From: Tollef Fog Heen <tfheen@err.no>
Date: Sun, 27 Dec 2009 11:06:20 +0000 (+0100)
Subject: Anything smaller than the yubikey block size + 1 is not a valid otp either
X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e9faf174647fd32f882d5ec4ecc0766421fefce7;p=yubikey-server-c

Anything smaller than the yubikey block size + 1 is not a valid otp either
---

diff --git a/src/main.c b/src/main.c
index b5d8813..55595f0 100644
--- a/src/main.c
+++ b/src/main.c
@@ -405,7 +405,8 @@ static int handle_request(void * priv,
 		goto free_mem;
 	}
 
-	if (! yubikey_modhex_p(otp)) {
+	if (! yubikey_modhex_p(otp) ||
+	    strlen(otp) < (YUBIKEY_BLOCK_SIZE * 2 + 1)) {
 		status = "BAD_OTP";
 		signature = sign_request(shared_secret, shared_secret_len,
 					 NULL, status, timestamp);