From: Tollef Fog Heen <tfheen@err.no>
Date: Wed, 26 Jan 2011 07:16:16 +0000 (+0100)
Subject: Reject -a key with upper case hex.
X-Git-Tag: yubikey-personalization_1.3.2-1squeeze1~2
X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=28175215d2a94fb66ac456535bc040091b270404;p=yubikey-personalization.old

Reject -a key with upper case hex.

yubikey_hex_decode only handles lowercase hex, so use yubikey_hex_p to
check that input string is valid instead of local version which also
allowed upper case.

Backport of 8dfdff1f640377080f48b3e2356d90a1fa80ad9a
---

diff --git a/debian/changelog b/debian/changelog
index cedd3b6..92020bc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+yubikey-personalization (1.3.2-1+squeeze1) testing-proposed; urgency=high
+
+  * Cherry-pick 8dfdff1f640377080f48b3e2356d90a1fa80ad9a from upstream:
+    Reject -a values with upper case hex as yubikey_hex_decode only
+    handles lowercase values.  This makes invalid input not end up with a
+    null key.
+
+ -- Tollef Fog Heen <tfheen@debian.org>  Wed, 26 Jan 2011 08:15:34 +0100
+  
 yubikey-personalization (1.3.2-1) unstable; urgency=low
 
   * New upstream release:
diff --git a/ykpers.c b/ykpers.c
index a2fae76..89868b4 100644
--- a/ykpers.c
+++ b/ykpers.c
@@ -134,15 +134,9 @@ int ykp_AES_key_from_hex(YKP_CONFIG *cfg, const char *hexkey) {
 		return 1;  /* Bad AES key */
 	}
 
-/* Make sure that the hexkey is made up of only [0-9a-f] */
-	int i;
-	for (i=0; i < strlen(hexkey); i++) {
-		char c = tolower(hexkey[i]);
-/* In ASCII, 0-9 == 48-57 and a-f == 97-102 */
-		if ( c<48 || (c>57 && c<97) || c>102 ) {
-			return 1;
-		}
-	}
+	/* Make sure that the hexkey is made up of only [0-9a-f] */
+	if (! yubikey_hex_p(hexkey))
+		return 1;
 
 	yubikey_hex_decode(aesbin, hexkey, sizeof(aesbin));
 	memcpy(cfg->ykcore_config.key, aesbin, sizeof(cfg->ykcore_config.key));