Mahavir Jain a5601fbf0d fix(protocomm): add validation for Security1 client verifier data ...

Add checks to validate client_verify_data pointer and length before
processing in handle_session_command1. Prevents NULL pointer dereference
when client omits verifier data in Session_Command1, which could cause
device crash during provisioning (remote DoS attack).

We would like to thank Pavel Kohout from Aisle Research for reporting
this vulnerability along with a mitigation strategy.

2025-12-10 14:18:55 +05:30

..

include

docs: Fix some typos

2025-04-30 18:35:39 +08:00

proto

protocomm: Generated proto-c and python files for SRP6a scheme

2022-06-17 13:16:20 +00:00

proto-c

protocomm: Generated proto-c and python files for SRP6a scheme

2022-06-17 13:16:20 +00:00

python

protocomm: Generated proto-c and python files for SRP6a scheme

2022-06-17 13:16:20 +00:00

src

fix(protocomm): add validation for Security1 client verifier data

2025-12-10 14:18:55 +05:30

test_apps

feat(esp32h4): enable ESP32H4 ci build

2025-03-28 14:41:28 +08:00

CMakeLists.txt

fix(build): clean up dependencies on driver component

2024-11-07 13:09:23 +01:00

Kconfig

feat(protocomm): add (hidden) config option to indicate security patch feature

2025-03-17 10:20:01 +05:30