key_manager: Guard against invalid tickets

src/core/crypto/key_manager.cpp

@@ -156,6 +156,10 @@ u64 GetSignatureTypePaddingSize(SignatureType type) {
     UNREACHABLE();
 }
 
+bool Ticket::IsValid() const {
+    return !std::holds_alternative<std::monostate>(data);
+}
+
 SignatureType Ticket::GetSignatureType() const {
     if (const auto* ticket = std::get_if<RSA4096Ticket>(&data)) {
         return ticket->sig_type;
@@ -236,6 +240,7 @@ bool Ticket::Read(Ticket& ticket_out, const FileSys::VirtualFile& file) {
         return true;
     }
     default:
+        ticket_out.data.emplace<std::monostate>();
         return false;
     }
 }
@@ -535,6 +540,12 @@ static std::optional<u64> FindTicketOffset(const std::array<u8, size>& data) {
 
 std::optional<std::pair<Key128, Key128>> ParseTicket(const Ticket& ticket,
                                                      const RSAKeyPair<2048>& key) {
+    if (!ticket.IsValid()) {
+        return std::nullopt;
+    }
+
+    // Dirty hack, figure out why ticket.data variant is invalid
+    try {
         const auto issuer = ticket.GetData().issuer;
         if (IsAllZeroArray(issuer)) {
             return std::nullopt;
@@ -595,6 +606,9 @@ std::optional<std::pair<Key128, Key128>> ParseTicket(const Ticket& ticket,
         std::memcpy(key_temp.data(), m_2.data() + *offset, key_temp.size());
 
         return std::make_pair(rights_id, key_temp);
+    } catch (const std::bad_variant_access&) {
+        return std::nullopt;
+    }
 }
 
 KeyManager::KeyManager() {

src/core/crypto/key_manager.h

@@ -96,8 +96,9 @@ struct ECDSATicket {
 };
 
 struct Ticket {
-    std::variant<RSA4096Ticket, RSA2048Ticket, ECDSATicket> data;
+    std::variant<std::monostate, RSA4096Ticket, RSA2048Ticket, ECDSATicket> data;
 
+    bool IsValid() const;
     SignatureType GetSignatureType() const;
     TicketData& GetData();
     const TicketData& GetData() const;