From 4417fb686d225370335450e0876fc2584bb4b8cb Mon Sep 17 00:00:00 2001
From: PM <3749956+CluEleSsUK@users.noreply.github.com>
Date: Wed, 21 Feb 2024 12:40:58 +0100
Subject: [PATCH] bounds check comparing polynomials (#56)

* bounds check when comparing polynomials
* added extra check of threshold
* fixing comment on PubPoly Equal being constant time

---------

Co-authored-by: Yolan Romailler <anomalroil@users.noreply.github.com>
---
 share/poly.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/share/poly.go b/share/poly.go
index a2a64eef7..43381a9c1 100644
--- a/share/poly.go
+++ b/share/poly.go
@@ -379,7 +379,7 @@ func (p *PubPoly) Add(q *PubPoly) (*PubPoly, error) {
 }
 
 // Equal checks equality of two public commitment polynomials p and q. If p and
-// q are trivially unequal (e.g., due to mismatching cryptographic groups),
+// q are trivially unequal (e.g., due to mismatching cryptographic groups, or threshold issues),
 // this routine returns in variable time. Otherwise it runs in constant time
 // regardless of whether it eventually returns true or false.
 func (p *PubPoly) Equal(q *PubPoly) bool {
@@ -387,6 +387,11 @@ func (p *PubPoly) Equal(q *PubPoly) bool {
 		return false
 	}
 	b := 1
+
+	if len(p.commits) < p.Threshold() || len(q.commits) < p.Threshold() || p.Threshold() != q.Threshold() {
+		return false
+	}
+
 	for i := 0; i < p.Threshold(); i++ {
 		pb, _ := p.commits[i].MarshalBinary()
 		qb, _ := q.commits[i].MarshalBinary()