security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

scd,p15: Enforce a min. PIN length for certain cards. 

* scd/app-p15.c (verify_pin): Enforce 6 for RSCS cards.
This commit is contained in:
Werner Koch 2023-04-20 12:40:11 +02:00
parent 3ad4b339b8
commit e60544520b
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
scd/app-p15.c
View File

@ -5203,6 +5203,7 @@ verify_pin (app_t app,
const char *errstr;
const char *s;
int remaining;
unsigned int min_length;
int pin_reference;
int verified = 0;
int i;
@ -5269,12 +5270,16 @@ verify_pin (app_t app,
}
/* We might need to cope with UTF8 things here. Not sure how
min_length etc. are exactly defined, for now we take them as
a plain octet count. */
if (strlen (pinvalue) < aodf->min_length)
min_length etc. are exactly defined, for now we take them as a
plain octet count. For RSCS we enforce 6 despite that some cards
give 4 has min. length. */
min_length = aodf->min_length;
if (app->app_local->card_product == CARD_PRODUCT_RSCS && min_length < 6)
min_length = 6;
if (strlen (pinvalue) < min_length)
{
log_error ("p15: PIN is too short; minimum length is %lu\n",
aodf->min_length);
log_error ("p15: PIN is too short; minimum length is %u\n", min_length);
err = gpg_error (GPG_ERR_BAD_PIN);
}
else if (aodf->stored_length && strlen (pinvalue) > aodf->stored_length)