bindings/rust/src/lib.rs: check input length in SecretKey::deserialize.

(Reported by NCC Group)
supranational · Oct 25, 2020 · aae0c7d · aae0c7d
1 parent 2c8038d
commit aae0c7d
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/bindings/rust/src/lib.rs b/bindings/rust/src/lib.rs
@@ -374,6 +374,9 @@ macro_rules! sig_variant_impl {
             // deserialize
             pub fn deserialize(sk_in: &[u8]) -> Result<Self, BLST_ERROR> {
                 let mut sk = blst_scalar::default();
+                if sk_in.len() != 32 {
+                    return Err(BLST_ERROR::BLST_BAD_ENCODING);
+                }
                 unsafe {
                     blst_scalar_from_bendian(&mut sk, sk_in.as_ptr());
                     if !blst_scalar_fr_check(&sk) {