[PATCH] poldi: fail immediately when PIN input is too short

Béla Becker bela at becker.rocks
Wed Nov 14 02:44:34 CET 2018 

When poldi detects a PIN that is too short, it repeatedly asked for a new one.
This might work in a CLI, but entering a short (or empty) PIN using the
KDE greeter will lock it up permanently.

By failing immediately, the login program can determine the proper
course of action.
---
 src/pam/auth-support/getpin-cb.c | 38 ++++++++++++--------------------
 1 file changed, 14 insertions(+), 24 deletions(-)

diff --git a/src/pam/auth-support/getpin-cb.c b/src/pam/auth-support/getpin-cb.c
index d06c50f..773f1b6 100644
--- a/src/pam/auth-support/getpin-cb.c
+++ b/src/pam/auth-support/getpin-cb.c
@@ -45,7 +45,6 @@
 
 #include "getpin-cb.h"
 
-
 /* Query the user through PAM for his PIN.  Display INFO to the user.
    Store the retrieved pin in PIN, which is of size PIN_SIZE.  If it
    does not fit, return error. */
@@ -56,41 +55,32 @@ query_user (poldi_ctx_t ctx, const char *info, char *pin, size_t pin_size)
   int rc;
 
   buffer = NULL;
-  rc = 0;
 
-  while (1)			/* Loop until well-formed PIN retrieved. */
-    {
-      /* Retrieve PIN through PAM.  */
-      rc = conv_ask (ctx->conv, 1, &buffer, info);
-      if (rc)
-	goto out;
+  /* Retrieve PIN through PAM.  */
+  rc = conv_ask (ctx->conv, 1, &buffer, info);
+  if (rc)
+    return rc;
 
-      /* Do some basic checks on the entered PIN. FIXME: hard-coded
-	 values! Is this really the correct place for these checks?
-	 Shouldn't they be done in scdaemon itself?  -mo */
+  /* Do some basic checks on the entered PIN. FIXME: hard-coded
+     values! Is this really the correct place for these checks?
+     Shouldn't they be done in scdaemon itself?  -mo */
 
-      if (strlen (buffer) < 6)	/* FIXME? is it really minimum of 6 bytes? */
-	{
-	  log_msg_error (ctx->loghandle, "PIN too short");
-	  conv_tell (ctx->conv, "%s", _("PIN too short"));
-	}
-      else
-	break;
+  if (strlen (buffer) < 6)	/* FIXME? is it really minimum of 6 bytes? */
+    {
+      log_msg_error (ctx->loghandle, "PIN too short");
+      conv_tell (ctx->conv, "%s", _("PIN too short"));
+      return gpg_error (GPG_ERR_INV_DATA);
     }
 
   if (strlen (buffer) >= pin_size)
     {
       log_msg_error (ctx->loghandle, "PIN too long for buffer!");
-      rc = gpg_error (GPG_ERR_INV_DATA); /* ? */
-      goto out;
+      return gpg_error (GPG_ERR_INV_DATA);
     }
 
   strncpy (pin, buffer, pin_size - 1);
   pin[pin_size-1] = 0;
-
- out:
-
-  return rc;
+  return 0;
 }
 
 /* Pop up a message window similar to the confirm one but keep it open
-- 
2.19.1

More information about the Gnupg-devel mailing list