From ef17e5bc26b0579c6a14e30bb0ca64b5e5f316db Mon Sep 17 00:00:00 2001
From: Jack Grigg <jack@z.cash>
Date: Sat, 19 May 2018 06:30:19 +1200
Subject: [PATCH] Reject encoded points with v not in the field

---
 sapling_jubjub.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sapling_jubjub.py b/sapling_jubjub.py
index 3a0a81a..4f0d579 100644
--- a/sapling_jubjub.py
+++ b/sapling_jubjub.py
@@ -148,6 +148,8 @@ class Point(object):
         u_sign = buf[31] >> 7
         buf = buf[:31] + bytes([buf[31] & 0b01111111])
         v = Fq.from_bytes(buf)
+        if bytes(v) != buf:
+            return None
 
         vv = v * v
         u2 = (vv - Fq.ONE) / (vv * JUBJUB_D - JUBJUB_A)