From 70f512233cab8b102c567068c29e810f1c025dc3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Antonio=20Mej=C3=ADas=20Gil?= <anmegi.95@gmail.com>
Date: Fri, 14 Jun 2024 16:55:29 +0200
Subject: [PATCH] added length check; zip could open up vulnerabilities because
 it trims the larger input

Co-authored-by: Cesar Descalzo <cesar.descalzo2@gmail.com>
---
 poly-commit/src/linear_codes/mod.rs | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/poly-commit/src/linear_codes/mod.rs b/poly-commit/src/linear_codes/mod.rs
index 91181311..f710bc0f 100644
--- a/poly-commit/src/linear_codes/mod.rs
+++ b/poly-commit/src/linear_codes/mod.rs
@@ -392,6 +392,27 @@ where
         let two_to_one_hash_param: &<<C as Config>::TwoToOneHash as TwoToOneCRHScheme>::Parameters =
             vk.two_to_one_hash_param();
 
+        // We need to collect so that we can both check the lengths and iterate.
+        let commitments: Vec<&LabeledCommitment<Self::Commitment>> =
+            commitments.into_iter().collect();
+        let values: Vec<F> = values.into_iter().collect();
+
+        if commitments.len() != proof_array.len() {
+            return Err(Error::IncorrectInputLength(format!(
+                "commitments {}, but proof_array has length {}",
+                commitments.len(),
+                proof_array.len()
+            )));
+        }
+
+        if commitments.len() != values.len() {
+            return Err(Error::IncorrectInputLength(format!(
+                "commitments {}, but values has length {}",
+                commitments.len(),
+                values.len()
+            )));
+        }
+
         for (i, (labeled_commitment, value)) in commitments.into_iter().zip(values).enumerate() {
             let proof = &proof_array[i];
             let commitment = labeled_commitment.commitment();