Add extra check that all deserialization data is read #82
Comments
CjS77
pushed a commit
that referenced
this issue
Oct 20, 2023
Adds an extra check for unused deserialization data to ensure proof serialization is canonical. Removes redundant length checks. Currently, serialized proof data is read as [chunks](https://github.com/tari-project/bulletproofs-plus/blob/e01c380186111c1fbe3fba213d1b492beff11b9d/src/range_proof.rs#L1017-L1020) and [tuples](https://docs.rs/itertools/latest/itertools/trait.Itertools.html#method.tuples) for parsing purposes. Each of these functions can have leftover data. However, existing length checks ensure such conditions cannot occur. This PR replaces the length checks with a final check that there is no leftover data. This helps to assert that serialization is canonical and simplifies deserialization. Closes #82.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Serialized proof data is read as chunks to make parsing cleaner and safer. However, the function used can have leftover data that does not yield a full chunk. This should never occur because of earlier length checks, but a separate check should be added as an extra guard to ensure that serialized proofs are fully canonical.
The text was updated successfully, but these errors were encountered: