fix: harden input validation and fix race conditions

[kwsantiago]

Summary by CodeRabbit

• Bug Fixes
  • Enhanced validation of cryptographic data and input handling to detect and reject malformed inputs
  • Added safety checks for null inputs and buffer length constraints
  • Implemented guards against overflow conditions in payload processing
  • Improved error detection and reporting for invalid data states

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This PR adds defensive input validation and safety bounds checking across multiple cryptographic and message parsing modules, including null-safety for path handling, hex conversion validation with length verification, buffer overflow guards, and synchronized mutex initialization for ESP32 platforms.

Changes

Cohort / File(s)	Summary
Path & String Handling Safety main/error_context.c	Added null-check in path_basename to safely return empty string for NULL input; reworked basename extraction with dedicated pointer to detect last path separator.
Thread Safety Enhancement main/frost_crypto_ops.c	Introduced static mutex initialization for ESP_PLATFORM builds with double-checked spinlock pattern; replaces previous single-checked dynamic initialization using xSemaphoreCreateMutexStatic and lazy-init flag.
DKG Protocol Input Validation main/frost_dkg.c	Added strict hex parsing validation with length checks in dkg_round1_peer for coefficient, zkp_r, and zkp_z inputs; added precondition check for our_index range in dkg_finalize; all new error paths include cleanup and early returns.
Event & Message Parsing Hardening main/nostr_frost_dkg_events.c, main/nostr_frost_sign.c	Enforced INT_MAX clamping for JSON max_len; added hex_to_bytes validation in DKG event parsers (pubkey, coefficients, zkp components, shares); added overflow guard for payload hex length in sign parser; all validation failures trigger buffer zeroing or resource cleanup.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• fix: memory issues #109 — Overlapping defensive changes to the same modules with hex_to_bytes length checks and tighter parsing error paths in DKG and nostr sign/dkg functions.
• Refactor: split large files, add shared hex_utils #45 — Related refactor that introduced hex_utils infrastructure (hex_to_bytes/bytes_to_hex) underlying these validation additions in nostr_frost_* modules.

Poem

🐰 With whiskers twitching, I inspect each line,
Where null-checks guard and bounds align,
No hex shall pass without a second thought,
Safe paths and mutexes, so dearly sought!
From ESP to frost, the rabbit's seal,
Defensive coding makes the system real. ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix: harden input validation and fix race conditions' accurately reflects the main changes: comprehensive input validation hardening across multiple files (error_context.c, frost_dkg.c, nostr_frost_dkg_events.c, nostr_frost_sign.c) and a race condition fix via double-checked locking in frost_crypto_ops.c.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}