Fixed bug #39
C_Login fails with CKR_PIN_INCORRECT when pin and pinLen are valid but pin is not null terminated
This commit is contained in:
+12
-1
@@ -12,12 +12,23 @@ static CK_RV COMMON_token_login(ykpiv_state *state, CK_USER_TYPE user, CK_UTF8CH
|
||||
int tries = 0; // TODO: this is effectively disregarded, should we add a better value in ykpiv_verify?
|
||||
unsigned char key[24];
|
||||
size_t key_len = sizeof(key);
|
||||
unsigned char *term_pin;
|
||||
|
||||
if (user == CKU_USER) {
|
||||
if (ykpiv_verify(state, (char *)pin, &tries) != YKPIV_OK) {
|
||||
// add null termination for the pin
|
||||
term_pin = malloc(pin_len + 1);
|
||||
if (term_pin == NULL) {
|
||||
return CKR_HOST_MEMORY;
|
||||
}
|
||||
memcpy(term_pin, pin, pin_len);
|
||||
term_pin[pin_len] = 0;
|
||||
|
||||
if (ykpiv_verify(state, (char *)term_pin, &tries) != YKPIV_OK) {
|
||||
free(term_pin);
|
||||
DBG("Failed to login");
|
||||
return CKR_PIN_INCORRECT;
|
||||
}
|
||||
free(term_pin);
|
||||
}
|
||||
else if (user == CKU_SO) {
|
||||
if(ykpiv_hex_decode((char *)pin, pin_len, key, &key_len) != YKPIV_OK) {
|
||||
|
||||
Reference in New Issue
Block a user