diff options
author | Andrey Pronin <apronin@chromium.org> | 2020-01-02 14:11:33 -0800 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2020-01-16 04:18:35 +0000 |
commit | cedc4f22ac54aa2e91f5b7c8e6a6a8f07a3f05e6 (patch) | |
tree | a06ae3ce3c9706d541d82764442b61f94c4e286f | |
parent | 3d758ca131e71ffc8d407776255bff4b2ed3bce0 (diff) | |
download | chrome-ec-cedc4f22ac54aa2e91f5b7c8e6a6a8f07a3f05e6.tar.gz |
cr50: update size checks for U2F_ATTEST
This CL updates verification of the message size in U2F_ATTEST after
adding userSecret field.
BUG=b:147020573
TEST=test_that <dut> firmware_Cr50U2fCommands
Change-Id: Ib1e9444fdd13ed27547df27aa9c2fed19ba59496
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1984894
Tested-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
(cherry picked from commit d982955abbd9a7d85ca48d13f85809576f2efc26)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2003942
-rw-r--r-- | common/u2f.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/common/u2f.c b/common/u2f.c index 540503db84..bc55496fb6 100644 --- a/common/u2f.c +++ b/common/u2f.c @@ -364,8 +364,8 @@ static enum vendor_cmd_rc u2f_attest(enum vendor_cmd_cc code, *response_size = 0; - if (input_size < 2 || - input_size < (2 + req->dataLen) || + if (input_size < offsetof(U2F_ATTEST_REQ, data) || + input_size < (offsetof(U2F_ATTEST_REQ, data) + req->dataLen) || input_size > sizeof(U2F_ATTEST_REQ) || response_buf_size < sizeof(*resp)) return VENDOR_RC_BOGUS_ARGS; |