Comments (5)
In what way does this impact the u2fh_register2() function and what errors does it lead to?
And do you have a proposed way of fixing this?
from libu2f-host.
error
please note the response in u2fh_register2().the response is same as p in my test code.if you use the u2fh_register2(),you may get wrong result in response,because function u2fh_register2() write to wrong address
in test code result,you can see that if we use str2,it write result in 0x0060FF10 rather then 0x0060FF2C
U2FH_EXPORT u2fh_rc u2fh_register (u2fh_devs * devs,
const char *challenge,
const char *origin,
char **response, u2fh_cmdflags flags);
U2FH_EXPORT u2fh_rc u2fh_register2 (u2fh_devs * devs,
const char *challenge,
const char *origin,
char *response, size_t * response_len,
u2fh_cmdflags flags);
u2fh_rc
u2fh_register2 (u2fh_devs * devs,
const char *challenge,
const char *origin, char *response, size_t * response_len,
u2fh_cmdflags flags)
{
return _u2fh_register (devs, challenge, origin, &response, response_len,
flags);
}
u2fh_rc
u2fh_register (u2fh_devs * devs,
const char *challenge,
const char *origin, char **response, u2fh_cmdflags flags)
{
size_t response_len = 0;
*response = NULL;
return _u2fh_register (devs, challenge, origin, response, &response_len,
flags);
}
solution
you can change u2fh_register2 response from char * to char **,and fix _u2fh_register
the u2fh_authenticate2 can be fixed use the same method
U2FH_EXPORT u2fh_rc u2fh_register2 (u2fh_devs * devs,
const char *challenge,
const char *origin,
char **response, size_t * response_len,
u2fh_cmdflags flags);
u2fh_rc
u2fh_register2 (u2fh_devs * devs,
const char *challenge,
const char *origin, char **response, size_t * response_len,
u2fh_cmdflags flags)
{
return _u2fh_register (devs, challenge, origin, response, response_len,
flags);
from libu2f-host.
We never write to the response directly, only to the dereferenced version of it.
Can you show an example that breaks the way it is now?
Changing the API is not really an option.
from libu2f-host.
In function u2fh_register2, the parameter sent to _u2fh_register is &response, which is different from that of u2f_register. That would cause a problem as I stated in the first example.
from libu2f-host.
We are archiving this project and closing issues. Please open a new one in the replacement library's repo: https://github.com/Yubico/libfido2 if it is still applicable.
from libu2f-host.
Related Issues (20)
- Linking failure with version 1.1.6 HOT 1
- /bin/bash: gtkdoc-mktmpl: command not found HOT 9
- configure doesn't check for all its dependencies HOT 1
- use CommonCrypto instead of gnulib on darwin HOT 1
- Duplicate Registration of the same device HOT 2
- Clarify the licensing situation for metadata extracted from udev rules HOT 2
- pamu2fcfg failure with Thetis key with libu2f-host 1.1.8-1 HOT 3
- error in systemd-udevd : Specified group 'plugdev' unknown HOT 7
- Release schedule? HOT 2
- udev rule for gpg access HOT 1
- Udev rules possibly broken
- Add support device Active Rutoken u2f HOT 1
- Can't find U2F device on Windows 10 May 2019 Update (1903) HOT 2
- ykman doesn't list Yubico Nano 4C/5C, but I can use it from Chrome HOT 3
- README: example URL is 404 HOT 2
- error (-3): error in JSON handling HOT 1
- Please simplify unlocking U2F on Linux HOT 1
- Make the udev rules work without systemd HOT 2
- Would like to see a new release HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from libu2f-host.