u2f: accept short APDU

The ISO7816-4 standard for APDU format says the APDU header minimum size is 4 bytes (CLA, INS, P1, P2). The Lc field is absent if the command has no data. Update the size check to accept short APDU (the actual APDU len was already computed properly for this case). Signed-off-by: Vincent Palatin <vpalatin@chromium.org> BRANCH=cr50 BUG=b:72788497 TEST=adhoc Change-Id: Ic60fa51bd4746b04016c488a38fe3ae7585e9942 Reviewed-on: https://chromium-review.googlesource.com/1005345 Commit-Ready: Vincent Palatin <vpalatin@chromium.org> Tested-by: Vincent Palatin <vpalatin@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
2026-01-13 03:15:06 +00:00 · 2018-04-06 17:43:07 +02:00
parent fb7817c735
commit 209f47b692
1 changed files with 1 additions and 1 deletions
--- a/common/u2f.c
+++ b/common/u2f.c
@@ -333,7 +333,7 @@ unsigned u2f_apdu_rcv(uint8_t *buf, unsigned in_len, unsigned max_len)

 	CPRINTF("%T/%d U2F APDU ", apdu.len);
 	/* Is the APDU well-formed including its payload ? */
-	if (in_len < 5 || (apdu.len > in_len - (apdu.data - buf))) {
+	if (in_len < 4 || (apdu.len > in_len - (apdu.data - buf))) {
 		sw = U2F_SW_WRONG_LENGTH;
 		goto ret_status;
 	}