cr50: update size checks for U2F_ATTEST

This CL updates verification of the message size in U2F_ATTEST after adding userSecret field. BUG=b:147020573 TEST=test_that <dut> firmware_Cr50U2fCommands Change-Id: Ib1e9444fdd13ed27547df27aa9c2fed19ba59496 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1984894 Tested-by: Andrey Pronin <apronin@chromium.org> Commit-Queue: Andrey Pronin <apronin@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> (cherry picked from commit d982955abbd9a7d85ca48d13f85809576f2efc26) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2003942
author: Andrey Pronin <apronin@chromium.org> 2020-01-02 14:11:33 -0800
committer: Commit Bot <commit-bot@chromium.org> 2020-01-16 04:18:35 +0000
commit: cedc4f22ac54aa2e91f5b7c8e6a6a8f07a3f05e6 (patch)
tree: a06ae3ce3c9706d541d82764442b61f94c4e286f
parent: 3d758ca131e71ffc8d407776255bff4b2ed3bce0 (diff)
download: chrome-ec-cedc4f22ac54aa2e91f5b7c8e6a6a8f07a3f05e6.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/common/u2f.c b/common/u2f.c
index 540503db84..bc55496fb6 100644
--- a/common/u2f.c
+++ b/common/u2f.c
@@ -364,8 +364,8 @@ static enum vendor_cmd_rc u2f_attest(enum vendor_cmd_cc code,
 
 	*response_size = 0;
 
-	if (input_size < 2 ||
-	    input_size < (2 + req->dataLen) ||
+	if (input_size < offsetof(U2F_ATTEST_REQ, data) ||
+	    input_size < (offsetof(U2F_ATTEST_REQ, data) + req->dataLen) ||
 	    input_size > sizeof(U2F_ATTEST_REQ) ||
 	    response_buf_size < sizeof(*resp))
 		return VENDOR_RC_BOGUS_ARGS;
author	Andrey Pronin <apronin@chromium.org>	2020-01-02 14:11:33 -0800
committer	Commit Bot <commit-bot@chromium.org>	2020-01-16 04:18:35 +0000
commit	cedc4f22ac54aa2e91f5b7c8e6a6a8f07a3f05e6 (patch)
tree	a06ae3ce3c9706d541d82764442b61f94c4e286f
parent	3d758ca131e71ffc8d407776255bff4b2ed3bce0 (diff)
download	chrome-ec-cedc4f22ac54aa2e91f5b7c8e6a6a8f07a3f05e6.tar.gz