Check maximum OTP secret size in new authorization style commands

Authenticate before testing invalid hex strings Remove invalid test for empty string for writing otp slot (empty string allows editing) Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
author: Szczepan Zalega <szczepan@nitrokey.com> 2016-12-06 20:22:37 +0100
committer: Szczepan Zalega <szczepan@nitrokey.com> 2016-12-09 14:04:20 +0100
commit: 4ab91aae6c101b72a94d3785dbdad117354b87d5 (patch)
tree: dd5cf87b68b5bac0dd7e1c7bb9ae9da5f04d334c /NitrokeyManager.cc
parent: 279a310d6710908943237f5528d64a94ecd45885 (diff)
download: libnitrokey-4ab91aae6c101b72a94d3785dbdad117354b87d5.tar.gz
libnitrokey-4ab91aae6c101b72a94d3785dbdad117354b87d5.tar.bz2
1 files changed, 4 insertions, 0 deletions
diff --git a/NitrokeyManager.cc b/NitrokeyManager.cc
index da31c8d..a15b9c8 100644
--- a/NitrokeyManager.cc
+++ b/NitrokeyManager.cc
@@ -302,6 +302,10 @@ namespace nitrokey{
       payload2.id = 0;
       auto secret_bin = misc::hex_string_to_byte(secret);
       auto remaining_secret_length = secret_bin.size();
+      const auto maximum_OTP_secret_size = 40;
+      if(remaining_secret_length > maximum_OTP_secret_size){
+        throw TargetBufferSmallerThanSource(remaining_secret_length, maximum_OTP_secret_size);
+      }
 
       while (remaining_secret_length>0){
         const auto bytesToCopy = std::min(sizeof(payload2.data), remaining_secret_length);
author	Szczepan Zalega <szczepan@nitrokey.com>	2016-12-06 20:22:37 +0100
committer	Szczepan Zalega <szczepan@nitrokey.com>	2016-12-09 14:04:20 +0100
commit	4ab91aae6c101b72a94d3785dbdad117354b87d5 (patch)
tree	dd5cf87b68b5bac0dd7e1c7bb9ae9da5f04d334c /NitrokeyManager.cc
parent	279a310d6710908943237f5528d64a94ecd45885 (diff)
download	libnitrokey-4ab91aae6c101b72a94d3785dbdad117354b87d5.tar.gz libnitrokey-4ab91aae6c101b72a94d3785dbdad117354b87d5.tar.bz2