Yubico.NET.SDK icon indicating copy to clipboard operation
Yubico.NET.SDK copied to clipboard
verified publisher icon Yubico

[BUG] KeyNotFoundException in CmDevice causes application to quit when plugging / unplugging Yubikey

Open canton7 opened this issue 1 year ago • 4 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Current Behavior

If you plug / unplug a Yubikey a lot (and YubiKeyDeviceListener has been instantiated), it's possible to occasionally hit a KeyNotFoundException in CmDevice.

This exception is thrown on a background thread, meaning that it crashes the user's application, and there is no way for the user to prevent this.

The stack trace is:

Yubico.Core.dll!Yubico.PlatformInterop.CmDevice.GetProperty<string>(Yubico.PlatformInterop.CmDeviceProperty property) Line 112
Yubico.Core.dll!Yubico.PlatformInterop.CmDevice.CmDevice(string devicePath) Line 41
Yubico.Core.dll!Yubico.Core.Devices.Hid.WindowsHidDeviceListener.OnEventReceived(nint hNotify, nint context, Yubico.PlatformInterop.NativeMethods.CM_NOTIFY_ACTION action, nint eventDataPtr, int eventDataSize) Line 97

The line in question is this one, called with CmDeviceProperty.PdoName from here.

image

Expected Behavior

The expected behaviour is that Yubikey does not crash the user's application in an unrecoverable way.

Steps To Reproduce

  1. In a Windows project, subscribe to YubiKeyDeviceListener.Instance.Arrived. I don't think the subscription is actually necessary (just accessing YubiKeyDeviceListener.Instance might be enough), since the YuibKeyDeviceListener ctor calls HidDeviceListener.Create(), which is what instantiates WindowsHidDeviceListener, which is what has the unsafe event handler.
  2. Plug and unplug the Yubikey a lot (might take a number of minutes). Vary the amount of time that the Yubikey is plugged in for, but no need to have it plugged in for more than 2s. Having Yubico Authenticator open at the same time might help reproduce, but I have seen it with nothing else open
  3. Watch your application crash with the above exception

I have seen this pop up two or three times in normal usage.

Version

1.9.0

Version

5.4.3

Anything else?

No response

canton7 avatar Aug 27 '24 14:08 canton7

Adding this to our internal issue tracker. Thanks.

DennisDyallo avatar Aug 27 '24 21:08 DennisDyallo

Does this happen in the latest 1.11 release as well?

DennisDyallo avatar Sep 25 '24 07:09 DennisDyallo

I'll take a look next time I get the chance, thanks!

canton7 avatar Sep 25 '24 07:09 canton7

Yes, I can still replicate this in 1.11.

It doesn't look like any of the files in the stack trace have been changed in any meaningful way? Is there a PR which you think should fix it?

canton7 avatar Sep 26 '24 15:09 canton7