open-quantum-safe / liboqs / 25922138360 / 1
82%
main: 82%

DEFAULT BRANCH: main
Ran
Files 1259
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 85.363%. Remained the same
25922138360.1

push

github

web-flow 
Merge commit from fork

The XMSS and XMSS^MT verify wrappers validate signature_len against the
declared algorithm's compile-time signature length (added in ef70dea for
CVE-2026-44518) but did not validate that the OID encoded in the public
key matches the declared algorithm. A caller passing a correctly-sized
signature buffer together with a public key whose first four bytes
reference a different XMSS parameter set caused xmss_sign_open to
re-parse the OID from the pk and construct a params struct whose
sig_bytes exceeded the caller's signature buffer. xmssmt_core_sign_open
then discarded the caller-supplied smlen and read past the end of the
buffer at xmss_commons.c:194 (heap OOB read of up to params->sig_bytes

prefix_length bytes).
Add an OID consistency check at the per-variant wrapper: decode
pk[0..3] as a big-endian OID and reject the call if it does not equal
the variant's compile-time OID constant. This rejects malformed input
at the API boundary, before any code that derives buffer offsets from
attacker-influenced OID bytes runs.

Extend tests/test_sig_stfl.c::test_invalid_sig with a second sub-case
that mirrors the GHSA reporter's PoC: correctly-sized signature buffer
for XMSS-SHA2_10_256 together with pk[3]=0x02 (the OID of
XMSS-SHA2_16_256, whose sig_bytes is larger). Under ASan the pre-fix
code aborts with the expected heap-buffer-overflow READ of 128 bytes
in xmssmt_core_sign_open; with the fix the wrapper returns OQS_ERROR
cleanly.

Reported-by: Vishnu2707

Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>

78402 of 91845 relevant lines covered (85.36%)

8968581.67 hits per line

Source Files on job x64-generic - 25922138360.1