cred: check attesetation object for mandatory keys

Makes error handling consistent with fido_dev_make_cred_rx().
Yubico · Dec 2, 2024 · be95970 · be95970
1 parent fae3b4e
commit be95970
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/src/cred.c b/src/cred.c
@@ -789,7 +789,7 @@ fido_cred_set_attobj(fido_cred_t *cred, const unsigned char *ptr, size_t len)
 	struct cbor_load_result	 cbor;
 	int			 r = FIDO_ERR_INVALID_ARGUMENT;
 
-	fido_cred_clean_attobj(cred);
+	fido_cred_reset_rx(cred);
 
 	if (ptr == NULL || len == 0)
 		goto fail;
@@ -802,12 +802,20 @@ fido_cred_set_attobj(fido_cred_t *cred, const unsigned char *ptr, size_t len)
 		fido_log_debug("%s: cbor_decode_attobj", __func__);
 		goto fail;
 	}
+	if (cred->fmt == NULL || fido_blob_is_empty(&cred->authdata_cbor) ||
+	    fido_blob_is_empty(&cred->attcred.id)) {
+		r = FIDO_ERR_INVALID_CBOR;
+		goto fail;
+	}
 
 	r = FIDO_OK;
 fail:
 	if (item != NULL)
 		cbor_decref(&item);
 
+	if (r != FIDO_OK)
+		fido_cred_reset_rx(cred);
+
 	return (r);
 }
 

diff --git a/src/winhello.c b/src/winhello.c
@@ -1026,10 +1026,18 @@ fido_winhello_make_cred(fido_dev_t *dev, fido_cred_t *cred, const char *pin,
 		fido_log_debug("%s: translate_winhello_cred", __func__);
 		goto fail;
 	}
+	if (cred->fmt == NULL || fido_blob_is_empty(&cred->authdata_cbor) ||
+	    fido_blob_is_empty(&cred->attcred.id)) {
+		r = FIDO_ERR_INVALID_CBOR;
+		goto fail;
+	}
 
 	r = FIDO_OK;
 fail:
 	winhello_cred_free(ctx);
 
+	if (r != FIDO_OK)
+		fido_cred_reset_rx(cred);
+
 	return r;
 }