Fix off-by-one

BryanJacobs · BryanJacobs · commit 985d8eb51137 · 2023-08-05T17:28:05.000+10:00
diff --git a/src/main/java/us/q3q/fido2/FIDO2Applet.java b/src/main/java/us/q3q/fido2/FIDO2Applet.java
@@ -725,6 +725,7 @@ private void makeCredential(APDU apdu, short lc, byte[] buffer) {
                             } else if (buffer[readIdx] != (byte) 0xF5) {
                                 sendErrorByte(apdu, FIDOConstants.CTAP2_ERR_CBOR_UNEXPECTED_TYPE);
                             }
+                            readIdx++;
                             largeBlobKeyRequested = true;
                         } else {
                             readIdx += sLen;
@@ -1906,6 +1907,9 @@ private void getAssertion(final APDU apdu, final short lc, final byte[] buffer,
                             // We've got a case of hmac-secret extension params!
                             // store the index and revisit it later, when we've handled the PIN protocol
                             hmacSecretReadIdx = readIdx;
+                            if ((buffer[readIdx] & 0xF0) != 0xA0) {
+                                sendErrorByte(apdu, FIDOConstants.CTAP2_ERR_CBOR_UNEXPECTED_TYPE);
+                            }
                             readIdx = consumeAnyEntity(apdu, buffer, readIdx, lc);
                         }
 
