diff options
author | Daniel Mueller <deso@posteo.net> | 2019-06-01 11:19:08 -0700 |
---|---|---|
committer | Daniel Mueller <deso@posteo.net> | 2019-06-01 11:19:08 -0700 |
commit | 7c880699bb9a49037c09b1be990e677a1857af7a (patch) | |
tree | 4a109cb764206431dfecddc6c6f46c69c95882ed /nitrocli/src/commands.rs | |
parent | a57449dcd2abe1fa5dae195470fccc9a9a398e04 (diff) | |
download | nitrocli-7c880699bb9a49037c09b1be990e677a1857af7a.tar.gz nitrocli-7c880699bb9a49037c09b1be990e677a1857af7a.tar.bz2 |
Clear cached PIN entry as part of pin set command
When a PIN is changed using the pin set command, the last action is to
confirm the operation with the previously used PIN. This step will cause
this PIN, which is now stale and no longer valid, to be cached, which in
turn can cause follow up command using the same PIN type to use this
wrong cached entry for authentication.
To fix this problem, this change explicitly clear the PIN entry from the
cache after the PIN has been changed.
Diffstat (limited to 'nitrocli/src/commands.rs')
-rw-r--r-- | nitrocli/src/commands.rs | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/nitrocli/src/commands.rs b/nitrocli/src/commands.rs index a81859c..7bb314c 100644 --- a/nitrocli/src/commands.rs +++ b/nitrocli/src/commands.rs @@ -725,7 +725,12 @@ pub fn pin_set(ctx: &mut args::ExecCtx<'_>, pin_type: pinentry::PinType) -> Resu pinentry::PinType::Admin => device.change_admin_pin(¤t_pin, &new_pin), pinentry::PinType::User => device.change_user_pin(¤t_pin, &new_pin), }, - ) + )?; + + // We just changed the PIN but confirmed the action with the old PIN, + // which may have caused it to be cached. Since it no longer applies, + // make sure to evict the corresponding entry from the cache. + pinentry::clear(&pin_entry) } /// Unblock and reset the user PIN. |