Reset internal state of GA to avoid phantom requests on GNA.

When a previous GA had more than 1 credential, it stored the full list in the internal state. Later, if a GA had only 1 credential, subsequent GNA returned older state of previous non-related GA. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2026-01-05 12:36:44 +01:00
parent ac7e34522a
commit 5fc84d7097
2 changed files with 21 additions and 13 deletions
--- a/src/fido/cbor.c
+++ b/src/fido/cbor.c
@@ -41,6 +41,7 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len);
 int cbor_config(const uint8_t *data, size_t len);
 int cbor_vendor(const uint8_t *data, size_t len);
 int cbor_large_blobs(const uint8_t *data, size_t len);
+extern void reset_gna_state();

 extern int cmd_read_config();

@@ -59,6 +60,9 @@ int cbor_parse(uint8_t cmd, const uint8_t *data, size_t len) {
    }
    if (cap_supported(CAP_FIDO2)) {
        if (cmd == CTAPHID_CBOR) {
+            if (data[0] != CTAP_GET_NEXT_ASSERTION) {
+                reset_gna_state();
+            }
            if (data[0] == CTAP_MAKE_CREDENTIAL) {
                return cbor_make_credential(data + 1, len - 1);
            }
--- a/src/fido/cbor_get_assertion.c
+++ b/src/fido/cbor_get_assertion.c
@@ -42,6 +42,22 @@ uint32_t timerx = 0;
 uint8_t *datax = NULL;
 size_t lenx = 0;

+void reset_gna_state() {
+    for (int i = 0; i < MAX_CREDENTIAL_COUNT_IN_LIST; i++) {
+        credential_free(&credsx[i]);
+    }
+    if (datax) {
+        free(datax);
+        datax = NULL;
+    }
+    lenx = 0;
+    residentx = false;
+    timerx = 0;
+    flagsx = 0;
+    credentialCounter = 0;
+    numberOfCredentialsx = 0;
+}
+
 int cbor_get_next_assertion(const uint8_t *data, size_t len) {
    (void) data;
    (void) len;
@@ -57,19 +73,7 @@ int cbor_get_next_assertion(const uint8_t *data, size_t len) {
    credentialCounter++;
 err:
    if (error != CborNoError || credentialCounter == numberOfCredentialsx) {
-        for (int i = 0; i < MAX_CREDENTIAL_COUNT_IN_LIST; i++) {
-            credential_free(&credsx[i]);
-        }
-        if (datax) {
-            free(datax);
-            datax = NULL;
-        }
-        lenx = 0;
-        residentx = false;
-        timerx = 0;
-        flagsx = 0;
-        credentialCounter = 0;
-        numberOfCredentialsx = 0;
+        reset_gna_state();
        if (error == CborErrorImproperValue) {
            return CTAP2_ERR_CBOR_UNEXPECTED_TYPE;
        }