From 6b5bbf62a8c6b3e4cc0f5e8da685d68f42aa9efb Mon Sep 17 00:00:00 2001
From: yeastplume <yeastplume@protonmail.com>
Date: Mon, 24 Dec 2018 09:05:15 +0000
Subject: [PATCH] updates from audit

---
 src/modules/aggsig/main_impl.h       | 8 +++++++-
 src/modules/bulletproofs/main_impl.h | 7 +++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/modules/aggsig/main_impl.h b/src/modules/aggsig/main_impl.h
index 7ffe23e..08694ea 100644
--- a/src/modules/aggsig/main_impl.h
+++ b/src/modules/aggsig/main_impl.h
@@ -220,6 +220,7 @@ int secp256k1_aggsig_sign_single(const secp256k1_context* ctx,
     ARG_CHECK(sig64 != NULL);
     ARG_CHECK(msg32 != NULL);
     ARG_CHECK(seckey32 != NULL);
+    ARG_CHECK(seed != NULL);
 
     /* generate nonce if needed */
     if (secnonce32==NULL){
@@ -401,6 +402,7 @@ int secp256k1_aggsig_add_signatures_single(const secp256k1_context* ctx,
     VERIFY_CHECK(ctx != NULL);
     ARG_CHECK(sig64 != NULL);
     ARG_CHECK(sigs != NULL);
+    for (i=0;i<num_sigs;i++) ARG_CHECK(sigs[i] != NULL);
     ARG_CHECK(pubnonce_total != NULL);
     (void) ctx;
 
@@ -568,8 +570,13 @@ int secp256k1_aggsig_verify_single(
     cbdata.single_hash = sighash;
 
     scratch = secp256k1_scratch_space_create(ctx, 1024*4096);
+    if (scratch == NULL){
+        return 0;
+    }
+    
     /* Compute sG - eP, which should be R */
     if (!secp256k1_ecmult_multi_var(&ctx->ecmult_ctx, scratch, &pk_sum, &g_sc, secp256k1_aggsig_verify_callback_single, &cbdata, 1)) {
+        secp256k1_scratch_space_destroy(scratch);
         return 0;
     }
 
@@ -603,7 +610,6 @@ void secp256k1_aggsig_context_destroy(secp256k1_aggsig_context *aggctx) {
     free(aggctx->pubkeys);
     free(aggctx->secnonce);
     free(aggctx->progress);
-    secp256k1_rfc6979_hmac_sha256_finalize(&aggctx->rng);
     free(aggctx);
 }
 
diff --git a/src/modules/bulletproofs/main_impl.h b/src/modules/bulletproofs/main_impl.h
index a8f5964..4d38df2 100644
--- a/src/modules/bulletproofs/main_impl.h
+++ b/src/modules/bulletproofs/main_impl.h
@@ -237,6 +237,7 @@ int secp256k1_bulletproof_rangeproof_prove(
         int overflow;
         secp256k1_scalar_set_b32(&blinds[i], blind[i], &overflow);
         if (overflow || secp256k1_scalar_is_zero(&blinds[i])) {
+            secp256k1_scratch_deallocate_frame(scratch);
             return 0;
         }
         
@@ -261,11 +262,17 @@ int secp256k1_bulletproof_rangeproof_prove(
 
     if (t_one != NULL) {
         tge = malloc(2*sizeof(secp256k1_ge));
+        if (tge == NULL){
+            secp256k1_scratch_deallocate_frame(scratch);
+            return 0;
+        }
         if (tau_x != NULL) {
             if (!secp256k1_pubkey_load(ctx, &tge[0], t_one)) {
+                secp256k1_scratch_deallocate_frame(scratch);
                 return 0;
             }
             if (!secp256k1_pubkey_load(ctx, &tge[1], t_two)) {
+                secp256k1_scratch_deallocate_frame(scratch);
                 return 0;
             }
         }