arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-15 12:08:59 +00:00
Code Issues Releases Wiki Activity

core/webauthn: Validate U2F key handle length.

Browse Source
This commit is contained in:
Andrew Kozlik 2019-09-25 21:04:15 +02:00
parent 638a861137
commit f54c968039
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
core/src/apps/webauthn/credential.py
View File

@ -276,6 +276,9 @@ class U2fCredential(Credential):
def from_key_handle(
key_handle: bytes, rp_id_hash: bytes
) -> Optional["U2fCredential"]:
if len(key_handle) != _KEY_HANDLE_LENGTH:
return None
# check the keyHandle and generate the signing key
node = U2fCredential._node_from_key_handle(rp_id_hash, key_handle, "<8L")
if node is None: