From d424f0dea7931393c63a30452c3c01b82b4f9c69 Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Tue, 7 Oct 2025 21:11:50 +0200
Subject: [PATCH] Add sanity check.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 src/fido/credential.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/fido/credential.c b/src/fido/credential.c
index fa6b574..5c7bf53 100644
--- a/src/fido/credential.c
+++ b/src/fido/credential.c
@@ -442,6 +442,9 @@ int credential_derive_resident(const uint8_t *cred_id, size_t cred_id_len, uint8
 }
 
 bool credential_is_resident(const uint8_t *cred_id, size_t cred_id_len) {
+    if (cred_id_len < 4 + CRED_PROTO_RESIDENT_LEN) {
+        return false;
+    }
     return memcmp(cred_id + 4, CRED_PROTO_RESIDENT, CRED_PROTO_RESIDENT_LEN) == 0;
 }