Require minimum buffer size when parsing authData

1 files changed, 6 insertions, 0 deletions

diff --git a/packages/server/src/helpers/parseAuthenticatorData.ts b/packages/server/src/helpers/parseAuthenticatorData.ts
index e177002..919c0aa 100644
--- a/packages/server/src/helpers/parseAuthenticatorData.ts
+++ b/packages/server/src/helpers/parseAuthenticatorData.ts
@@ -2,6 +2,12 @@
  * Make sense of the authData buffer contained in an Attestation
  */
 export default function parseAuthenticatorData(authData: Buffer): ParsedAuthenticatorData {
+  if (authData.byteLength < 37) {
+    throw new Error(
+      `Authenticator data was ${authData.byteLength} bytes, expected at least 37 bytes`,
+    );
+  }
+
   let intBuffer = authData;
 
   const rpIdHash = intBuffer.slice(0, 32);