From f54c96803903a21811cf738ac6e099ff5b6245d9 Mon Sep 17 00:00:00 2001 From: Andrew Kozlik Date: Wed, 25 Sep 2019 21:04:15 +0200 Subject: [PATCH] core/webauthn: Validate U2F key handle length. --- core/src/apps/webauthn/credential.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/core/src/apps/webauthn/credential.py b/core/src/apps/webauthn/credential.py index c31bcabfa..13effcf3f 100644 --- a/core/src/apps/webauthn/credential.py +++ b/core/src/apps/webauthn/credential.py @@ -276,6 +276,9 @@ class U2fCredential(Credential): def from_key_handle( key_handle: bytes, rp_id_hash: bytes ) -> Optional["U2fCredential"]: + if len(key_handle) != _KEY_HANDLE_LENGTH: + return None + # check the keyHandle and generate the signing key node = U2fCredential._node_from_key_handle(rp_id_hash, key_handle, "<8L") if node is None: