Re-instate the length check for Le bytes

marilynfize · Dec 14, 2020 · 35bdfe9 · 35bdfe9
1 parent dbbdddd
commit 35bdfe9
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/src/ctap/apdu.rs b/src/ctap/apdu.rs
@@ -179,6 +179,9 @@ impl TryFrom<&[u8]> for APDU {
                 .len()
                 .checked_sub(extended_apdu_lc + 3)
                 .ok_or(ApduStatusCode::SW_WRONG_LENGTH)?;
+            if extended_apdu_le_len > 3 {
+                return Err(ApduStatusCode::SW_WRONG_LENGTH);
+            }
 
             if byte_0 == 0 && extended_apdu_le_len <= 3 {
                 // If first byte is zero AND the next two bytes can be parsed as a big-endian

diff --git a/src/ctap/ctap1.rs b/src/ctap/ctap1.rs
@@ -542,7 +542,7 @@ mod test {
 
         message.push(0x00);
         let response = Ctap1Command::process_command(&message, &mut ctap_state, START_CLOCK_VALUE);
-        assert_eq!(response, Err(Ctap1StatusCode::SW_INTERNAL_EXCEPTION));
+        assert_eq!(response, Err(Ctap1StatusCode::SW_WRONG_LENGTH));
     }
 
     #[test]