Merge remote-tracking branch 'origin/master' into v4/rename-methods-and-types

1 files changed, 4 insertions, 3 deletions

diff --git a/packages/server/src/helpers/parseAuthenticatorData.ts b/packages/server/src/helpers/parseAuthenticatorData.ts
index 9b13195..911c9e0 100644
--- a/packages/server/src/helpers/parseAuthenticatorData.ts
+++ b/packages/server/src/helpers/parseAuthenticatorData.ts
@@ -45,17 +45,18 @@ export default function parseAuthenticatorData(authData: Buffer): ParsedAuthenti
     const firstDecoded = decodeCborFirst(authData.slice(pointer));
     const firstEncoded = Buffer.from(cbor.encode(firstDecoded) as ArrayBuffer);
     credentialPublicKey = firstEncoded;
-    authData = authData.slice((pointer += firstEncoded.byteLength));
+    pointer += firstEncoded.byteLength;
   }
 
   let extensionsDataBuffer: Buffer | undefined = undefined;
   if (flags.ed) {
-    const firstDecoded = decodeCborFirst(authData);
+    const firstDecoded = decodeCborFirst(authData.slice(pointer));
     const firstEncoded = Buffer.from(cbor.encode(firstDecoded) as ArrayBuffer);
     extensionsDataBuffer = firstEncoded;
-    authData = authData.slice((pointer += firstEncoded.byteLength));
+    pointer += firstEncoded.byteLength;
   }
 
+  // Pointer should be at the end of the authenticator data, otherwise too much data was sent
   if (authData.byteLength > pointer) {
     throw new Error('Leftover bytes detected while parsing authenticator data');
   }