Commit 3654ab6
committed
feat(ctap2): enforce authenticatorGetInfo credential-list and message-size limits
The maxMsgSize, maxCredentialCountInList and maxCredentialIdLength fields from authenticatorGetInfo were parsed but never read. Enforce them before sending make-credential and get-assertion requests on both the preflight and non-preflight paths so cable is covered. Drop allow and exclude entries whose id exceeds maxCredentialIdLength, reject lists over maxCredentialCountInList, and bound the serialized request by maxMsgSize using the 1024-byte default when the field is absent. A new PlatformError::RequestTooLarge surfaces these cases instead of relying on the authenticator CTAP status.1 parent 9187409 commit 3654ab6
3 files changed
Lines changed: 383 additions & 4 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
155 | 155 | | |
156 | 156 | | |
157 | 157 | | |
| 158 | + | |
| 159 | + | |
| 160 | + | |
158 | 161 | | |
| 162 | + | |
| 163 | + | |
| 164 | + | |
| 165 | + | |
| 166 | + | |
| 167 | + | |
| 168 | + | |
| 169 | + | |
| 170 | + | |
| 171 | + | |
| 172 | + | |
| 173 | + | |
| 174 | + | |
| 175 | + | |
| 176 | + | |
| 177 | + | |
| 178 | + | |
| 179 | + | |
| 180 | + | |
159 | 181 | | |
160 | 182 | | |
161 | 183 | | |
| |||
607 | 629 | | |
608 | 630 | | |
609 | 631 | | |
| 632 | + | |
| 633 | + | |
| 634 | + | |
| 635 | + | |
| 636 | + | |
| 637 | + | |
| 638 | + | |
| 639 | + | |
| 640 | + | |
| 641 | + | |
| 642 | + | |
| 643 | + | |
| 644 | + | |
| 645 | + | |
| 646 | + | |
| 647 | + | |
| 648 | + | |
| 649 | + | |
| 650 | + | |
| 651 | + | |
| 652 | + | |
| 653 | + | |
| 654 | + | |
| 655 | + | |
| 656 | + | |
| 657 | + | |
| 658 | + | |
| 659 | + | |
| 660 | + | |
| 661 | + | |
| 662 | + | |
| 663 | + | |
| 664 | + | |
| 665 | + | |
| 666 | + | |
| 667 | + | |
| 668 | + | |
| 669 | + | |
| 670 | + | |
| 671 | + | |
| 672 | + | |
| 673 | + | |
| 674 | + | |
610 | 675 | | |
611 | 676 | | |
612 | 677 | | |
| |||
0 commit comments