From 25f3b69129015c54392636818c8846e236f5cb2c Mon Sep 17 00:00:00 2001
From: Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
Date: Thu, 8 Feb 2018 19:03:08 +0100
Subject: [PATCH] scd: Improve KDF-DO support

* scd/app-openpgp.c (pin2hash_if_kdf): Check the content of KDF DO.

--

Length check added by gniibe.

Signed-off-by: Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
---
 scd/app-openpgp.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index 5b1b0d339..f3065edf0 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -2072,7 +2072,8 @@ pin2hash_if_kdf (app_t app, int chvno, char *pinvalue, int *r_pinlen)
   size_t buflen;
 
   if (app->app_local->extcap.kdf_do
-      && (relptr = get_one_do (app, 0x00F9, &buffer, &buflen, NULL)))
+      && (relptr = get_one_do (app, 0x00F9, &buffer, &buflen, NULL))
+      && buflen == 110 && (buffer[2] == 0x03))
     {
       char *salt;
       unsigned long s2k_count;