From 7a6b8a6af457b0f5f4a1a419ef02149f3aeb8fa6 Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Fri, 23 Sep 2022 18:20:39 +0200
Subject: [PATCH] Added size check.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 src/fido/cmd_authenticate.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/fido/cmd_authenticate.c b/src/fido/cmd_authenticate.c
index dd6fd87..bc09660 100644
--- a/src/fido/cmd_authenticate.c
+++ b/src/fido/cmd_authenticate.c
@@ -29,6 +29,8 @@ int cmd_authenticate() {
     CTAP_AUTHENTICATE_RESP *resp = (CTAP_AUTHENTICATE_RESP *)res_APDU;
     //if (scan_files(true) != CCID_OK)
     //    return SW_EXEC_ERROR();
+    if (apdu.nc < CTAP_CHAL_SIZE+CTAP_APPID_SIZE+1+1)
+        return SW_WRONG_DATA();
     if (req->keyHandleLen < KEY_HANDLE_LEN)
         return SW_WRONG_DATA();
     if (P1(apdu) == CTAP_AUTH_ENFORCE && wait_button_pressed() == true)