Fix context-length validation in ACVP test binary

hanno-becker · mkannwischer · commit 2d66860f752f · 2026-04-14T06:18:01.000+02:00
Three places in acvp_mldsa.c validated the context argument length
using `mlen &gt; MAX_MSG_LENGTH` instead of `ctxlen &gt; MAX_CTX_LENGTH`,
meaning an oversized context would not be caught before being written
into a MAX_CTX_LENGTH-sized stack buffer.

Signed-off-by: Hanno Becker &lt;beckphan@amazon.co.uk&gt;
diff --git a/test/acvp/acvp_mldsa.c b/test/acvp/acvp_mldsa.c
@@ -644,7 +644,7 @@ int main(int argc, char *argv[])
         goto siggen_usage;
       }
       ctxlen = (strlen(*argv) - strlen("context=")) / 2;
-      if (mlen > MAX_MSG_LENGTH ||
+      if (ctxlen > MAX_CTX_LENGTH ||
           decode_hex("context", context, ctxlen, *argv) != 0)
       {
         goto siggen_usage;
@@ -745,7 +745,7 @@ int main(int argc, char *argv[])
         goto siggen_deterministic_usage;
       }
       ctxlen = (strlen(*argv) - strlen("context=")) / 2;
-      if (mlen > MAX_MSG_LENGTH ||
+      if (ctxlen > MAX_CTX_LENGTH ||
           decode_hex("context", context, ctxlen, *argv) != 0)
       {
         goto siggen_deterministic_usage;
@@ -825,7 +825,7 @@ int main(int argc, char *argv[])
         goto sigver_usage;
       }
       ctxlen = (strlen(*argv) - strlen("context=")) / 2;
-      if (mlen > MAX_MSG_LENGTH ||
+      if (ctxlen > MAX_CTX_LENGTH ||
           decode_hex("context", context, ctxlen, *argv) != 0)
       {
         goto sigver_usage;

Original file line number	Diff line number	Diff line change
`@@ -644,7 +644,7 @@ int main(int argc, char *argv[])`
`644`	`644`	`goto siggen_usage;`
`645`	`645`	`}`
`646`	`646`	`ctxlen = (strlen(*argv) - strlen("context=")) / 2;`
`647`		`- if (mlen > MAX_MSG_LENGTH \|\|`
	`647`	`+ if (ctxlen > MAX_CTX_LENGTH \|\|`
`648`	`648`	`decode_hex("context", context, ctxlen, *argv) != 0)`
`649`	`649`	`{`
`650`	`650`	`goto siggen_usage;`
`@@ -745,7 +745,7 @@ int main(int argc, char *argv[])`
`745`	`745`	`goto siggen_deterministic_usage;`
`746`	`746`	`}`
`747`	`747`	`ctxlen = (strlen(*argv) - strlen("context=")) / 2;`
`748`		`- if (mlen > MAX_MSG_LENGTH \|\|`
	`748`	`+ if (ctxlen > MAX_CTX_LENGTH \|\|`
`749`	`749`	`decode_hex("context", context, ctxlen, *argv) != 0)`
`750`	`750`	`{`
`751`	`751`	`goto siggen_deterministic_usage;`
`@@ -825,7 +825,7 @@ int main(int argc, char *argv[])`
`825`	`825`	`goto sigver_usage;`
`826`	`826`	`}`
`827`	`827`	`ctxlen = (strlen(*argv) - strlen("context=")) / 2;`
`828`		`- if (mlen > MAX_MSG_LENGTH \|\|`
	`828`	`+ if (ctxlen > MAX_CTX_LENGTH \|\|`
`829`	`829`	`decode_hex("context", context, ctxlen, *argv) != 0)`
`830`	`830`	`{`
`831`	`831`	`goto sigver_usage;`