Severity: P3 (Medium), DoS via stack overflow

Summary

range_proof_pailler_quadratic_generate_basis() calls alloca(BN_num_bytes(d) + aad_len + constant) where d is deserialized from attacker-controlled proof BEFORE any validation. The sibling function generate_paillier_large_factors_quadratic_zkp_seed at line 1893 has if (d_size > 4096) return 0, but generate_basis has NO such guard.

Location

• File: src/common/crypto/zero_knowledge_proof/range_proofs.c, line 1700
• Call chain: verify() → deserialize() → generate_basis() → alloca(d_size+...) → BEFORE verify_setup() (primality check)

Remediation

if (d_size > 4096 || salted_msg_len > 8192) return 0;

Source · github.com/zionsworking/security-research-notebook · writeups/fireblocks/06-alloca-stack-overflow-range-proofs-P3.md