fix(cable): bound decrypt_frame indexing on malformed Noise plaintext

After Noise transport decryption, the last byte of the plaintext is
read as a 0..=255 padding length and the frame is truncated by
`padding_len + 1`. Two crash inputs are reachable from any
legitimate-but-malicious paired peer:

1. Empty plaintext (Noise transport accepts a 16-byte AEAD-tag-only
   ciphertext, decrypting to 0 bytes): reading `frame[len - 1]`
   underflows to `usize::MAX` and panics with `index out of bounds`.
2. Under-padded plaintext (e.g., `[0x05]`): `1 - 6` panics in debug
   builds and silently wraps in release, so the subsequent
   `truncate(huge)` no-ops and the malformed plaintext is parsed
   downstream.

Extract the padding-stripping into a `strip_frame_padding` helper that
uses `.last()` and `.checked_sub`, returning
`Error::Transport(TransportError::InvalidFraming)` on either edge
case. Add regression tests for the empty and overlong-padding inputs
plus a happy-path check.

Author: AlfioEmanueleFresta

libwebauthn/src/transport/cable/tunnel.rs

@@ -523,6 +523,31 @@ async fn connection_recv_binary_frame(message: Message) -> Result<Option<Vec<u8>
     }
 }
 
+/// Strip the trailing padding-length byte and `padding_len` bytes of padding
+/// from a decrypted Noise transport frame, returning `InvalidFraming` on an
+/// empty plaintext or a declared padding length that exceeds the frame.
+fn strip_frame_padding(mut decrypted_frame: Vec<u8>) -> Result<Vec<u8>, Error> {
+    let padding_len = match decrypted_frame.last() {
+        Some(&b) => b as usize,
+        None => {
+            error!("Decrypted frame is empty; cannot read padding length");
+            return Err(Error::Transport(TransportError::InvalidFraming));
+        }
+    };
+    let new_len = decrypted_frame
+        .len()
+        .checked_sub(padding_len + 1)
+        .ok_or_else(|| {
+            error!(
+                frame_len = decrypted_frame.len(),
+                padding_len, "Padding length exceeds frame length"
+            );
+            Error::Transport(TransportError::InvalidFraming)
+        })?;
+    decrypted_frame.truncate(new_len);
+    Ok(decrypted_frame)
+}
+
 async fn decrypt_frame(
     encrypted_frame: Vec<u8>,
     noise_state: &mut TunnelNoiseState,
@@ -543,8 +568,7 @@ async fn decrypt_frame(
         }
     }
 
-    let padding_len = decrypted_frame[decrypted_frame.len() - 1] as usize;
-    decrypted_frame.truncate(decrypted_frame.len() - (padding_len + 1));
+    let decrypted_frame = strip_frame_padding(decrypted_frame)?;
     trace!(
         ?decrypted_frame,
         decrypted_frame_len = decrypted_frame.len(),
@@ -795,4 +819,32 @@ mod tests {
     }
 
     // TODO: test the non-known case
+
+    #[test]
+    fn strip_frame_padding_rejects_empty() {
+        let result = strip_frame_padding(Vec::new());
+        assert!(matches!(
+            result,
+            Err(Error::Transport(TransportError::InvalidFraming))
+        ));
+    }
+
+    #[test]
+    fn strip_frame_padding_rejects_overlong_padding() {
+        // Length 1 + declared padding of 5 -> would require subtracting 6 from 1.
+        let frame = vec![0x05u8];
+        let result = strip_frame_padding(frame);
+        assert!(matches!(
+            result,
+            Err(Error::Transport(TransportError::InvalidFraming))
+        ));
+    }
+
+    #[test]
+    fn strip_frame_padding_strips_normal_padding() {
+        // 4 bytes of payload, 3 bytes of zero padding, then padding-length 3.
+        let frame = vec![0xAA, 0xBB, 0xCC, 0xDD, 0x00, 0x00, 0x00, 0x03];
+        let stripped = strip_frame_padding(frame).unwrap();
+        assert_eq!(stripped, vec![0xAA, 0xBB, 0xCC, 0xDD]);
+    }
 }