From: Lennart Poettering Date: Thu, 27 May 2021 20:59:18 +0000 (+0200) Subject: fido2: make misadvertised clientPin feature fatal X-Git-Tag: v249-rc1~129^2~3 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ec543d18d459ad39cd34923eaeafb233e031b196;p=thirdparty%2Fsystemd.git fido2: make misadvertised clientPin feature fatal We need really need to trust the feature set, since we are about to set it in stone storing the result in JSON, hence react a bit more allergic about token that misadvertise the feature. Note that I added this to be defensive, I am not aware any token that actually misadvertises this. hence it should be safe to make this fatal, and should this not work we can always revisit things. --- diff --git a/src/shared/libfido2-util.c b/src/shared/libfido2-util.c index 4a901cd38c9..573aef238cd 100644 --- a/src/shared/libfido2-util.c +++ b/src/shared/libfido2-util.c @@ -606,13 +606,15 @@ int fido2_generate_hmac_hash( r = sym_fido_dev_make_cred(d, c, NULL); if (r == FIDO_ERR_PIN_REQUIRED) { + + if (!has_client_pin) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), + "Token asks for PIN but doesn't advertise 'clientPin' feature."); + for (;;) { _cleanup_(strv_free_erasep) char **pin = NULL; char **i; - if (!has_client_pin) - log_warning("Weird, device asked for client PIN, but does not advertise it as feature. Ignoring."); - r = ask_password_auto("Please enter security token PIN:", askpw_icon_name, NULL, "fido2-pin", "fido2-pin", USEC_INFINITY, 0, &pin); if (r < 0) return log_error_errno(r, "Failed to acquire user PIN: %m");