diff options
| author | NIIBE Yutaka <gniibe@fsij.org> | 2023-12-22 05:32:40 +0100 |
|---|---|---|
| committer | NIIBE Yutaka <gniibe@fsij.org> | 2023-12-22 05:32:40 +0100 |
| commit | 2376cdff1318688d94c95fd01adc4b2139c4a8c7 (patch) | |
| tree | 27df2bf6798d87179230e962c2a5b2aea2c4e358 /scd | |
| parent | tools: Remove the dotlock tool. (diff) | |
| download | gnupg2-2376cdff1318688d94c95fd01adc4b2139c4a8c7.tar.xz gnupg2-2376cdff1318688d94c95fd01adc4b2139c4a8c7.zip | |
scd:openpgp: Add the length check for new PIN.
* scd/app-openpgp.c (do_change_pin): Make sure new PIN length
is longer than MINLEN.
--
GnuPG-bug-id: 6843
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Diffstat (limited to 'scd')
| -rw-r--r-- | scd/app-openpgp.c | 48 |
1 files changed, 32 insertions, 16 deletions
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 3e77f8540..3bc709602 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -3499,6 +3499,31 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, log_error (_("error getting new PIN: %s\n"), gpg_strerror (rc)); goto leave; } + + if (set_resetcode) + { + size_t bufferlen = strlen (pinvalue); + + if (bufferlen != 0 && bufferlen < 8) + { + log_error (_("Reset Code is too short; minimum length is %d\n"), 8); + rc = gpg_error (GPG_ERR_BAD_RESET_CODE); + goto leave; + } + } + else + { + if (chvno == 3) + minlen = 8; + + if (strlen (pinvalue) < minlen) + { + log_info (_("PIN for CHV%d is too short;" + " minimum length is %d\n"), chvno, minlen); + rc = gpg_error (GPG_ERR_BAD_PIN); + goto leave; + } + } } @@ -3533,24 +3558,15 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, } else if (set_resetcode) { - size_t bufferlen = strlen (pinvalue); - - if (bufferlen != 0 && bufferlen < 8) - { - log_error (_("Reset Code is too short; minimum length is %d\n"), 8); - rc = gpg_error (GPG_ERR_BAD_RESET_CODE); - } - else - { - char *buffer = NULL; + size_t bufferlen; + char *buffer = NULL; - rc = pin2hash_if_kdf (app, 0, pinvalue, &buffer, &bufferlen); - if (!rc) - rc = iso7816_put_data (app_get_slot (app), - 0, 0xD3, buffer, bufferlen); + rc = pin2hash_if_kdf (app, 0, pinvalue, &buffer, &bufferlen); + if (!rc) + rc = iso7816_put_data (app_get_slot (app), + 0, 0xD3, buffer, bufferlen); - wipe_and_free (buffer, bufferlen); - } + wipe_and_free (buffer, bufferlen); } else if (reset_mode) { |