core/webauthn: Validate U2F key handle length.

5 years ago · f54c968039
parent 638a861137
commit f54c968039
1 changed files with 3 additions and 0 deletions
--- a/core/src/apps/webauthn/credential.py
+++ b/core/src/apps/webauthn/credential.py
@ -276,6 +276,9 @@ class U2fCredential(Credential):
    def from_key_handle(
        key_handle: bytes, rp_id_hash: bytes
    ) -> Optional["U2fCredential"]:
+        if len(key_handle) != _KEY_HANDLE_LENGTH:
+            return None
+
        # check the keyHandle and generate the signing key
        node = U2fCredential._node_from_key_handle(rp_id_hash, key_handle, "<8L")
        if node is None: