@ static PyObject *wbmeth_putecpt(PyObject *me, PyObject *arg)
 {
   ec pt = EC_INIT;
   if (!PyArg_ParseTuple(arg, "O&:putecpt", convecpt, &pt)) return (0);
-  if (EC_ATINF(&pt)) ensure(me, 2);
-  else ensure(me, 4 + mp_octets(pt.x) + mp_octets(pt.y));
+  ensure(me, EC_ATINF(&pt) ? 2 : 6 + mp_octets(pt.x) + mp_octets(pt.y));
   buf_putec(BUF_B(me), &pt); assert(BOK(BUF_B(me)));
   EC_DESTROY(&pt);
   RETURN_ME;
diff --git a/ec.c b/ec.c
index 30dc50c..ef5d855 100644
--- a/ec.c
+++ b/ec.c
@@ -252,7 +252,7 @@ static PyObject *epmeth_tobuf(PyObject *me, PyObject *arg)
   if (EC_ATINF(&p))
     n = 2;
   else
-    n = mp_octets(p.x) + mp_octets(p.y) + 4;
+    n = mp_octets(p.x) + mp_octets(p.y) + 6;
   rc = bytestring_pywrap(0, n);
   buf_init(&b, PyString_AS_STRING(rc), n);
   buf_putec(&b, &p);