rooty/yubikey-val
1
0
Fork 0
mirror of https://github.com/Yubico/yubikey-val.git synced 2025-02-01 01:52:18 +01:00
Code Issues Projects Releases Wiki Activity

Sanity check OTP before asking KSM, to get a better error code.

Browse Source
This commit is contained in:
Simon Josefsson 2009-03-18 14:39:32 +00:00
parent f0e6958942
commit 2071c0a5a0
1 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
verify.php
View File

@ -15,6 +15,8 @@ mysql_select_db($baseParams['__DB_NAME__'], $conn)
//// Extract values from HTTP request //// Extract values from HTTP request
// //
$h = getHttpVal('h', '');
$client = getHttpVal('id', 0); $client = getHttpVal('id', 0);
if ($client <= 0) { if ($client <= 0) {
debug('Client ID is missing'); debug('Client ID is missing');
@ -43,7 +45,6 @@ debug($cd);
//// Check client signature //// Check client signature
// //
$apiKey = base64_decode($cd['secret']); $apiKey = base64_decode($cd['secret']);
$h = getHttpVal('h', '');
if ($cd['chk_sig'] && $h == '') { if ($cd['chk_sig'] && $h == '') {
debug('Signature missing'); debug('Signature missing');
@ -64,6 +65,14 @@ if ($cd['chk_sig'] && $h == '') {
} }
} }
//// Sanity check OTP
//
if (strlen($otp) <= TOKEN_LEN) {
debug('Too short OTP: ' . $otp);
sendResp(S_BAD_OTP);
exit;
}
//// Decode OTP from input //// Decode OTP from input
// //
$otpinfo = decryptOTP($otp, $baseParams['__YKKMS_URL__']); $otpinfo = decryptOTP($otp, $baseParams['__YKKMS_URL__']);
@ -75,12 +84,6 @@ debug($otpinfo);
//// Get Yubikey from DB //// Get Yubikey from DB
// //
if (strlen($otp) <= TOKEN_LEN) {
debug('Too short OTP: ' . $otp);
sendResp(S_BAD_OTP);
exit;
}
$devId = substr($otp, 0, strlen ($otp) - TOKEN_LEN); $devId = substr($otp, 0, strlen ($otp) - TOKEN_LEN);
$ad = getAuthData($conn, $devId); $ad = getAuthData($conn, $devId);
if (!is_array($ad)) { if (!is_array($ad)) {