From 07835f989aac8bb82453cb9246b5b05bfd99b602 Mon Sep 17 00:00:00 2001
From: Conor Patrick <conorpp94@gmail.com>
Date: Mon, 22 Mar 2021 19:54:48 -0700
Subject: [PATCH] compare only credId when comparing rk creds to allowList

---
 fido2/ctap.c       | 7 ++++++-
 fido2/ctap_parse.c | 1 +
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/fido2/ctap.c b/fido2/ctap.c
index e70a082..346c333 100644
--- a/fido2/ctap.c
+++ b/fido2/ctap.c
@@ -443,6 +443,11 @@ static int is_matching_rk(CTAP_residentKey * rk, CTAP_residentKey * rk2)
            (rk->user.id_size == rk2->user.id_size);
 }
 
+static int is_cred_id_matching_rk(CredentialId * credId, CTAP_residentKey * rk)
+{
+    return (memcmp(credId, &rk->id, sizeof(CredentialId)) == 0);
+}
+
 static int ctap_make_extensions(CTAP_extensions * ext, uint8_t * ext_encoder_buf, unsigned int * ext_encoder_buf_size)
 {
     CborEncoder extensions;
@@ -1147,7 +1152,7 @@ static void add_existing_user_info(CTAP_credentialDescriptor * cred)
     for (i = 0; i < index; i++)
     {
         load_nth_valid_rk(i, &rk);
-        if (is_matching_rk(&rk, (CTAP_residentKey *)&cred->credential))
+        if (is_cred_id_matching_rk(&cred->credential.id, &rk))
         {
             printf1(TAG_GREEN, "found rk match for allowList item (%d)\r\n", i);
             memmove(&cred->credential.user, &rk.user, sizeof(CTAP_userEntity));
diff --git a/fido2/ctap_parse.c b/fido2/ctap_parse.c
index 5e3510a..7d75bd9 100644
--- a/fido2/ctap_parse.c
+++ b/fido2/ctap_parse.c
@@ -997,6 +997,7 @@ uint8_t parse_allow_list(CTAP_getAssertion * GA, CborValue * it)
         GA->credLen += 1;
         cred = &GA->creds[i];
 
+        memset(cred, 0, sizeof(CTAP_credentialDescriptor));
         ret = parse_credential_descriptor(&arr,cred);
         check_retr(ret);