security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-05-24 16:43:28 +02:00
Code Activity

scd,openpgp: Use app_get_serialno function to get SERIALNO.

Browse Source 
* scd/app-openpgp.c (check_keyidstr): Don't directly access
app->serialno, but use app_get_serialno.
(do_with_keygrip): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2020-10-23 15:14:12 +09:00
parent 7e22e08e2a
commit 41505f0ae5
1 changed files with 17 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
scd/app-openpgp.c
View File

@ -5001,7 +5001,6 @@ check_keyidstr (app_t app, const char *keyidstr, int keyno, int *r_use_auth)
const char *s; const char *s;
int n; int n;
const char *fpr = NULL; const char *fpr = NULL;
unsigned char tmp_sn[20]; /* Actually 16 bytes but also for the fpr. */
if (r_use_auth) if (r_use_auth)
*r_use_auth = 0; *r_use_auth = 0;
@ -5010,6 +5009,8 @@ check_keyidstr (app_t app, const char *keyidstr, int keyno, int *r_use_auth)
return gpg_error (GPG_ERR_INV_ID); return gpg_error (GPG_ERR_INV_ID);
else else
{ {
char *serial;
for (s=keyidstr, n=0; hexdigitp (s); s++, n++) for (s=keyidstr, n=0; hexdigitp (s); s++, n++)
; ;
@ -5039,15 +5040,16 @@ check_keyidstr (app_t app, const char *keyidstr, int keyno, int *r_use_auth)
else if (*s == '/') else if (*s == '/')
fpr = s + 1; fpr = s + 1;
for (s=keyidstr, n=0; n < 16; s += 2, n++) serial = app_get_serialno (app);
tmp_sn[n] = xtoi_2 (s); if (strncmp (serial, keyidstr, 32))
{
if (app->card->serialnolen != 16) xfree (serial);
return gpg_error (GPG_ERR_INV_CARD);
if (memcmp (app->card->serialno, tmp_sn, 16))
return gpg_error (GPG_ERR_WRONG_CARD); return gpg_error (GPG_ERR_WRONG_CARD);
} }
xfree (serial);
}
/* If a fingerprint has been specified check it against the one on /* If a fingerprint has been specified check it against the one on
the card. This is allows for a meaningful error message in case the card. This is allows for a meaningful error message in case
the key on the card has been replaced but the shadow information the key on the card has been replaced but the shadow information
@ -5672,20 +5674,15 @@ do_with_keygrip (app_t app, ctrl_t ctrl, int action, const char *keygrip_str,
} }
else else
{ {
char buf[65];
int data = (action == KEYGRIP_ACTION_SEND_DATA); int data = (action == KEYGRIP_ACTION_SEND_DATA);
char *serial = app_get_serialno (app);
if (DIM (buf) < 2 * app->card->serialnolen + 1)
return gpg_error (GPG_ERR_BUFFER_TOO_SHORT);
bin2hex (app->card->serialno, app->card->serialnolen, buf);
if (keygrip_str == NULL) if (keygrip_str == NULL)
{ {
if (capability == 0) if (capability == 0)
{ {
for (i = 0; i < 3; i++) for (i = 0; i < 3; i++)
send_keyinfo_if_available (app, ctrl, buf, data, i); send_keyinfo_if_available (app, ctrl, serial, data, i);
} }
else else
{ {
@ -5698,9 +5695,11 @@ do_with_keygrip (app_t app, ctrl_t ctrl, int action, const char *keygrip_str,
else else
i = -1; i = -1;
if (i >= 0) if (i >= 0)
send_keyinfo_if_available (app, ctrl, buf, data, i); send_keyinfo_if_available (app, ctrl, serial, data, i);
} }
xfree (serial);
/* Return an error so that the dispatcher keeps on looping /* Return an error so that the dispatcher keeps on looping
* over the other applications. Only for clarity we use a * over the other applications. Only for clarity we use a
* different error code than for the not_found case. */ * different error code than for the not_found case. */
@ -5711,9 +5710,11 @@ do_with_keygrip (app_t app, ctrl_t ctrl, int action, const char *keygrip_str,
for (i = 0; i < 3; i++) for (i = 0; i < 3; i++)
if (!strcmp (keygrip_str, app->app_local->pk[i].keygrip_str)) if (!strcmp (keygrip_str, app->app_local->pk[i].keygrip_str))
{ {
send_keyinfo_if_available (app, ctrl, buf, data, i); send_keyinfo_if_available (app, ctrl, serial, data, i);
xfree (serial);
return 0; return 0;
} }
xfree (serial);
} }
} }