From 2b482f0c43410c78a8affee162928365561e54c1 Mon Sep 17 00:00:00 2001
From: Conor Patrick <conorpp@vt.edu>
Date: Thu, 24 May 2018 23:13:47 -0400
Subject: [PATCH] couple bugs in excludeList fixed..

---
 ctap.c       |  4 ++++
 ctap.h       |  2 +-
 ctap_parse.c | 17 +++++++++--------
 3 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/ctap.c b/ctap.c
index 1124086..a0eeb96 100644
--- a/ctap.c
+++ b/ctap.c
@@ -482,6 +482,10 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt
     for (i = 0; i < MC.excludeListSize; i++)
     {
         ret = parse_credential_descriptor(&MC.excludeList, excl_cred);
+        if (ret == CTAP2_ERR_CBOR_UNEXPECTED_TYPE)
+        {
+            continue;
+        }
         check_retr(ret);
 
         if (ctap_authenticate_credential(&MC.rp, excl_cred))
diff --git a/ctap.h b/ctap.h
index 485969f..ea3dd02 100644
--- a/ctap.h
+++ b/ctap.h
@@ -165,7 +165,7 @@ typedef struct
     int32_t COSEAlgorithmIdentifier;
 
     CborValue excludeList;
-    int excludeListSize;
+    size_t excludeListSize;
 
     uint8_t rk;
     uint8_t uv;
diff --git a/ctap_parse.c b/ctap_parse.c
index 531574e..f59ba88 100644
--- a/ctap_parse.c
+++ b/ctap_parse.c
@@ -473,7 +473,7 @@ uint8_t ctap_parse_make_credential(CTAP_makeCredential * MC, CborEncoder * encod
     size_t map_length;
     size_t sz;
     CborParser parser;
-    CborValue it,map;
+    CborValue it,map,val;
 
     memset(MC, 0, sizeof(CTAP_makeCredential));
     ret = cbor_parser_init(request, length, CborValidateCanonicalFormat, &parser, &it);
@@ -560,14 +560,15 @@ uint8_t ctap_parse_make_credential(CTAP_makeCredential * MC, CborEncoder * encod
                 {
                     ret = cbor_value_enter_container(&map, &MC->excludeList);
                     check_ret(ret);
-                    ret = cbor_value_get_int_checked(&map, &MC->excludeListSize);
+
+                    ret = cbor_value_get_array_length(&map, &MC->excludeListSize);
                     check_ret(ret);
                 }
                 else
                 {
                     return CTAP2_ERR_INVALID_CBOR_TYPE;
                 }
-
+                printf1(TAG_MC,"CTAP_excludeList done\n");
                 break;
             case MC_extensions:
                 printf1(TAG_MC,"CTAP_extensions\n");
@@ -608,7 +609,6 @@ uint8_t ctap_parse_make_credential(CTAP_makeCredential * MC, CborEncoder * encod
         {
             return ret;
         }
-
         cbor_value_advance(&map);
         check_ret(ret);
     }
@@ -624,7 +624,7 @@ uint8_t parse_credential_descriptor(CborValue * arr, CTAP_credentialDescriptor *
     CborValue val;
     if (cbor_value_get_type(arr) != CborMapType)
     {
-        printf2(TAG_ERR,"Error, CborMapType expected in allow_list\n");
+        printf2(TAG_ERR,"Error, CborMapType expected in credential\n");
         return CTAP2_ERR_INVALID_CBOR_TYPE;
     }
 
@@ -666,9 +666,6 @@ uint8_t parse_credential_descriptor(CborValue * arr, CTAP_credentialDescriptor *
         cred->type = PUB_KEY_CRED_UNKNOWN;
     }
 
-    ret = cbor_value_advance(arr);
-    check_ret(ret);
-
     return 0;
 }
 
@@ -706,6 +703,10 @@ uint8_t parse_allow_list(CTAP_getAssertion * GA, CborValue * it)
 
         ret = parse_credential_descriptor(&arr,cred);
         check_retr(ret);
+
+        ret = cbor_value_advance(&arr);
+        check_ret(ret);
+
     }
     return 0;
 }