From 02556fcde1592d73a16c646f93dad21910e9b218 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sun, 25 Aug 2024 20:21:43 +0200 Subject: [PATCH] Fix buffer initialization. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- src/fido/cbor_get_assertion.c | 30 ++++++++++++++++++++---------- src/fido/cbor_make_credential.c | 12 ++++++------ src/fido/ctap2_cbor.h | 2 +- 4 files changed, 28 insertions(+), 18 deletions(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index ac2a6c1..956f476 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit ac2a6c10521367a850668e427afce087251ed1d1 +Subproject commit 956f476872e25603ee063b776e3da280670cb15e diff --git a/src/fido/cbor_get_assertion.c b/src/fido/cbor_get_assertion.c index db1f126..22854d7 100644 --- a/src/fido/cbor_get_assertion.c +++ b/src/fido/cbor_get_assertion.c @@ -203,7 +203,7 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { } uint8_t flags = 0; - uint8_t rp_id_hash[32]; + uint8_t rp_id_hash[32] = {0}; mbedtls_sha256((uint8_t *) rpId.data, rpId.len, rp_id_hash, 0); bool resident = false; @@ -323,11 +323,21 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { credential_free(&creds[i]); } else { - creds[numberOfCredentials++] = creds[i]; + if (numberOfCredentials != i) { + creds[numberOfCredentials++] = creds[i]; + } + else { + numberOfCredentials++; + } } } else { - creds[numberOfCredentials++] = creds[i]; + if (numberOfCredentials != i) { + creds[numberOfCredentials++] = creds[i]; + } + else { + numberOfCredentials++; + } } } } @@ -399,7 +409,7 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { } int ret = 0; - uint8_t largeBlobKey[32]; + uint8_t largeBlobKey[32] = {0}; if (extensions.largeBlobKey == ptrue && selcred->extensions.largeBlobKey == ptrue) { ret = credential_derive_large_blob_key(selcred->id.data, selcred->id.len, largeBlobKey); if (ret != 0) { @@ -408,7 +418,7 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { } size_t ext_len = 0; - uint8_t ext[512]; + uint8_t ext[512] = {0}; if (extensions.present == true) { cbor_encoder_init(&encoder, ext, sizeof(ext), 0); int l = 0; @@ -439,7 +449,7 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder, "hmac-secret")); - uint8_t sharedSecret[64]; + uint8_t sharedSecret[64] = {0}; mbedtls_ecp_point Qp; mbedtls_ecp_point_init(&Qp); mbedtls_mpi_lset(&Qp.Z, 1); @@ -461,13 +471,13 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret)); CBOR_ERROR(CTAP2_ERR_EXTENSION_FIRST); } - uint8_t salt_dec[64], poff = ((uint8_t)hmacSecretPinUvAuthProtocol - 1) * IV_SIZE; + uint8_t salt_dec[64] = {0}, poff = ((uint8_t)hmacSecretPinUvAuthProtocol - 1) * IV_SIZE; ret = decrypt((uint8_t)hmacSecretPinUvAuthProtocol, sharedSecret, salt_enc.data, (uint16_t)salt_enc.len, salt_dec); if (ret != 0) { mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret)); CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER); } - uint8_t cred_random[64], *crd = NULL; + uint8_t cred_random[64] = {0}, *crd = NULL; ret = credential_derive_hmac_key(selcred->id.data, selcred->id.len, cred_random); if (ret != 0) { mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret)); @@ -479,7 +489,7 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { else { crd = cred_random; } - uint8_t out1[64], hmac_res[80]; + uint8_t out1[64] = {0}, hmac_res[80] = {0}; mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), crd, 32, salt_dec, 32, out1); if ((uint8_t)salt_enc.len == 64 + poff) { mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), crd, 32, salt_dec + 32, 32, out1 + 32); @@ -519,7 +529,7 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { } memcpy(pa, clientDataHash.data, clientDataHash.len); - uint8_t hash[64], sig[MBEDTLS_ECDSA_MAX_LEN]; + uint8_t hash[64] = {0}, sig[MBEDTLS_ECDSA_MAX_LEN] = {0}; const mbedtls_md_info_t *md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); mbedtls_ecdsa_context ekey; mbedtls_ecdsa_init(&ekey); diff --git a/src/fido/cbor_make_credential.c b/src/fido/cbor_make_credential.c index effa18f..2a99b08 100644 --- a/src/fido/cbor_make_credential.c +++ b/src/fido/cbor_make_credential.c @@ -162,7 +162,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) { CBOR_PARSE_MAP_END(map, 1); uint8_t flags = FIDO2_AUT_FLAG_AT; - uint8_t rp_id_hash[32]; + uint8_t rp_id_hash[32] = {0}; mbedtls_sha256((uint8_t *) rp.id.data, rp.id.len, rp_id_hash, 0); if (pinUvAuthParam.present == true) { @@ -320,7 +320,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) { const known_app_t *ka = find_app_by_rp_id_hash(rp_id_hash); - uint8_t cred_id[MAX_CRED_ID_LENGTH]; + uint8_t cred_id[MAX_CRED_ID_LENGTH] = {0}; size_t cred_id_len = 0; CBOR_CHECK(credential_create(&rp.id, &user.id, &user.parent.name, &user.displayName, &options, @@ -331,7 +331,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) { flags |= FIDO2_AUT_FLAG_UV; } size_t ext_len = 0; - uint8_t ext[512]; + uint8_t ext[512] = {0}; CborEncoder encoder, mapEncoder, mapEncoder2; if (extensions.present == true) { cbor_encoder_init(&encoder, ext, sizeof(ext), 0); @@ -400,7 +400,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) { } size_t olen = 0; uint32_t ctr = get_sign_counter(); - uint8_t cbor_buf[1024]; + uint8_t cbor_buf[1024] = {0}; cbor_encoder_init(&encoder, cbor_buf, sizeof(cbor_buf), 0); CBOR_CHECK(COSE_key(&ekey, &encoder, &mapEncoder)); size_t rs = cbor_encoder_get_buffer_size(&encoder, cbor_buf); @@ -426,7 +426,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) { } memcpy(pa, clientDataHash.data, clientDataHash.len); - uint8_t hash[64], sig[MBEDTLS_ECDSA_MAX_LEN]; + uint8_t hash[64] = {0}, sig[MBEDTLS_ECDSA_MAX_LEN] = {0}; const mbedtls_md_info_t *md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); if (ekey.grp.id == MBEDTLS_ECP_DP_SECP384R1) { md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA384); @@ -447,7 +447,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) { ret = mbedtls_ecdsa_write_signature(&ekey, mbedtls_md_get_type(md), hash, mbedtls_md_get_size(md), sig, sizeof(sig), &olen, random_gen, NULL); mbedtls_ecdsa_free(&ekey); - uint8_t largeBlobKey[32]; + uint8_t largeBlobKey[32] = {0}; if (extensions.largeBlobKey == ptrue && options.rk == ptrue) { ret = credential_derive_large_blob_key(cred_id, cred_id_len, largeBlobKey); if (ret != 0) { diff --git a/src/fido/ctap2_cbor.h b/src/fido/ctap2_cbor.h index 84723da..abcc695 100644 --- a/src/fido/ctap2_cbor.h +++ b/src/fido/ctap2_cbor.h @@ -159,7 +159,7 @@ typedef struct CborCharString { #define CBOR_FIELD_GET_KEY_TEXT(_n) \ CBOR_ASSERT(cbor_value_is_text_string(&(_f##_n)) == true); \ - char _fd##_n[64]; \ + char _fd##_n[64] = {0}; \ size_t _fdl##_n = sizeof(_fd##_n); \ CBOR_CHECK(cbor_value_copy_text_string(&(_f##_n), _fd##_n, &_fdl##_n, &(_f##_n)))