scd:openpgp: Add the length check for new PIN.

* scd/app-openpgp.c (do_change_pin): Make sure new PIN length is longer than MINLEN. -- GnuPG-bug-id: 6843 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org> (cherry picked from commit 2376cdff13)
2023-12-22 13:32:40 +09:00 · 2023-12-22 13:32:40 +09:00 · efe325ffdf
parent 20e85585ed
commit efe325ffdf
1 changed files with 32 additions and 14 deletions
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@ -3286,6 +3286,31 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
          log_error (_("error getting new PIN: %s\n"), gpg_strerror (rc));
          goto leave;
        }
+
+      if (set_resetcode)
+        {
+          size_t bufferlen = strlen (pinvalue);
+
+          if (bufferlen != 0 && bufferlen < 8)
+            {
+              log_error (_("Reset Code is too short; minimum length is %d\n"), 8);
+              rc = gpg_error (GPG_ERR_BAD_RESET_CODE);
+              goto leave;
+            }
+        }
+      else
+        {
+          if (chvno == 3)
+            minlen = 8;
+
+          if (strlen (pinvalue) < minlen)
+            {
+              log_info (_("PIN for CHV%d is too short;"
+                          " minimum length is %d\n"), chvno, minlen);
+              rc = gpg_error (GPG_ERR_BAD_PIN);
+              goto leave;
+            }
+        }
    }


@ -3320,22 +3345,15 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
    }
  else if (set_resetcode)
    {
-      size_t bufferlen = strlen (pinvalue);
+      size_t bufferlen;
      char *buffer = NULL;

-      if (bufferlen && bufferlen < 8)
-        {
-          log_error (_("Reset Code is too short; minimum length is %d\n"), 8);
-          rc = gpg_error (GPG_ERR_BAD_PIN);
-        }
-      else
-        {
-          rc = pin2hash_if_kdf (app, 0, pinvalue, &buffer, &bufferlen);
-          if (!rc)
-            rc = iso7816_put_data (app_get_slot (app),
-                                   0, 0xD3, buffer, bufferlen);
-          wipe_and_free (buffer, bufferlen);
-        }
+      rc = pin2hash_if_kdf (app, 0, pinvalue, &buffer, &bufferlen);
+      if (!rc)
+        rc = iso7816_put_data (app_get_slot (app),
+                               0, 0xD3, buffer, bufferlen);
+
+      wipe_and_free (buffer, bufferlen);
    }
  else if (reset_mode)
    {