From b5a6681ee08a1c75662eea332fbec02725331118 Mon Sep 17 00:00:00 2001
From: Jonathan Stewmon <jstewmon@gmail.com>
Date: Mon, 16 Nov 2020 12:27:05 -0600
Subject: chore(deps): update cbor and wrap decodeFirstSync with recovery

Since cbor 5.1, decodeFirstSync behaves consistently with the async
method, which throws an error if there are extra bytes after the first
object.

see: https://github.com/hildjj/node-cbor/commit/dc4f76445c42dc45dd5750ee53851159622795de
---
 packages/server/src/helpers/parseAuthenticatorData.ts | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'packages/server/src/helpers/parseAuthenticatorData.ts')

diff --git a/packages/server/src/helpers/parseAuthenticatorData.ts b/packages/server/src/helpers/parseAuthenticatorData.ts
index 6fea0bd..67f0e1a 100644
--- a/packages/server/src/helpers/parseAuthenticatorData.ts
+++ b/packages/server/src/helpers/parseAuthenticatorData.ts
@@ -1,4 +1,5 @@
 import cbor from 'cbor';
+import { decodeCborFirst } from './decodeCbor';
 
 /**
  * Make sense of the authData buffer contained in an Attestation
@@ -50,7 +51,7 @@ export default function parseAuthenticatorData(authData: Buffer): ParsedAuthenti
     intBuffer = intBuffer.slice(credIDLen);
 
     // Decode the next CBOR item in the buffer, then re-encode it back to a Buffer
-    const firstDecoded = cbor.decodeFirstSync(intBuffer);
+    const firstDecoded = decodeCborFirst(intBuffer);
     const firstEncoded = Buffer.from(cbor.encode(firstDecoded));
     credentialPublicKey = firstEncoded;
     intBuffer = intBuffer.slice(firstEncoded.byteLength);
@@ -58,7 +59,7 @@ export default function parseAuthenticatorData(authData: Buffer): ParsedAuthenti
 
   let extensionsDataBuffer: Buffer | undefined = undefined;
   if (flags.ed) {
-    const firstDecoded = cbor.decodeFirstSync(intBuffer);
+    const firstDecoded = decodeCborFirst(intBuffer);
     const firstEncoded = Buffer.from(cbor.encode(firstDecoded));
     extensionsDataBuffer = firstEncoded;
     intBuffer = intBuffer.slice(firstEncoded.byteLength);
-- 
cgit v1.2.3