From a3b54e9dfd05d670aa8a39d1ceb707ce9c47b3ba Mon Sep 17 00:00:00 2001 From: Ludvig Michaelsson Date: Mon, 2 Dec 2024 12:59:02 +0100 Subject: [PATCH] cred: check attestation object for mandatory items Makes error handling consistent with fido_dev_make_cred_rx(). --- src/cred.c | 10 +++++++++- src/winhello.c | 8 ++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/src/cred.c b/src/cred.c index 1fb0dfbd..e8b82290 100644 --- a/src/cred.c +++ b/src/cred.c @@ -789,7 +789,7 @@ fido_cred_set_attobj(fido_cred_t *cred, const unsigned char *ptr, size_t len) struct cbor_load_result cbor; int r = FIDO_ERR_INVALID_ARGUMENT; - fido_cred_clean_attobj(cred); + fido_cred_reset_rx(cred); if (ptr == NULL || len == 0) goto fail; @@ -802,12 +802,20 @@ fido_cred_set_attobj(fido_cred_t *cred, const unsigned char *ptr, size_t len) fido_log_debug("%s: cbor_decode_attobj", __func__); goto fail; } + if (cred->fmt == NULL || fido_blob_is_empty(&cred->authdata_cbor) || + fido_blob_is_empty(&cred->attcred.id)) { + r = FIDO_ERR_INVALID_CBOR; + goto fail; + } r = FIDO_OK; fail: if (item != NULL) cbor_decref(&item); + if (r != FIDO_OK) + fido_cred_reset_rx(cred); + return (r); } diff --git a/src/winhello.c b/src/winhello.c index 7805976b..7b79bab5 100644 --- a/src/winhello.c +++ b/src/winhello.c @@ -1026,10 +1026,18 @@ fido_winhello_make_cred(fido_dev_t *dev, fido_cred_t *cred, const char *pin, fido_log_debug("%s: translate_winhello_cred", __func__); goto fail; } + if (cred->fmt == NULL || fido_blob_is_empty(&cred->authdata_cbor) || + fido_blob_is_empty(&cred->attcred.id)) { + r = FIDO_ERR_INVALID_CBOR; + goto fail; + } r = FIDO_OK; fail: winhello_cred_free(ctx); + if (r != FIDO_OK) + fido_cred_reset_rx(cred); + return r; }