1
0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2024-12-29 04:50:03 +01:00
RIOT/sys
Marian Buschsieweke 8a178f49e7
sys/fido2: fix CBOR parsing
The TinyCBOR library takes a `size_t *` length argument in many
functions which at function call contains the length of a buffer, and
at exit the actual size of the data. The FIDO-2 code however uses
`uint8_t` fields in `struct`s to store the data. Previously, a pointer
to that `uint8_t` filed was just casted to `size_t *`, resulting in
three neighboring bytes also being interpreted as being part of the
buffer size - which could result in undetected buffer overflows.
Similar, upon exit of the function not only the `uint8_t` sized length
`struct` member but also three neighboring bytes were written to.

I didn't care to investigate, but this really looks like crafted CBOR
payloads send to the FIDO2 implementation could result in arbitrary
code execution on the device.
2021-11-13 20:32:02 +01:00
..
analog_util sys/analog_util: Add Kconfig support 2021-02-22 14:54:14 +01:00
app_metadata sys/app_metadata: Add Kconfig support 2021-02-22 14:54:14 +01:00
arduino sys/arduino: millis() expected to have C linkage 2021-11-05 10:21:26 +01:00
auto_init sys/auto_init: fix indention 2021-10-05 14:15:57 +02:00
base64 sys/base64: Add Kconfig support 2021-02-22 14:54:14 +01:00
benchmark sys/benchmark: add module to Kconfig 2020-11-06 15:57:55 +01:00
bitfield sys/bitfield: Add Kconfig support 2021-02-22 14:54:14 +01:00
bloom sys/bloom: Add Kconfig support 2021-02-22 14:54:14 +01:00
bus sys/bus: add system buses 2020-11-12 22:50:53 +01:00
can treewide: Remove excessive newlines 2021-08-13 19:50:38 +02:00
cb_mux sys/cb_mux: Add Kconfig support 2021-02-22 14:54:14 +01:00
checksum sys/checksum: add module to Kconfig 2020-11-27 09:20:05 +01:00
clif sys/clif: fix attribute parsing and comply with tests 2021-03-05 16:47:53 +01:00
color sys/color: add module to Kconfig 2020-11-18 18:38:44 +01:00
congure Merge pull request #16133 from miri64/congure_mock/enh/real-methods 2021-05-04 11:06:35 +02:00
cpp11-compat sys: Cleanup access to internal variables 2020-08-24 20:28:11 +02:00
crypto treewide: Remove excessive newlines 2021-08-13 19:50:38 +02:00
cxx_ctor_guards sys/cxx_ctor_guards: Add guard for c++ ctors 2020-07-23 20:24:47 +02:00
div sys/div: Add module to Kconfig 2020-11-06 15:57:52 +01:00
ecc treewide: Remove excessive newlines 2021-08-13 19:50:38 +02:00
eepreg sys/eepreg: Add Kconfig support 2021-02-22 14:54:14 +01:00
embunit sys/embunit/Kconfig: make module available only for testing 2020-12-02 10:14:43 +01:00
entropy_source sys/entropy_source: fix typo (sates => states) 2021-01-08 10:15:33 +01:00
event sys/event/thread: add STACKSTEST flag 2021-09-24 16:20:35 +02:00
evtimer sys/*: realign ENABLE_DEBUG 2020-10-23 11:27:48 +02:00
fido2 sys/fido2: fix CBOR parsing 2021-11-13 20:32:02 +01:00
fmt sys/fmt_table: fix infinite loop 2021-01-21 10:03:44 +01:00
frac sys/frac: add module to Kconfig 2021-01-18 14:14:13 +01:00
fs treewide: Remove excessive newlines 2021-08-13 19:50:38 +02:00
fuzzing sys/fuzzing: avoid explicit cast to netdev 2021-07-09 11:35:22 +02:00
hashes treewide: Remove excessive newlines 2021-08-13 19:50:38 +02:00
include sys/architecture: add HAS_ALIGNMENT_OF() helper 2021-11-11 10:57:26 +01:00
iolist sys/iolist: add module to Kconfig 2021-01-21 11:22:32 +01:00
isrpipe treewide: Remove excessive newlines 2021-08-13 19:50:38 +02:00
libc/include/sys cleanup: apply headerguard script output 2017-05-24 17:54:02 +02:00
log picolibc: Use most NEWLIB code with picolibc 2020-08-24 08:26:16 -07:00
luid sys/luid: add module to Kconfig 2021-01-26 17:40:30 +01:00
malloc_thread_safe sys/malloc_thread_safety: fix overflow in calloc 2021-05-06 13:04:01 +02:00
matstat sys/matstat: Add Kconfig support 2021-02-22 14:54:14 +01:00
memarray sys/memarray: Add Kconfig support 2021-02-22 14:54:14 +01:00
mineplex sys/mineplex: Add Kconfig support 2021-02-22 14:54:14 +01:00
net net/uhcp[cd]: use modules to select client/server code 2021-11-09 21:42:45 +01:00
newlib_syscalls_default makefiles: avoid building archives when compiling 2020-09-04 15:01:10 +02:00
od sys/od: allow to specify address offset with od_hex_dump_ext() 2021-01-11 14:35:40 +01:00
oneway-malloc sys/oneway-malloc: Add Kconfig support 2021-02-22 14:54:15 +01:00
phydat sys/phydat: add module to Kconfig 2020-11-25 12:00:13 +01:00
picolibc_syscalls_default sys/picolibc_syscalls_default: support new picolibc stdio globals 2021-10-18 12:02:33 +02:00
pipe sys/pipe/pipe_dynamic: fix possible null pointer dereference 2020-09-11 11:19:58 +02:00
pm_layered sys/pm_layered: use atomic_utils 2021-03-15 21:17:17 +01:00
posix Merge pull request #16849 from HendrikVE/pr/wolfmqtt_split_1 2021-09-14 17:50:08 +02:00
progress_bar sys/progress_bar: add Konfig configuration 2021-04-07 12:05:00 +02:00
ps sys/ps: use getters for thread_t fields 2021-09-15 10:16:45 +02:00
puf_sram sys/puf_sram: counter based reseed after soft reset 2020-01-20 14:14:09 +01:00
quad_math cppcheck: add/correct reason for cppcheck-suppress 2018-09-25 12:03:58 +02:00
random sys/fortuna: remove need for now64 2021-09-27 17:30:05 +02:00
riotboot sys/riotboot: add missing "inttypes.h" include 2021-09-22 20:47:12 +02:00
saul_reg treewide: Remove excessive newlines 2021-08-13 19:50:38 +02:00
schedstatistics schedstatistics: Log sleep tick statistics 2021-01-18 11:14:23 +01:00
sema sys/sema/Kconfig: fix inclusion of xtimer 2021-10-06 17:59:49 +02:00
sema_inv sys/sema_inv: add inverse Semaphore 2021-01-17 00:17:58 +01:00
seq sys/seq: Add Kconfig support 2021-02-22 14:54:15 +01:00
shell sys/shell/gnrc_netif: Allow 'ifconfig help' 2021-10-22 14:14:58 +02:00
ssp sys/ssp: use a random value as the canary 2020-01-20 14:51:26 +01:00
stdio_null sys: stdio_null: add null driver 2019-11-26 21:12:41 +01:00
stdio_rtt treewide: Remove excessive newlines 2021-08-13 19:50:38 +02:00
stdio_semihosting stdio_semihosting: Add unit clarification to poll define 2021-11-03 11:39:26 +01:00
stdio_uart drivers: sys: replace USE_ETHOS_FOR_STDIO macro by MODULE_STDIO_ETHOS 2019-06-23 22:16:03 +02:00
suit treewide: Remove excessive newlines 2021-08-13 19:50:38 +02:00
test_utils Merge pull request #17034 from fjmolinas/pr_turo_optional_space_after_symbol 2021-10-25 22:31:16 +03:00
timex sys/timex: Add Kconfig support 2021-02-22 14:54:15 +01:00
trace sys/trace: initial commit 2020-06-10 21:21:33 +02:00
trickle sys/trickle: migrate to ZTIMER_MSEC 2021-06-14 09:04:25 +02:00
tsrb sys/tsrb: Add module to Kconfig 2020-11-06 15:57:53 +01:00
universal_address sys/*: realign ENABLE_DEBUG 2020-10-23 11:27:48 +02:00
uri_parser uri_parser: constify result 2021-08-04 14:01:28 +02:00
usb Merge pull request #17135 from bergzand/pr/usbdev/fix_cppcheck_vera 2021-11-05 08:36:53 +01:00
usb_board_reset sys/usb_board_reset: add usb_board_reset_in_bootloader definition 2020-07-01 10:30:17 +02:00
ut_process ut_process: initial import of a URI template processor 2021-09-16 18:18:48 +02:00
uuid uuid: add uuid_from_string() 2018-10-03 10:44:14 +02:00
vfs treewide: Remove excessive newlines 2021-08-13 19:50:38 +02:00
xtimer sys/{x,z}timer/Kconfig: fix compatibility modules 2021-11-09 15:32:33 +01:00
zptr sys: zptr: initial commit 2020-02-11 13:59:59 +01:00
ztimer sys/ztimer/kconfig: change entry point 2021-11-09 15:32:34 +01:00
doc.txt sys/doc: add net_lorawan group 2019-04-12 15:51:15 +02:00
Kconfig sys/libc: model Kconfig 2021-10-01 11:26:15 +02:00
Kconfig.newlib sys/libc: model Kconfig 2021-10-01 11:26:15 +02:00
Kconfig.picolibc sys/libc: model Kconfig 2021-10-01 11:26:15 +02:00
Kconfig.stdio sys/libc: model Kconfig 2021-10-01 11:26:15 +02:00
Makefile test_utils: add UDP benchmark 2021-09-02 23:12:31 +02:00
Makefile.dep riotboot_dfu: Add ztimer_msec dependency 2021-10-26 14:14:45 +02:00
Makefile.include sys/net/sock: Set SOCK_HAS_IPV6 in one place 2021-10-11 21:37:39 +02:00