Reject -a key with upper case hex.

yubikey_hex_decode only handles lowercase hex, so use yubikey_hex_p to
check that input string is valid instead of local version which also
allowed upper case.

Backport of 8dfdff1f640377080f48b3e2356d90a1fa80ad9a

diff --git a/debian/changelog b/debian/changelog
index cedd3b6a0d49eb338da94e4d06a6d30ccb8bc01d..92020bc24c7ea6b2bd0279ac218fd9755d1ff1ee 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+yubikey-personalization (1.3.2-1+squeeze1) testing-proposed; urgency=high
+
+  * Cherry-pick 8dfdff1f640377080f48b3e2356d90a1fa80ad9a from upstream:
+    Reject -a values with upper case hex as yubikey_hex_decode only
+    handles lowercase values.  This makes invalid input not end up with a
+    null key.
+
+ -- Tollef Fog Heen <tfheen@debian.org>  Wed, 26 Jan 2011 08:15:34 +0100
+  
 yubikey-personalization (1.3.2-1) unstable; urgency=low
 
   * New upstream release:

diff --git a/ykpers.c b/ykpers.c
index a2fae760d3585b8c578c3628232ba55a975eb6b1..89868b43a4b69e29f4e474c645076749c1b66f21 100644 (file)
--- a/ykpers.c
+++ b/ykpers.c
@@ -134,15 +134,9 @@ int ykp_AES_key_from_hex(YKP_CONFIG *cfg, const char *hexkey) {
                return 1;  /* Bad AES key */
        }
 
-/* Make sure that the hexkey is made up of only [0-9a-f] */
-       int i;
-       for (i=0; i < strlen(hexkey); i++) {
-               char c = tolower(hexkey[i]);
-/* In ASCII, 0-9 == 48-57 and a-f == 97-102 */
-               if ( c<48 || (c>57 && c<97) || c>102 ) {
-                       return 1;
-               }
-       }
+       /* Make sure that the hexkey is made up of only [0-9a-f] */
+       if (! yubikey_hex_p(hexkey))
+               return 1;
 
        yubikey_hex_decode(aesbin, hexkey, sizeof(aesbin));
        memcpy(cfg->ykcore_config.key, aesbin, sizeof(cfg->ykcore_config.key));