diff --git a/YubiKit/YubiKit/Connections/Shared/Sessions/OATH/YKFOATHCredentialTemplate.m b/YubiKit/YubiKit/Connections/Shared/Sessions/OATH/YKFOATHCredentialTemplate.m index 57c5482e..1df5190c 100644 --- a/YubiKit/YubiKit/Connections/Shared/Sessions/OATH/YKFOATHCredentialTemplate.m +++ b/YubiKit/YubiKit/Connections/Shared/Sessions/OATH/YKFOATHCredentialTemplate.m @@ -115,6 +115,12 @@ - (instancetype)initWithURL:(NSURL *)url skipValidation:(YKFOATHCredentialTempla *error = [YKFOATHCredentialTemplateError ykfErrorWithCode:YKFOATHCredentialTemplateErrorCodeLabel]; return nil; } + + if (urlComponents.path.length < 1) { + *error = [YKFOATHCredentialTemplateError ykfErrorWithCode:YKFOATHCredentialTemplateErrorCodeLabel]; + return nil; + } + NSString *name = [urlComponents.path substringFromIndex:1]; NSString *issuer = [urlComponents queryParameterValueForName:YKFOATHCredentialURLParameterIssuer]; if ([name containsString:@":"]) { diff --git a/YubiKit/YubiKitTests/Tests/YKFOATHCredentialTemplateTests.m b/YubiKit/YubiKitTests/Tests/YKFOATHCredentialTemplateTests.m index 1ab9ead0..2e6165f9 100644 --- a/YubiKit/YubiKitTests/Tests/YKFOATHCredentialTemplateTests.m +++ b/YubiKit/YubiKitTests/Tests/YKFOATHCredentialTemplateTests.m @@ -371,6 +371,14 @@ - (void)test_WhenValidatorIsRequestedToValidateWithoutSecret_SecretIsNotValidate XCTAssertNil(error); } +- (void)test_WhenNoPathIsSet_ErrorIsReturned { + NSError *error = nil; + NSString *url = @"otpauth://totp?secret=HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ&issuer=ACME&algorithm=SHA1&digits=6&period=30"; + YKFOATHCredentialTemplate *credential = [[YKFOATHCredentialTemplate alloc] initWithURL:[NSURL URLWithString:url] skipValidation:YKFOATHCredentialTemplateValidationLabel error:&error]; + XCTAssertNotNil(error); + XCTAssertNil(credential); +} + #pragma mark - Large Key Tests - (void)test_WhenValidatorReceivesInvalidCredentialKey_ErrorIsReturnedBack {