[Webkit-unassigned] [Bug 219434] [WebAuthn] Crash of the browser when rp.icon is too long and device is Yubikey (overflow?)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Mar 3 10:57:46 PST 2021
https://bugs.webkit.org/show_bug.cgi?id=219434
login Llama <loginllama at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |loginllama at gmail.com
--- Comment #8 from login Llama <loginllama at gmail.com> ---
In webAuthn level 1 authenticators could ignore icon values greater than 128 bytes.
In webAuthn level 2 icons were removed completely as they were never displayed by browsers.
A guess off the top of my head is that if Safari is trying to send a 9kb value that is going to blow up the buffer.
I did file another issue 220415 about Safari ignoring authenticators maxMsgSize.
That was in the context of exclude lists however, the same bug would more than explain this.
They Yubikey 5 has a maxMsgSize of 1200bytes. If Safari sends more than that it will get back an error.
Over NFC a NFC layer error SW_DATA_INVALID
Over USB a CTAP error is returned CTAP1_ERR_INVALID_LENGTH after the first APDU is received.
In neither case is Safari gracefully dealing with the error.
Safari shouldn't be exceeding maxMsgSize in the first place.
I hope that solves the mystery of why there is an error. It also won't happen if the authenticator is U2F only, or may fail in CTAP2.0 then retry in U2F and succeed.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210303/0179687f/attachment-0001.htm>
More information about the webkit-unassigned
mailing list