Skip to content

Commit

Permalink
update checking of pin_uv_auth_param length
Browse files Browse the repository at this point in the history
  • Loading branch information
@z4yx
z4yx committed Jul 29, 2023
1 parent 2260508 commit 69b03c7
Showing 1 changed file with 6 additions and 7 deletions.
13 changes: 6 additions & 7 deletions applets/ctap/ctap-parser.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -690,6 +690,7 @@ uint8_t parse_make_credential(CborParser *parser, CTAP_make_credential *mc, cons
if (cbor_value_get_type(&map) != CborByteStringType) return CTAP2_ERR_CBOR_UNEXPECTED_TYPE;
ret = cbor_value_get_string_length(&map, &mc->pin_uv_auth_param_len);
CHECK_CBOR_RET(ret);
if (mc->pin_uv_auth_param_len == 0) return CTAP2_ERR_PIN_AUTH_INVALID;
if (mc->pin_uv_auth_param_len != 0 && mc->pin_uv_auth_param_len > SHA256_DIGEST_LENGTH) {
DBG_MSG("pin_uv_auth_param is too long\n");
return CTAP2_ERR_PIN_AUTH_INVALID;
Expand Down Expand Up @@ -824,6 +825,7 @@ uint8_t parse_get_assertion(CborParser *parser, CTAP_get_assertion *ga, const ui
if (cbor_value_get_type(&map) != CborByteStringType) return CTAP2_ERR_CBOR_UNEXPECTED_TYPE;
ret = cbor_value_get_string_length(&map, &ga->pin_uv_auth_param_len);
CHECK_CBOR_RET(ret);
if (ga->pin_uv_auth_param_len == 0) return CTAP2_ERR_PIN_AUTH_INVALID;
if (ga->pin_uv_auth_param_len != 0 && ga->pin_uv_auth_param_len > SHA256_DIGEST_LENGTH)
return CTAP2_ERR_PIN_AUTH_INVALID;
ret = cbor_value_copy_byte_string(&map, ga->pin_uv_auth_param, &ga->pin_uv_auth_param_len, NULL);
Expand Down Expand Up @@ -921,10 +923,7 @@ uint8_t parse_client_pin(CborParser *parser, CTAP_client_pin *cp, const uint8_t
if (cbor_value_get_type(&map) != CborByteStringType) return CTAP2_ERR_CBOR_UNEXPECTED_TYPE;
ret = cbor_value_get_string_length(&map, &len);
CHECK_CBOR_RET(ret);
if (len > SHA256_DIGEST_LENGTH) {
DBG_MSG("pin_uv_auth_param too long\n");
return CTAP2_ERR_INVALID_CBOR;
}
if (len == 0 || len > SHA256_DIGEST_LENGTH) return CTAP2_ERR_PIN_AUTH_INVALID;
ret = cbor_value_copy_byte_string(&map, cp->pin_uv_auth_param, &len, NULL);
CHECK_CBOR_RET(ret);
cp->parsed_params |= PARAM_PIN_UV_AUTH_PARAM;
Expand Down Expand Up @@ -1099,7 +1098,7 @@ parse_credential_management(CborParser *parser, CTAP_credential_management *cm,
if (cbor_value_get_type(&map) != CborByteStringType) return CTAP2_ERR_CBOR_UNEXPECTED_TYPE;
ret = cbor_value_get_string_length(&map, &len);
CHECK_CBOR_RET(ret);
if (len > SHA256_DIGEST_LENGTH) return CTAP2_ERR_PIN_AUTH_INVALID;
if (len == 0 || len > SHA256_DIGEST_LENGTH) return CTAP2_ERR_PIN_AUTH_INVALID;
ret = cbor_value_copy_byte_string(&map, cm->pin_uv_auth_param, &len, NULL);
CHECK_CBOR_RET(ret);
PRINT_HEX(cm->pin_uv_auth_param, len);
Expand Down Expand Up @@ -1218,7 +1217,7 @@ uint8_t parse_large_blobs(CborParser *parser, CTAP_large_blobs *lb, const uint8_
if (cbor_value_get_type(&map) != CborByteStringType) return CTAP2_ERR_CBOR_UNEXPECTED_TYPE;
ret = cbor_value_get_string_length(&map, &len);
CHECK_CBOR_RET(ret);
if (len > SHA256_DIGEST_LENGTH) return CTAP2_ERR_PIN_AUTH_INVALID;
if (len == 0 || len > SHA256_DIGEST_LENGTH) return CTAP2_ERR_PIN_AUTH_INVALID;
ret = cbor_value_copy_byte_string(&map, lb->pin_uv_auth_param, &len, NULL);
CHECK_CBOR_RET(ret);
lb->parsed_params |= PARAM_PIN_UV_AUTH_PARAM;
Expand Down Expand Up @@ -1253,4 +1252,4 @@ uint8_t parse_large_blobs(CborParser *parser, CTAP_large_blobs *lb, const uint8_
}

return 0;
}
}

0 comments on commit 69b03c7

Please sign in to comment.