X-Git-Url: https://git.distorted.org.uk/~mdw/catacomb/blobdiff_plain/6e088aad60fd1a7b16da1bb2be07f46fdbd55561..HEAD:/math/ec-raw.c

diff --git a/math/ec-raw.c b/math/ec-raw.c
index acee1b66..497e191b 100644
--- a/math/ec-raw.c
+++ b/math/ec-raw.c
@@ -54,6 +54,9 @@
  *		@EC_EXPLY@ is set, then an explicit %$y$%-coordinate is
  *		output in full.  Otherwise the %$y$%-coordinate is
  *		suppressed.
+ *
+ *		Returns failure (@-1@) if the flags are invalid, or if there
+ *		isn't enough space in the output buffer.
  */
 
 int ec_ec2osp(ec_curve *c, unsigned f, buf *b, const ec *p)
@@ -62,15 +65,22 @@ int ec_ec2osp(ec_curve *c, unsigned f, buf *b, const ec *p)
   size_t n;
   ec t = EC_INIT;
 
+  /* --- Check the requested flags for sanity --- */
+
+  if (!f) f = EC_XONLY;
+  if (f & ~((f & EC_XONLY) ? EC_XONLY :
+	    (f & EC_CMPR) ? (EC_CMPR | EC_EXPLY | EC_SORT) :
+	    (f & EC_EXPLY) ? EC_EXPLY :
+	    0u))
+    return (-1);
+
   /* --- Point at infinity --- */
 
   if (EC_ATINF(p)) return (buf_putbyte(b, 0));
 
   /* --- Fix up the format byte, compressing the %$y$%-coordinate --- */
 
-  if (!f)
-    f = EC_XONLY;
-  else if (f & EC_CMPR) {
+  if (f & EC_CMPR) {
     if (!(f & EC_SORT))
       f |= EC_COMPR(c, p) ? EC_YBIT : 0;
     else {