1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-15 19:08:07 +00:00

core/webauthn: Validate U2F key handle length.

This commit is contained in:
Andrew Kozlik 2019-09-25 21:04:15 +02:00
parent 638a861137
commit f54c968039

View File

@ -276,6 +276,9 @@ class U2fCredential(Credential):
def from_key_handle(
key_handle: bytes, rp_id_hash: bytes
) -> Optional["U2fCredential"]:
if len(key_handle) != _KEY_HANDLE_LENGTH:
return None
# check the keyHandle and generate the signing key
node = U2fCredential._node_from_key_handle(rp_id_hash, key_handle, "<8L")
if node is None: