]> err.no Git - yubikey-server-c/commitdiff
projects / yubikey-server-c / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ce28aa4)
Anything smaller than the yubikey block size + 1 is not a valid otp either
authorTollef Fog Heen <tfheen@err.no>
Sun, 27 Dec 2009 11:06:20 +0000 (12:06 +0100)
committerTollef Fog Heen <tfheen@err.no>
Sun, 27 Dec 2009 11:06:20 +0000 (12:06 +0100)
src/main.c patch | blob | history

diff --git a/src/main.c b/src/main.c
index b5d88137f91619df8162ce3b3430c12a3713ab63..55595f044f5b58948aee2ad323ed1b0246b0b35a 100644 (file)
--- a/src/main.c
+++ b/src/main.c
@@ -405,7 +405,8 @@ static int handle_request(void * priv,
                goto free_mem;
        }
 
-       if (! yubikey_modhex_p(otp)) {
+       if (! yubikey_modhex_p(otp) ||
+           strlen(otp) < (YUBIKEY_BLOCK_SIZE * 2 + 1)) {
                status = "BAD_OTP";
                signature = sign_request(shared_secret, shared_secret_len,
                                         NULL, status, timestamp);
Unnamed repository; edit this file to name it for gitweb.