Commit 457e24ff authored by Adam Langley's avatar Adam Langley Committed by Commit Bot

webauthn: DCHECK that device callbacks don't hairpin.

Since |u2f_request_| is assigned to the result of |TryRegistration| /
|TrySign|, if the given callback is called immediately then |Cleanup|
can have run and completed before |u2f_request_| is assigned. That
leaves |AuthenticatorImpl| in an invalid state and it'll no longer
process any requests.

None of the existing callbacks do this, so this change just adds DCHECKs
to help anyone else who might hit this in the future.

Change-Id: I139a0825c6231c438dc9e469f9b188eddb6000e0
Reviewed-on: https://chromium-review.googlesource.com/961788
Commit-Queue: Balazs Engedy <engedy@chromium.org>
Reviewed-by: default avatarBalazs Engedy <engedy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#543036}
parent 4a248ea5
...@@ -522,6 +522,10 @@ void AuthenticatorImpl::GetAssertion( ...@@ -522,6 +522,10 @@ void AuthenticatorImpl::GetAssertion(
void AuthenticatorImpl::OnRegisterResponse( void AuthenticatorImpl::OnRegisterResponse(
device::U2fReturnCode status_code, device::U2fReturnCode status_code,
base::Optional<device::RegisterResponseData> response_data) { base::Optional<device::RegisterResponseData> response_data) {
// If callback is called immediately, this code will call |Cleanup| before
// |u2f_request_| has been assigned – violating invariants.
DCHECK(u2f_request_) << "unsupported callback hairpin";
switch (status_code) { switch (status_code) {
case device::U2fReturnCode::CONDITIONS_NOT_SATISFIED: case device::U2fReturnCode::CONDITIONS_NOT_SATISFIED:
// Duplicate registration: the new credential would be created on an // Duplicate registration: the new credential would be created on an
...@@ -590,6 +594,10 @@ void AuthenticatorImpl::OnRegisterResponseAttestationDecided( ...@@ -590,6 +594,10 @@ void AuthenticatorImpl::OnRegisterResponseAttestationDecided(
void AuthenticatorImpl::OnSignResponse( void AuthenticatorImpl::OnSignResponse(
device::U2fReturnCode status_code, device::U2fReturnCode status_code,
base::Optional<device::SignResponseData> response_data) { base::Optional<device::SignResponseData> response_data) {
// If callback is called immediately, this code will call |Cleanup| before
// |u2f_request_| has been assigned – violating invariants.
DCHECK(u2f_request_) << "unsupported callback hairpin";
switch (status_code) { switch (status_code) {
case device::U2fReturnCode::CONDITIONS_NOT_SATISFIED: case device::U2fReturnCode::CONDITIONS_NOT_SATISFIED:
// No authenticators contained the credential. // No authenticators contained the credential.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment