From 1a533ea0dcd02809ad503c2d354f7b7f1e2ca208 Mon Sep 17 00:00:00 2001 From: Mikhail Denisenko Date: Tue, 1 Dec 2015 16:24:38 -0500 Subject: [PATCH] Fixed bug #39 C_Login fails with CKR_PIN_INCORRECT when pin and pinLen are valid but pin is not null terminated --- ykcs11/token_vendors.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/ykcs11/token_vendors.c b/ykcs11/token_vendors.c index b5bbfd8..debcf50 100644 --- a/ykcs11/token_vendors.c +++ b/ykcs11/token_vendors.c @@ -12,12 +12,23 @@ static CK_RV COMMON_token_login(ykpiv_state *state, CK_USER_TYPE user, CK_UTF8CH int tries = 0; // TODO: this is effectively disregarded, should we add a better value in ykpiv_verify? unsigned char key[24]; size_t key_len = sizeof(key); + unsigned char *term_pin; if (user == CKU_USER) { - if (ykpiv_verify(state, (char *)pin, &tries) != YKPIV_OK) { + // add null termination for the pin + term_pin = malloc(pin_len + 1); + if (term_pin == NULL) { + return CKR_HOST_MEMORY; + } + memcpy(term_pin, pin, pin_len); + term_pin[pin_len] = 0; + + if (ykpiv_verify(state, (char *)term_pin, &tries) != YKPIV_OK) { + free(term_pin); DBG("Failed to login"); return CKR_PIN_INCORRECT; } + free(term_pin); } else if (user == CKU_SO) { if(ykpiv_hex_decode((char *)pin, pin_len, key, &key_len) != YKPIV_OK) {