Fix handling of very long display names

BryanJacobs · BryanJacobs · commit 2036f12751c0 · 2023-08-27T20:06:42.000+10:00
diff --git a/src/main/java/us/q3q/fido2/FIDO2Applet.java b/src/main/java/us/q3q/fido2/FIDO2Applet.java
@@ -3286,7 +3286,7 @@ private short consumeMapAndGetID(APDU apdu, byte[] buffer, short readIdx, short
                 if (checkAllFieldsText && !isId && valDef == 0x58) {
                     sendErrorByte(apdu, FIDOConstants.CTAP2_ERR_CBOR_UNEXPECTED_TYPE);
                 }
-                valLen = buffer[readIdx++];
+                valLen = ub(buffer[readIdx++]);
                 if (isId) {
                     idPos++;
                 }
@@ -3304,7 +3304,7 @@ private short consumeMapAndGetID(APDU apdu, byte[] buffer, short readIdx, short
                 if (isId && byteString) {
                     sendErrorByte(apdu, FIDOConstants.CTAP2_ERR_CBOR_UNEXPECTED_TYPE);
                 }
-                valLen = (byte) (valDef - 0x60);
+                valLen = (short)(valDef - 0x60);
             } else if (valDef >= 0x40 && valDef < 0x58) {
                 if (isId && !byteString) {
                     sendErrorByte(apdu, FIDOConstants.CTAP2_ERR_CBOR_UNEXPECTED_TYPE);
@@ -3317,12 +3317,15 @@ private short consumeMapAndGetID(APDU apdu, byte[] buffer, short readIdx, short
                 if (checkAllFieldsText && !isId) {
                     sendErrorByte(apdu, FIDOConstants.CTAP2_ERR_CBOR_UNEXPECTED_TYPE);
                 }
-                valLen = (byte) (valDef - 0x40);
+                valLen = (short) (valDef - 0x40);
             } else {
                 sendErrorByte(apdu, FIDOConstants.CTAP2_ERR_CBOR_UNEXPECTED_TYPE);
             }
 
             if (isId) {
+                if (valLen > 255) {
+                    sendErrorByte(apdu, FIDOConstants.CTAP2_ERR_REQUEST_TOO_LARGE);
+                }
                 foundId = true;
                 transientStorage.setStoredVars(idPos, (byte) valLen);
             }

Original file line number	Diff line number	Diff line change
`@@ -3286,7 +3286,7 @@ private short consumeMapAndGetID(APDU apdu, byte[] buffer, short readIdx, short`
`3286`	`3286`	`if (checkAllFieldsText && !isId && valDef == 0x58) {`
`3287`	`3287`	`sendErrorByte(apdu, FIDOConstants.CTAP2_ERR_CBOR_UNEXPECTED_TYPE);`
`3288`	`3288`	`}`
`3289`		`- valLen = buffer[readIdx++];`
	`3289`	`+ valLen = ub(buffer[readIdx++]);`
`3290`	`3290`	`if (isId) {`
`3291`	`3291`	`idPos++;`
`3292`	`3292`	`}`
`@@ -3304,7 +3304,7 @@ private short consumeMapAndGetID(APDU apdu, byte[] buffer, short readIdx, short`
`3304`	`3304`	`if (isId && byteString) {`
`3305`	`3305`	`sendErrorByte(apdu, FIDOConstants.CTAP2_ERR_CBOR_UNEXPECTED_TYPE);`
`3306`	`3306`	`}`
`3307`		`- valLen = (byte) (valDef - 0x60);`
	`3307`	`+ valLen = (short)(valDef - 0x60);`
`3308`	`3308`	`} else if (valDef >= 0x40 && valDef < 0x58) {`
`3309`	`3309`	`if (isId && !byteString) {`
`3310`	`3310`	`sendErrorByte(apdu, FIDOConstants.CTAP2_ERR_CBOR_UNEXPECTED_TYPE);`
`@@ -3317,12 +3317,15 @@ private short consumeMapAndGetID(APDU apdu, byte[] buffer, short readIdx, short`
`3317`	`3317`	`if (checkAllFieldsText && !isId) {`
`3318`	`3318`	`sendErrorByte(apdu, FIDOConstants.CTAP2_ERR_CBOR_UNEXPECTED_TYPE);`
`3319`	`3319`	`}`
`3320`		`- valLen = (byte) (valDef - 0x40);`
	`3320`	`+ valLen = (short) (valDef - 0x40);`
`3321`	`3321`	`} else {`
`3322`	`3322`	`sendErrorByte(apdu, FIDOConstants.CTAP2_ERR_CBOR_UNEXPECTED_TYPE);`
`3323`	`3323`	`}`
`3324`	`3324`
`3325`	`3325`	`if (isId) {`
	`3326`	`+ if (valLen > 255) {`
	`3327`	`+ sendErrorByte(apdu, FIDOConstants.CTAP2_ERR_REQUEST_TOO_LARGE);`
	`3328`	`+ }`
`3326`	`3329`	`foundId = true;`
`3327`	`3330`	`transientStorage.setStoredVars(idPos, (byte) valLen);`
`3328`	`3331`	`}`