New issue
Advanced search Search tips

Issue 876109 link

Starred by 1 user

Issue metadata

Status: Assigned
Owner:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

Fix response code handling in AuthenticatorImpl

Project Member Reported by martinkr@google.com, Aug 20

Issue description

AuthenticatorImpl::On{Sign,Register}Response contains UNREACHED() statements for response codes specific to GetAssertion that should not occur during MakeCredential and vice versa. However, these lines are not actually guaranteed to be unreached for erratically behaving authenticators.

A fix would be to sanitize the returned response codes better in {GetAssertion,MakeCredential}RequestHandler

See discussion in https://chromium-review.googlesource.com/c/chromium/src/+/1181863/1/content/browser/webauth/authenticator_impl.cc#637.
 

Sign in to add a comment