From b969072cc3d62d05cb41bc6d6f3c22c764ed932f Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Thu, 27 Aug 2020 09:43:28 +0000 Subject: [PATCH] upstream: skip a bit more FIDO token selection logic when only a single token is attached. with Pedro Martelletto OpenBSD-Commit-ID: e4a324bd9814227ec1faa8cb619580e661cca9ac --- sk-usbhid.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/sk-usbhid.c b/sk-usbhid.c index 0b11e40aa..98e8ccf10 100644 --- a/sk-usbhid.c +++ b/sk-usbhid.c @@ -367,8 +367,13 @@ sk_select_by_cred(const fido_dev_info_t *devlist, size_t ndevs, skdebug(__func__, "sk_openv failed"); return NULL; } + if (skvcnt == 1) { + sk = skv[0]; + skv[0] = NULL; + goto out; + } sk = NULL; - for (i = 0; i < skvcnt; i++) + for (i = 0; i < skvcnt; i++) { if (sk_try(skv[i], application, key_handle, key_handle_len) == 0) { sk = skv[i]; @@ -376,6 +381,8 @@ sk_select_by_cred(const fido_dev_info_t *devlist, size_t ndevs, skdebug(__func__, "found key in %s", sk->path); break; } + } + out: sk_closev(skv, skvcnt); return sk; }