Commit Graph

4 Commits

Author SHA1 Message Date
Tamir Suliman 102718c747 Fix #9 - remove fixed 256-char buffers in ListView population
wcscpy_s into a 256-char stack buffer crashes via the invalid
parameter handler if a credential ID, fingerprint data, or device
info value exceeds 255 characters. FIDO2 credential IDs are binary
blobs encoded as hex or base64 and can easily exceed this limit.

Dropped the intermediate nameBuffer/valueBuffer in PopulateListView
and indexBuffer/dataBuffer in FingerprintDialogProc. Assigned
const_cast<LPWSTR>(str.c_str()) directly to lvItem.pszText instead,
which is safe because SendMessage(LVM_INSERTITEM/LVM_SETITEM) is
synchronous and copies the text before returning. This is the same
pattern already used correctly in PopulatePasskeysList.

Fixes #9
2026-06-06 13:46:33 +02:00
Token2 1b6ab4892c Update FIDO2.1 Manager.cpp
allow chars like @&*! (add escape function for PIN)
2025-03-03 17:48:56 +01:00
Token2 f37dc16400 Update FIDO2.1 Manager.cpp
Adding domain field in the passkeys table
2025-02-24 18:27:31 +01:00
Token2 39bb6e43b4 Add files via upload 2024-11-30 20:08:18 +01:00