fix(proto): bounds-check slicing flagged by clippy::indexing_slicing

AlfioEmanueleFresta · AlfioEmanueleFresta · commit f78e4c154689 · 2026-05-10T21:13:10.000+01:00
Replace direct slice / index access with `.get()`, `split_first`,
`split_at`, or iterator-based equivalents in CTAP message parsing and
PIN/UV helpers. Functions affected:

- `fido::AuthenticatorData::deserialize`: bound the trailing-data check.
- `pin::PinUvAuthProtocolOne::authenticate`: handle the (impossible in
  practice) case of an HMAC output shorter than 16 bytes.
- `pin::pin_hash`: use iterator `take(16)` on the SHA-256 output.
- `proto::ctap1::apdu::ApduResponse::try_from`: rewrite using
  `checked_sub` and `split_at` so an empty / 1-byte packet errors out.
- `proto::ctap1::model`: bound the U2F register-response signature
  split via `checked_sub`.
- `proto::ctap2::cbor::CborResponse::try_from`: rewrite using
  `split_first`.
- `proto::ctap2::model::get_assertion`: convert SHA-256 outputs to
  `[u8; 32]` via `GenericArray::into` and use `first()` on the
  allowList shortcut.
diff --git a/libwebauthn/src/fido.rs b/libwebauthn/src/fido.rs
@@ -249,7 +249,11 @@ impl<'de, T: DeserializeOwned> Deserialize<'de> for AuthenticatorData<T> {
                     };
 
                 // Check if we have trailing data
-                if !&data[cursor.position() as usize..].is_empty() {
+                let pos = cursor.position() as usize;
+                let trailing = data.get(pos..).ok_or_else(|| {
+                    DesError::custom("cursor advanced past end of authenticator data")
+                })?;
+                if !trailing.is_empty() {
                     return Err(DesError::invalid_length(data.len(), &"trailing data"));
                 }
 
diff --git a/libwebauthn/src/pin.rs b/libwebauthn/src/pin.rs
@@ -264,7 +264,14 @@ impl PinUvAuthProtocol for PinUvAuthProtocolOne {
     fn authenticate(&self, key: &[u8], message: &[u8]) -> Result<Vec<u8>, Error> {
         // Return the first 16 bytes of the result of computing HMAC-SHA-256 with the given key and message.
         let hmac = hmac_sha256(key, message)?;
-        Ok(Vec::from(&hmac[..16]))
+        // HMAC-SHA-256 produces 32 bytes, so this slice is always valid.
+        let truncated = hmac.get(..16).ok_or_else(|| {
+            error!(len = hmac.len(), "HMAC output shorter than 16 bytes");
+            Error::Platform(PlatformError::CryptoError(
+                "HMAC output shorter than 16 bytes".into(),
+            ))
+        })?;
+        Ok(Vec::from(truncated))
     }
 
     #[instrument(skip_all)]
@@ -440,8 +447,9 @@ impl PinUvAuthProtocol for PinUvAuthProtocolTwo {
 pub fn pin_hash(pin: &[u8]) -> Vec<u8> {
     let mut hasher = Sha256::default();
     hasher.update(pin);
-    let hashed = hasher.finalize().to_vec();
-    Vec::from(&hashed[..16])
+    let hashed = hasher.finalize();
+    // SHA-256 output is fixed at 32 bytes; keep only the first 16 per the spec.
+    hashed.into_iter().take(16).collect()
 }
 
 pub fn hmac_sha256(key: &[u8], message: &[u8]) -> Result<Vec<u8>, Error> {
diff --git a/libwebauthn/src/proto/ctap1/apdu/response.rs b/libwebauthn/src/proto/ctap1/apdu/response.rs
@@ -45,19 +45,26 @@ impl ApduResponse {
 impl TryFrom<&Vec<u8>> for ApduResponse {
     type Error = IOError;
     fn try_from(packet: &Vec<u8>) -> Result<Self, Self::Error> {
-        if packet.len() < 2 {
-            return Err(IOError::new(
+        let split_at = packet.len().checked_sub(2).ok_or_else(|| {
+            IOError::new(
                 IOErrorKind::InvalidData,
                 "Apdu response packets must contain at least 2 bytes.",
-            ));
-        }
+            )
+        })?;
+        let (body, status) = packet.split_at(split_at);
+        // `status` is guaranteed to have exactly 2 elements by construction above.
+        let sw1 = *status
+            .first()
+            .ok_or_else(|| IOError::new(IOErrorKind::InvalidData, "Missing APDU status byte 1"))?;
+        let sw2 = *status
+            .get(1)
+            .ok_or_else(|| IOError::new(IOErrorKind::InvalidData, "Missing APDU status byte 2"))?;
 
-        let data = if packet.len() > 2 {
-            Some(Vec::from(&packet[0..packet.len() - 2]))
-        } else {
+        let data = if body.is_empty() {
             None
+        } else {
+            Some(Vec::from(body))
         };
-        let (sw1, sw2) = (packet[packet.len() - 2], packet[packet.len() - 1]);
 
         Ok(Self { data, sw1, sw2 })
     }
diff --git a/libwebauthn/src/proto/ctap1/model.rs b/libwebauthn/src/proto/ctap1/model.rs
@@ -142,7 +142,18 @@ impl TryFrom<ApduResponse> for Ctap1RegisterResponse {
             "Failed to parse X509 attestation data",
         )))?;
         let signature = Vec::from(signature);
-        let attestation = Vec::from(&remaining[0..remaining.len() - signature.len()]);
+        // `signature` is a suffix of `remaining` returned by `X509Certificate::from_der`,
+        // so the split index is always within bounds in practice; bound it explicitly.
+        let split_at = remaining
+            .len()
+            .checked_sub(signature.len())
+            .ok_or_else(|| {
+                IOError::new(
+                    IOErrorKind::InvalidData,
+                    "Signature longer than remaining U2F register response data",
+                )
+            })?;
+        let attestation = Vec::from(remaining.get(..split_at).unwrap_or(&[]));
 
         Ok(Ctap1RegisterResponse {
             version: Ctap1Version::U2fV2,
diff --git a/libwebauthn/src/proto/ctap2/cbor/response.rs b/libwebauthn/src/proto/ctap2/cbor/response.rs
@@ -25,25 +25,25 @@ impl CborResponse {
 impl TryFrom<&Vec<u8>> for CborResponse {
     type Error = IOError;
     fn try_from(packet: &Vec<u8>) -> Result<Self, Self::Error> {
-        if packet.is_empty() {
-            return Err(IOError::new(
+        let (status_byte, body) = packet.split_first().ok_or_else(|| {
+            IOError::new(
                 IOErrorKind::InvalidData,
                 "Cbor response packets must contain at least 1 byte.",
-            ));
-        }
+            )
+        })?;
 
-        let Ok(status_code) = packet[0].try_into() else {
-            error!({ code = ?packet[0] }, "Invalid CTAP error code");
+        let Ok(status_code) = (*status_byte).try_into() else {
+            error!({ code = ?*status_byte }, "Invalid CTAP error code");
             return Err(IOError::new(
                 IOErrorKind::InvalidData,
-                format!("Invalid CTAP error code: {:x}", packet[0]),
+                format!("Invalid CTAP error code: {:x}", status_byte),
             ));
         };
 
-        let data = if packet.len() > 1 {
-            Some(Vec::from(&packet[1..]))
-        } else {
+        let data = if body.is_empty() {
             None
+        } else {
+            Some(Vec::from(body))
         };
         Ok(CborResponse { status_code, data })
     }
diff --git a/libwebauthn/src/proto/ctap2/model/get_assertion.rs b/libwebauthn/src/proto/ctap2/model/get_assertion.rs
@@ -332,19 +332,18 @@ impl Ctap2GetAssertionRequestExtensions {
 
             let mut hasher = Sha256::default();
             hasher.update(salt1_input);
-            let salt1_hash = hasher.finalize().to_vec();
-            input.salt1.copy_from_slice(&salt1_hash[..32]);
+            // SHA-256 produces a fixed 32-byte output, which lines up with salt1.
+            let salt1_hash: [u8; 32] = hasher.finalize().into();
+            input.salt1.copy_from_slice(&salt1_hash);
 
             // 5.2 If ev.second is present, let salt2 be the value of SHA-256(UTF8Encode("WebAuthn PRF") || 0x00 || ev.second).
             if let Some(second) = ev.second {
                 let mut salt2_input = prefix.clone();
                 salt2_input.extend(second);
                 let mut hasher = Sha256::default();
                 hasher.update(salt2_input);
-                let salt2_hash = hasher.finalize().to_vec();
-                let mut salt2 = [0u8; 32];
-                salt2.copy_from_slice(&salt2_hash[..32]);
-                input.salt2 = Some(salt2);
+                let salt2_hash: [u8; 32] = hasher.finalize().into();
+                input.salt2 = Some(salt2_hash);
             };
 
             Ok(Some(input))
@@ -481,7 +480,7 @@ impl Ctap2GetAssertionResponse {
         // We always return it, for convenience.
         let credential_id = self.credential_id.or_else(|| {
             if request.allow.len() == 1 {
-                Some(request.allow[0].clone())
+                request.allow.first().cloned()
             } else {
                 None
             }
