From a374a522df6fcee357c9803c6765135ae60c1ba7 Mon Sep 17 00:00:00 2001
From: moneromooo-monero <moneromooo-monero@users.noreply.github.com>
Date: Tue, 21 Feb 2017 13:57:10 +0000
Subject: [PATCH 1/2] wallet2: check key image validity domain in
 import_key_images

---
 src/wallet/wallet2.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp
index 9069789c..d2f5bdb7 100644
--- a/src/wallet/wallet2.cpp
+++ b/src/wallet/wallet2.cpp
@@ -5274,6 +5274,10 @@ uint64_t wallet2::import_key_images(const std::vector<std::pair<crypto::key_imag
 
     std::vector<const crypto::public_key*> pkeys;
     pkeys.push_back(&pkey);
+    THROW_WALLET_EXCEPTION_IF(!(rct::scalarmultKey(rct::ki2rct(key_image), rct::curveOrder()) == rct::identity()),
+        error::wallet_internal_error, "Key image out of validity domain: input " + boost::lexical_cast<std::string>(n) + "/"
+        + boost::lexical_cast<std::string>(signed_key_images.size()) + ", key image " + epee::string_tools::pod_to_hex(key_image));
+
     THROW_WALLET_EXCEPTION_IF(!crypto::check_ring_signature((const crypto::hash&)key_image, key_image, pkeys, &signature),
         error::wallet_internal_error, "Signature check failed: input " + boost::lexical_cast<std::string>(n) + "/"
         + boost::lexical_cast<std::string>(signed_key_images.size()) + ", key image " + epee::string_tools::pod_to_hex(key_image)

From 89b2f3061b776fe65771ae5fa16298e60dafd66a Mon Sep 17 00:00:00 2001
From: moneromooo-monero <moneromooo-monero@users.noreply.github.com>
Date: Sun, 16 Apr 2017 15:07:55 +0100
Subject: [PATCH 2/2] tests: fix invalid key image test

It was using an invalid key image which wasn't in the key image
domain, so the transaction was rejected earlier than the test
was expecting
---
 tests/core_tests/tx_validation.cpp | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/tests/core_tests/tx_validation.cpp b/tests/core_tests/tx_validation.cpp
index 885b95c6..66460e87 100644
--- a/tests/core_tests/tx_validation.cpp
+++ b/tests/core_tests/tx_validation.cpp
@@ -163,6 +163,15 @@ namespace
     throw std::runtime_error("invalid public key wasn't found");
     return crypto::public_key();
   }
+
+  crypto::key_image generate_invalid_key_image()
+  {
+    crypto::key_image key_image;
+    // a random key image plucked from the blockchain
+    if (!epee::string_tools::hex_to_pod("6b9f5d1be7c950dc6e4e258c6ef75509412ba9ecaaf90e6886140151d1365b5e", key_image))
+      throw std::runtime_error("invalid key image wasn't found");
+    return key_image;
+  }
 }
 
 //----------------------------------------------------------------------------------------------------------------------
@@ -541,8 +550,7 @@ bool gen_tx_key_image_is_invalid::generate(std::vector<test_event_entry>& events
   builder.step2_fill_inputs(miner_account.get_keys(), sources);
 
   txin_to_key& in_to_key = boost::get<txin_to_key>(builder.m_tx.vin.front());
-  crypto::public_key pub = generate_invalid_pub_key();
-  memcpy(&in_to_key.k_image, &pub, sizeof(crypto::ec_point));
+  in_to_key.k_image = generate_invalid_key_image();
 
   builder.step3_fill_outputs(destinations);
   builder.step4_calc_hash();