From: Tollef Fog Heen <tfheen@err.no>
Date: Mon, 26 Oct 2009 21:35:51 +0000 (+0100)
Subject: Return value from get_data_for_uid and check it
X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f37462a8dbb9dbdcaac089b86635ac22f8744393;p=yubikey-server-c

Return value from get_data_for_uid and check it

Previously, we would accept any valid OTP we had data for, stop doing
that and return a useful value telling the caller if we actually
suceeded getting useful data back.
---

diff --git a/src/main.c b/src/main.c
index d6cf48c..174a896 100644
--- a/src/main.c
+++ b/src/main.c
@@ -343,7 +343,7 @@ static int get_data_for_uid(char *uid, struct ykc_stats *stats)
 
 free_mem:
 	PQclear(res);
-	return 0;
+	return r;
 }
 
 static int handle_request(void * UNUSED(data),
@@ -414,8 +414,13 @@ static int handle_request(void * UNUSED(data),
 	/* Validate OTP */
 	/* Find public uid, if possible */
 	split_otp(otp, &uid, &otp_token);
-	get_data_for_uid(uid, &stats);
-
+	if (get_data_for_uid(uid, &stats) < 0) {
+		status = "BAD_OTP";
+		signature = sign_request(shared_secret, shared_secret_len,
+					 NULL, status, timestamp);
+		send_response(conn, signature, status, NULL, timestamp);
+		goto free_mem;
+	}
 	/* Argh, yubikey_parse takes in one modhex-ed token (but
 	 * requires us to strip the public id first, and an unencoded aes key*/
 	yubikey_parse((uint8_t*)(otp_token), (const uint8_t *)stats.secret_key, &token);