Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Internal fido2.hid API is racy #175

Open
riastradh opened this issue Mar 11, 2023 · 0 comments
Open

Internal fido2.hid API is racy #175

riastradh opened this issue Mar 11, 2023 · 0 comments

Comments

@riastradh
Copy link

The mechanism of using list_descriptors and then open_descriptor as implemented leads to the following sequence of actions:

  1. open /dev/whateverN
  2. probe with ioctls or similar
  3. close /dev/whateverN
  4. put the results in a list
  5. pick one
  6. reopen /dev/whateverN
  7. do FIDO HID on it

At this point, the identity of /dev/whateverN may have changed, if the port where HID N was connected from is disconnected and a new device inserted in its place. If that happens, fido2.hid will happily try to use the new device as if it were the old device, even if it bears no resemblance to the old one -- it may not be a FIDO HID at all.

To avoid this race, it is necessary to avoid the close/reopen cycle, or at least to verify nothing about the descriptor (on which any decisions were made, anyway) has changed since the close/reopen cycle.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

1 participant