diff options
Diffstat (limited to 'contrib/libfido2/tools/cred_make.c')
-rw-r--r-- | contrib/libfido2/tools/cred_make.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/contrib/libfido2/tools/cred_make.c b/contrib/libfido2/tools/cred_make.c index 7955fa2b7f9f..a6239ec27aec 100644 --- a/contrib/libfido2/tools/cred_make.c +++ b/contrib/libfido2/tools/cred_make.c @@ -2,6 +2,7 @@ * Copyright (c) 2018 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. + * SPDX-License-Identifier: BSD-2-Clause */ #include <fido.h> @@ -137,7 +138,7 @@ cred_make(int argc, char **argv) fido_dev_t *dev = NULL; fido_cred_t *cred = NULL; char prompt[1024]; - char pin[1024]; + char pin[128]; char *in_path = NULL; char *out_path = NULL; FILE *in_f = NULL; @@ -221,6 +222,10 @@ cred_make(int argc, char **argv) errx(1, "snprintf"); if (!readpassphrase(prompt, pin, sizeof(pin), RPP_ECHO_OFF)) errx(1, "readpassphrase"); + if (strlen(pin) < 4 || strlen(pin) > 63) { + explicit_bzero(pin, sizeof(pin)); + errx(1, "invalid PIN length"); + } r = fido_dev_make_cred(dev, cred, pin); } |