bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2026-02-09 13:10:17 +00:00
Code Issues Releases Wiki Activity

Always check signature

Browse Source
This commit is contained in:
Isaiah Inuwa
2025-12-18 14:35:30 -06:00
parent 2a3c0f5282
commit b01694438f
1 changed files with 10 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
apps/desktop/desktop_native/win_webauthn/src/plugin/mod.rs
View File

@@ -2,7 +2,7 @@ pub(crate) mod com;
pub(crate) mod crypto;
pub(crate) mod types;
use std::{error::Error, ptr::NonNull};
use std::{error::Error, mem::MaybeUninit, ptr::NonNull};
use types::*;
pub use types::{
@@ -176,26 +176,22 @@ impl WebAuthnPlugin {
pwszDisplayHint: hint.map_or(std::ptr::null(), |buf| buf.leak()),
};
let mut response_len = 0;
let mut response_ptr = std::ptr::null_mut();
let mut response_ptr = MaybeUninit::uninit();
unsafe {
let hresult = webauthn_plugin_perform_user_verification(
&uv_request,
&mut response_len,
&mut response_ptr,
response_ptr.as_mut_ptr(),
)?;
match hresult {
S_OK => {
let signature = if response_len > 0 {
Vec::new()
} else {
// SAFETY: Windows only runs on platforms where usize >= u32;
let len = response_len as usize;
// SAFETY: Windows returned successful response code and length, so we
// assume that the data is initialized
let signature = std::slice::from_raw_parts(response_ptr, len).to_vec();
pub_key.verify_signature(operation_request, &signature)?;
signature
};
// SAFETY: Windows returned successful response code and length, so we
// assume that the data and length are initialized
let response_ptr = response_ptr.assume_init();
// SAFETY: Windows only runs on platforms where usize >= u32;
let len = response_len as usize;
let signature = std::slice::from_raw_parts(response_ptr, len).to_vec();
pub_key.verify_signature(operation_request, &signature)?;
webauthn_plugin_free_user_verification_response(response_ptr)?;
Ok(PluginUserVerificationResponse {
transaction_id: request.transaction_id,