Skip to content
Permalink
Browse files

Merge pull request #194 from solokeys/sanitize

fix potential memory leaks
  • Loading branch information...
conorpp committed May 13, 2019
2 parents 1564df5 + e1474e8 commit 2a9e3ac576914035d653660ad3aa73e8b348f6f8
Showing with 12 additions and 6 deletions.
  1. +12 −6 fido2/ctap.c
@@ -270,6 +270,7 @@ static int ctap_generate_cose_key(CborEncoder * cose_key, uint8_t * hmac_input,
void make_auth_tag(uint8_t * rpIdHash, uint8_t * nonce, uint32_t count, uint8_t * tag)
{
uint8_t hashbuf[32];
memset(hashbuf,0,sizeof(hashbuf));
crypto_sha256_hmac_init(CRYPTO_TRANSPORT_KEY, 0, hashbuf);
crypto_sha256_update(rpIdHash, 32);
crypto_sha256_update(nonce, CREDENTIAL_NONCE_SIZE);
@@ -442,6 +443,10 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au

uint8_t * cose_key_buf = auth_data_buf + sizeof(CTAP_authData);

// memset(&cose_key, 0, sizeof(CTAP_residentKey));
memset(&rk, 0, sizeof(CTAP_residentKey));
memset(&rk2, 0, sizeof(CTAP_residentKey));

if((sizeof(CTAP_authDataHeader)) > *len)
{
printf1(TAG_ERR,"assertion fail, auth_data_buf must be at least %d bytes\n", sizeof(CTAP_authData) - sizeof(CTAP_attestHeader));
@@ -1210,10 +1215,10 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)

crypto_sha256_init();
crypto_sha256_update(GA.rp.id, GA.rp.size);
crypto_sha256_final(((CTAP_authData *)auth_data_buf)->head.rpIdHash);
crypto_sha256_final(((CTAP_authDataHeader *)auth_data_buf)->rpIdHash);

((CTAP_authData *)auth_data_buf)->head.flags = (1 << 0);
((CTAP_authData *)auth_data_buf)->head.flags |= (1 << 2);
((CTAP_authDataHeader *)auth_data_buf)->flags = (1 << 0);
((CTAP_authDataHeader *)auth_data_buf)->flags |= (1 << 2);
}
else
#endif
@@ -1222,8 +1227,8 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
ret = ctap_make_auth_data(&GA.rp, &map, auth_data_buf, &auth_data_buf_sz, NULL);
check_retr(ret);

((CTAP_authData *)auth_data_buf)->head.flags &= ~(1 << 2);
((CTAP_authData *)auth_data_buf)->head.flags |= (getAssertionState.user_verified << 2);
((CTAP_authDataHeader *)auth_data_buf)->flags &= ~(1 << 2);
((CTAP_authDataHeader *)auth_data_buf)->flags |= (getAssertionState.user_verified << 2);

{
unsigned int ext_encoder_buf_size = sizeof(auth_data_buf) - auth_data_buf_sz;
@@ -1233,7 +1238,7 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
check_retr(ret);
if (ext_encoder_buf_size)
{
((CTAP_authData *)auth_data_buf)->head.flags |= (1 << 7);
((CTAP_authDataHeader *)auth_data_buf)->flags |= (1 << 7);
auth_data_buf_sz += ext_encoder_buf_size;
}
}
@@ -1566,6 +1571,7 @@ void ctap_response_init(CTAP_RESPONSE * resp)
uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
{
CborEncoder encoder;
memset(&encoder,0,sizeof(CborEncoder));
uint8_t status = 0;
uint8_t cmd = *pkt_raw;
pkt_raw++;

0 comments on commit 2a9e3ac

Please sign in to comment.
You can’t perform that action at this time.