RIOT-OS/RIOT
RIOT-OS/RIOT
1
0
Fork 0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2024-12-29 04:50:03 +01:00
Code Releases Activity
38,384 Commits 40 Branches 189 Tags 262 MiB
546202fe51
Commit Graph

5 Commits

Author SHA1 Message Date
benpicco
f33b3ad10d
Merge pull request #17242 from bergzand/pr/hid/add_descriptor_defines 
usb/hid: Add HID report descriptor defines
 2022-01-10 12:28:01 +01:00
Koen Zandberg
a148f2d40d
sys/fido2: Adapt CTAP HID descriptors to use helper defines 
Content of the HID report descriptor itself is unchanged
 2022-01-10 11:35:58 +01:00
Alexandre Abadie
0e977b89ae
sys/crypto: remove deprecated CIPHER_AES_128 2022-01-07 11:14:10 +01:00
Marian Buschsieweke
8a178f49e7
sys/fido2: fix CBOR parsing 
The TinyCBOR library takes a `size_t *` length argument in many
functions which at function call contains the length of a buffer, and
at exit the actual size of the data. The FIDO-2 code however uses
`uint8_t` fields in `struct`s to store the data. Previously, a pointer
to that `uint8_t` filed was just casted to `size_t *`, resulting in
three neighboring bytes also being interpreted as being part of the
buffer size - which could result in undetected buffer overflows.
Similar, upon exit of the function not only the `uint8_t` sized length
`struct` member but also three neighboring bytes were written to.

I didn't care to investigate, but this really looks like crafted CBOR
payloads send to the FIDO2 implementation could result in arbitrary
code execution on the device.
 2021-11-13 20:32:02 +01:00
Ollrogge
e127a4d865 FIDO2 support in RIOT 2021-09-08 15:22:40 +02:00