Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix possible buffer overflow
  • Loading branch information
babelouest committed Mar 17, 2022
1 parent a7ddc5b commit 4c5597c
Showing 1 changed file with 14 additions and 2 deletions.
16 changes: 14 additions & 2 deletions src/scheme/webauthn.c
Expand Up @@ -2636,11 +2636,23 @@ static int check_assertion(struct config_module * config, json_t * j_params, con
break;
}

if (!o_base64url_decode((const unsigned char *)json_string_value(json_object_get(json_object_get(json_object_get(j_scheme_data, "credential"), "response"), "signature")), json_string_length(json_object_get(json_object_get(json_object_get(j_scheme_data, "credential"), "response"), "signature")), sig, &sig_len)) {
y_log_message(Y_LOG_LEVEL_DEBUG, "check_assertion - Error o_base64url_decode signature");
if (!o_base64_decode((const unsigned char *)json_string_value(json_object_get(json_object_get(json_object_get(j_scheme_data, "credential"), "response"), "signature")), json_string_length(json_object_get(json_object_get(json_object_get(j_scheme_data, "credential"), "response"), "signature")), NULL, &sig_len)) {
y_log_message(Y_LOG_LEVEL_DEBUG, "check_assertion - Invalid signature format");
ret = G_ERROR_PARAM;
break;
}

if (sig_len > 128) {
y_log_message(Y_LOG_LEVEL_DEBUG, "check_assertion - Invalid signature");
ret = G_ERROR_PARAM;
break;
}

if (!o_base64_decode((const unsigned char *)json_string_value(json_object_get(json_object_get(json_object_get(j_scheme_data, "credential"), "response"), "signature")), json_string_length(json_object_get(json_object_get(json_object_get(j_scheme_data, "credential"), "response"), "signature")), sig, &sig_len)) {
y_log_message(Y_LOG_LEVEL_DEBUG, "check_assertion - Error o_base64_decode signature");
ret = G_ERROR;
break;
}

memcpy(data_signed, auth_data, auth_data_len);
memcpy(data_signed+auth_data_len, cdata_hash, cdata_hash_len);
Expand Down

0 comments on commit 4c5597c

Please sign in to comment.