From 5fdceb20662290cacf3e549f981b86829271b5ce Mon Sep 17 00:00:00 2001 From: iljoja Date: Tue, 20 Jan 2026 11:55:52 +0200 Subject: [PATCH 1/2] Update AuthenticatorData.php --- src/Attestation/AuthenticatorData.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/Attestation/AuthenticatorData.php b/src/Attestation/AuthenticatorData.php index 83462b1..e0aa506 100644 --- a/src/Attestation/AuthenticatorData.php +++ b/src/Attestation/AuthenticatorData.php @@ -345,6 +345,10 @@ private function _readCredentialPublicKey($binary, $offset, &$endOffset) { */ private function _readCredentialPublicKeyEDDSA(&$credPKey, $enc) { $credPKey->crv = $enc[self::$_COSE_CRV]; + + if (!isset($enc[self::$_COSE_X])) { + throw new WebAuthnException('public key missing', WebAuthnException::MISSING_PUBLIC_KEY); + } $credPKey->x = $enc[self::$_COSE_X] instanceof ByteBuffer ? $enc[self::$_COSE_X]->getBinaryString() : null; unset ($enc); From bada679aa4111f6cbbf8d04dc45b595bd8bd9055 Mon Sep 17 00:00:00 2001 From: iljoja Date: Tue, 20 Jan 2026 11:56:49 +0200 Subject: [PATCH 2/2] Update WebAuthnException.php --- src/WebAuthnException.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/WebAuthnException.php b/src/WebAuthnException.php index f27eeec..f6b07de 100644 --- a/src/WebAuthnException.php +++ b/src/WebAuthnException.php @@ -21,6 +21,7 @@ class WebAuthnException extends \Exception { const BYTEBUFFER = 14; const CBOR = 15; const ANDROID_NOT_TRUSTED = 16; + const MISSING_PUBLIC_KEY = 17; public function __construct($message = "", $code = 0, $previous = null) { parent::__construct($message, $code, $previous);