From e9faf174647fd32f882d5ec4ecc0766421fefce7 Mon Sep 17 00:00:00 2001
From: Tollef Fog Heen <tfheen@err.no>
Date: Sun, 27 Dec 2009 12:06:20 +0100
Subject: [PATCH] Anything smaller than the yubikey block size + 1 is not a
 valid otp either

---
 src/main.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/main.c b/src/main.c
index b5d8813..55595f0 100644
--- a/src/main.c
+++ b/src/main.c
@@ -405,7 +405,8 @@ static int handle_request(void * priv,
 		goto free_mem;
 	}
 
-	if (! yubikey_modhex_p(otp)) {
+	if (! yubikey_modhex_p(otp) ||
+	    strlen(otp) < (YUBIKEY_BLOCK_SIZE * 2 + 1)) {
 		status = "BAD_OTP";
 		signature = sign_request(shared_secret, shared_secret_len,
 					 NULL, status, timestamp);
-- 
2.39.5