hidraw: fallback to HID_NAME

[jo-bitsch]

if we can't get the vendor/product string of the USB attributes, fallback to the HID_NAME string collected from the uevent.

This will be useful in linux when you provide a virtual fido2 device via /dev/uhid that emulates a USB connected HID device.

[jo-bitsch]

There was a off by one in the buffer size for the string, which the pipeline runner caught. I updated the PR accordingly.

[jo-bitsch]

There are 2 warning reported by the pipelines.

One is:

/home/runner/work/libfido2/libfido2/src/hid_linux.c:177:23: warning: Null pointer passed to 1st parameter expecting 'nonnull' [core.NonNullParamChecker]
  177 |                 char* first_space = strchr(hid_name, ' ');
      |                                     ^~~~~~~~~~~~~~~~~~~~~

This should be resolved by adding a hid_name != NULL to the previous condition.

The other is:

/home/runner/work/libfido2/libfido2/src/hid_linux.c:94:14: warning: Potential memory leak [unix.Malloc]
   94 |         while ((p = strsep(&cp, "\n")) != NULL && *p != '\0') {
      |                     ^~~~~~

I didn't change this line in my patch though.

This is in the context of s = cp = strdup(uevent) where later free(s); is called. I'm therefore not sure if this is a false positive. I'll think a bit more about how to best solve this.

[jo-bitsch]

My bad, it was in my patch after all, just the warning was slightly misleading to me. Once I ran

scan-build-17 --use-cc=clang-17 cmake -DCMAKE_BUILD_TYPE=Debug ..

and then

 scan-build-17 --use-cc=clang-17 --status-bugs make -C build-Debug

similar to how the pipeline ran the code, the potential memory leak became apparent.

I updated the PR accordingly.

[jo-bitsch]

I really appreciate the static analysis in the pipeline.

[jo-bitsch]

The fuzzer discovered another issue, which I think is a false positive. Nevertheless I slightly rewrote that line in copy_info to make it clear to the compiler that di->manufacturer and di->product cannot be NULL.

[LDVG]

Hi, thanks for your patch. Am I correct in understanding that you mostly want to expose a friendly name of the (virtual) HID device as created by UHID_CREATE2, e.g. when listing authenticators connected to the system?

[jo-bitsch]

Yes, that is exactly the point: Make the listing of connected authenticators more human-friendly for virtual hid device (using /dev/uhid) or non-USB connected HID devices (if compiled with FIDO_HID_ANY)

[jo-bitsch]

I updated the PR to follow your 2 recommendations.

[LDVG]

Paging in @martelletto: I see that something similar to this has both been added to and removed from libfido2 previously. Do you have any additional context?

[LDVG]

We merged your changes with some additional tweaks on top. Thank you for your contribution!