From 61b0284c6d4c74691bfc9f43ddb6dcd5cdf12a9d Mon Sep 17 00:00:00 2001 From: Daniel Barnes Date: Mon, 27 Oct 2014 20:12:14 -0600 Subject: [PATCH] Check if new keys being set are the correct length, since longer or shorter keys yield inconsistant results --- tool/yubico-piv-tool.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/tool/yubico-piv-tool.c b/tool/yubico-piv-tool.c index 9228510..cbe971d 100644 --- a/tool/yubico-piv-tool.c +++ b/tool/yubico-piv-tool.c @@ -1169,15 +1169,19 @@ int main(int argc, char *argv[]) { break; case action_arg_setMINUS_mgmMINUS_key: if(args_info.new_key_arg) { - unsigned char new_key[KEY_LEN]; - size_t new_key_len = sizeof(new_key); - if(ykpiv_hex_decode(args_info.new_key_arg, strlen(args_info.new_key_arg), new_key, &new_key_len) != YKPIV_OK) { - ret = EXIT_FAILURE; - } else if(ykpiv_set_mgmkey(state, new_key) != YKPIV_OK) { - ret = EXIT_FAILURE; + if(strlen(args_info.new_key_arg) == (KEY_LEN * 2)){ + unsigned char new_key[KEY_LEN]; + size_t new_key_len = sizeof(new_key); + if(ykpiv_hex_decode(args_info.new_key_arg, strlen(args_info.new_key_arg), new_key, &new_key_len) != YKPIV_OK) { + ret = EXIT_FAILURE; + } else if(ykpiv_set_mgmkey(state, new_key) != YKPIV_OK) { + ret = EXIT_FAILURE; + } else { + printf("Successfully set new management key.\n"); + } } else { - printf("Successfully set new management key.\n"); - } + ret = EXIT_FAILURE; + } } else { fprintf(stderr, "The set-mgm-key action needs the new-key (-n) argument.\n"); ret = EXIT_FAILURE;