RIOT-OS/RIOT
RIOT-OS/RIOT
1
0
Fork 0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2024-12-29 04:50:03 +01:00
Code Releases Activity
46,807 Commits 40 Branches 189 Tags 262 MiB
c507ebff43
Commit Graph

5 Commits

Author SHA1 Message Date
Marian Buschsieweke
edc43201db
tree-wide: fix typos in doc and comments 
This should not change any generated binary
 2023-10-16 12:17:48 +02:00
Ollrogge
deeea2b5f2 sys/fido2: documentation changes && code cleanup 2022-04-12 16:01:50 +02:00
Leandro Lanzieri
9bb6449a1e
sys/fido2/ctap: fix parsing validation 2022-03-17 09:43:42 +01:00
Marian Buschsieweke
8a178f49e7
sys/fido2: fix CBOR parsing 
The TinyCBOR library takes a `size_t *` length argument in many
functions which at function call contains the length of a buffer, and
at exit the actual size of the data. The FIDO-2 code however uses
`uint8_t` fields in `struct`s to store the data. Previously, a pointer
to that `uint8_t` filed was just casted to `size_t *`, resulting in
three neighboring bytes also being interpreted as being part of the
buffer size - which could result in undetected buffer overflows.
Similar, upon exit of the function not only the `uint8_t` sized length
`struct` member but also three neighboring bytes were written to.

I didn't care to investigate, but this really looks like crafted CBOR
payloads send to the FIDO2 implementation could result in arbitrary
code execution on the device.
 2021-11-13 20:32:02 +01:00
Ollrogge
e127a4d865 FIDO2 support in RIOT 2021-09-08 15:22:40 +02:00