From 468b64dcaa9e46c61e9c4d60fc1cd4d307cbeb73 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 17 Nov 2022 14:22:04 +0100
Subject: [PATCH] scd: Redact --debug cardio output of a VERIFY APDU.

* scd/apdu.c (pcsc_send_apdu) [DBG_CARD_IO]: Detect and redact a
VERIFY.
(send_apdu_ccid): Ditto.
--

This should handle the most common case.
GnuPG-bug-id: 5085
---
 scd/apdu.c | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/scd/apdu.c b/scd/apdu.c
index 9568d2503..9fb5cbee4 100644
--- a/scd/apdu.c
+++ b/scd/apdu.c
@@ -772,7 +772,14 @@ pcsc_send_apdu (int slot, unsigned char *apdu, size_t apdulen,
     return err;
 
   if (DBG_CARD_IO)
-    log_printhex (apdu, apdulen, "  PCSC_data:");
+    {
+      /* Do not dump the PIN in a VERIFY command.  */
+      if (apdulen > 5 && apdu[1] == 0x20)
+        log_debug ("PCSC_data: %02X %02X %02X %02X %02X [redacted]\n",
+                   apdu[0], apdu[1], apdu[2], apdu[3], apdu[4]);
+      else
+        log_printhex (apdu, apdulen, "PCSC_data:");
+    }
 
   if ((reader_table[slot].pcsc.protocol & PCSC_PROTOCOL_T1))
       send_pci.protocol = PCSC_PROTOCOL_T1;
@@ -1697,7 +1704,14 @@ send_apdu_ccid (int slot, unsigned char *apdu, size_t apdulen,
     return err;
 
   if (DBG_CARD_IO)
-    log_printhex (apdu, apdulen, " raw apdu:");
+    {
+      /* Do not dump the PIN in a VERIFY command.  */
+      if (apdulen > 5 && apdu[1] == 0x20)
+        log_debug (" raw apdu: %02x%02x%02x%02x%02x [redacted]\n",
+                   apdu[0], apdu[1], apdu[2], apdu[3], apdu[4]);
+      else
+        log_printhex (apdu, apdulen, " raw apdu:");
+    }
 
   maxbuflen = *buflen;
   if (pininfo)