From c54f66acb4033b7884c8feef62844a3f424df38b Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Mon, 25 Nov 2019 08:27:54 -0800 Subject: [PATCH] transaction: Always require padded PIN for `verify_pin` Callers of this function always pad up to `CB_PIN_MAX` with `0xFF`. The logic being changed here was previously identical to the `_verify` function in `ykpiv.c`: https://github.com/Yubico/yubico-piv-tool/blob/8ba243f/lib/ykpiv.c#L1299 ...but @str4d noticed this potentially allows a caller to send an unpadded PIN, which may (or may not) be an issue. --- src/transaction.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/transaction.rs b/src/transaction.rs index eab3801..4b1f134 100644 --- a/src/transaction.rs +++ b/src/transaction.rs @@ -165,7 +165,8 @@ impl<'tx> Transaction<'tx> { /// Verify device PIN. pub fn verify_pin(&self, pin: &[u8]) -> Result<(), Error> { - if pin.len() > CB_PIN_MAX { + // TODO(tarcieri): allow unpadded (with `0xFF`) PIN shorter than CB_PIN_MAX? + if pin.len() != CB_PIN_MAX { return Err(Error::SizeError); }