From 47a2b131e906014863c0913572b5294f4789e438 Mon Sep 17 00:00:00 2001
From: Conor Patrick <conorpp94@gmail.com>
Date: Thu, 27 Feb 2020 15:27:23 -0500
Subject: [PATCH] more strict checks in cbor parsing

---
 fido2/ctap_parse.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/fido2/ctap_parse.c b/fido2/ctap_parse.c
index 9c155d2..4a2f316 100644
--- a/fido2/ctap_parse.c
+++ b/fido2/ctap_parse.c
@@ -666,8 +666,8 @@ uint8_t ctap_parse_extensions(CborValue * val, CTAP_extensions * ext)
         if (ret == CborErrorOutOfMemory)
         {
             printf2(TAG_ERR,"Error, rp map key is too large. Ignoring.\n");
-            cbor_value_advance(&map);
-            cbor_value_advance(&map);
+            check_ret( cbor_value_advance(&map) );
+            check_ret( cbor_value_advance(&map) );
             continue;
         }
         check_ret(ret);
@@ -1353,11 +1353,21 @@ uint8_t ctap_parse_client_pin(CTAP_clientPin * CP, uint8_t * request, int length
                 break;
             case CP_getKeyAgreement:
                 printf1(TAG_CP,"CP_getKeyAgreement\n");
+                if (cbor_value_get_type(&map) != CborBooleanType)
+                {
+                    printf2(TAG_ERR,"Error, expecting cbor boolean\n");
+                    return CTAP2_ERR_INVALID_CBOR_TYPE;
+                }
                 ret = cbor_value_get_boolean(&map, &CP->getKeyAgreement);
                 check_ret(ret);
                 break;
             case CP_getRetries:
                 printf1(TAG_CP,"CP_getRetries\n");
+                if (cbor_value_get_type(&map) != CborBooleanType)
+                {
+                    printf2(TAG_ERR,"Error, expecting cbor boolean\n");
+                    return CTAP2_ERR_INVALID_CBOR_TYPE;
+                }
                 ret = cbor_value_get_boolean(&map, &CP->getRetries);
                 check_ret(ret);
                 break;