New issue
Advanced search Search tips

Issue 827564 link

Starred by 1 user
Status: WontFix
Owner:
agl@chromium.org
Closed: Today
Cc:
kenrb@chromium.org
martinkr@google.com
engedy@chromium.org
ssoneff@google.com
kpaulhamus@chromium.org
jdoerrie@chromium.org
mknowles@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug


Participants' hotlists:
Hotlist-1


Sign in to add a comment

Minimise the chance that Chrome could be manipulated into sending invalid CBOR

Project Member Reported by engedy@chromium.org, Mar 30 2018 
For when Chrome will be sending CBOR to CTAP2 authenticators, try to minimise the chance that Chrome could be manipulated into sending invalid CBOR.

Comment 1 by engedy@chromium.org, Mar 31 2018

Labels: Hotlist-WebAuthnFixit

Comment 2 by engedy@chromium.org, Apr 4 2018

Labels: -Hotlist-WebAuthnFixit
Project Member

Comment 3 by bugdroid1@chromium.org, Apr 5 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e8bea50f748c433acecb72c28493899c9f0722e7

commit e8bea50f748c433acecb72c28493899c9f0722e7
Author: Adam Langley <agl@chromium.org>
Date: Thu Apr 05 21:56:34 2018

cbor: use static checks to ensure that all cases are handled.

By removing the default case the compiler will throw an error if any CBOR type is unhandled.

Change-Id: I6efd5c2fde89cf15ea4363cdc4d60b511979d6e8
Bug:  827564 
Reviewed-on: https://chromium-review.googlesource.com/982736
Commit-Queue: Adam Langley <agl@chromium.org>
Reviewed-by: Balazs Engedy <engedy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#548574}
[modify] https://crrev.com/e8bea50f748c433acecb72c28493899c9f0722e7/components/cbor/cbor_writer.cc

Comment 4 by kpaulhamus@chromium.org, Jun 5 2018 

Is this fixed as well?

Comment 5 by agl@chromium.org, Today (18 hours ago)

Status: WontFix (was: Started)

Sign in to add a comment