fix: V-001 security vulnerability

Automated security fix generated by Orbis Security AI
2026-06-08 07:58:40 +00:00 · 2026-04-30 13:45:43 +00:00 · 2026-04-30 13:45:43 +00:00 · bfc01a1a61
commit bfc01a1a61
parent 01036bed83
1 changed files with 2 additions and 2 deletions
--- a/crypto/secp256k1/libsecp256k1/contrib/lax_der_parsing.c
+++ b/crypto/secp256k1/libsecp256k1/contrib/lax_der_parsing.c
@ -120,7 +120,7 @@ int ecdsa_signature_parse_der_lax(const secp256k1_context* ctx, secp256k1_ecdsa_
    /* Copy R value */
    if (rlen > 32) {
        overflow = 1;
-    } else if (rlen) {
+    } else if (rlen > 0 && rlen <= 32) {
        memcpy(tmpsig + 32 - rlen, input + rpos, rlen);
    }

@ -132,7 +132,7 @@ int ecdsa_signature_parse_der_lax(const secp256k1_context* ctx, secp256k1_ecdsa_
    /* Copy S value */
    if (slen > 32) {
        overflow = 1;
-    } else if (slen) {
+    } else if (slen > 0 && slen <= 32) {
        memcpy(tmpsig + 64 - slen, input + spos, slen);
    }