1 files changed, 8 insertions, 1 deletions

diff --git a/src/main/java/org/gnunet/util/crypto/EcdsaSignature.java b/src/main/java/org/gnunet/util/crypto/EcdsaSignature.java
index 9e01a6f..28dfb3e 100644
--- a/src/main/java/org/gnunet/util/crypto/EcdsaSignature.java
+++ b/src/main/java/org/gnunet/util/crypto/EcdsaSignature.java
@@ -80,9 +80,16 @@ public class EcdsaSignature implements Message {
         HashCode h = HashCode.hash(m);
         BigInteger z = new BigInteger(1, h.data);
         BigInteger sCoeff = Ed25519.decodeScalar(s);
+
+        if (sCoeff.equals(BigInteger.ZERO) || sCoeff.compareTo(Ed25519.l) >= 0) {
+            return false;
+        }
+
         BigInteger rCoeff = Ed25519.decodeScalar(r);
+        if (rCoeff.equals(BigInteger.ZERO) || rCoeff.compareTo(Ed25519.l) >= 0) {
+            return false;
+        }
 
-        // FIXME: check range of s and r
         BigInteger w = sCoeff.modInverse(Ed25519.l);
         BigInteger u1 = z.multiply(w).mod(Ed25519.l);
         BigInteger u2 = rCoeff.multiply(w).mod(Ed25519.l);