rooty/yubikey-val
1
0
Fork 0
mirror of https://github.com/Yubico/yubikey-val.git synced 2025-02-01 01:52:18 +01:00
Code Issues Projects Releases Wiki Activity

Sanity check OTP before asking KSM, to get a better error code.

Browse Source
This commit is contained in:
Simon Josefsson 2009-03-18 14:39:32 +00:00
parent f0e6958942
commit 2071c0a5a0
1 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
verify.php
View File

@ -15,6 +15,8 @@ mysql_select_db($baseParams['__DB_NAME__'], $conn)
//// Extract values from HTTP request
//
$h = getHttpVal('h', '');
$client = getHttpVal('id', 0);
if ($client <= 0) {
debug('Client ID is missing');
@ -43,7 +45,6 @@ debug($cd);
//// Check client signature
//
$apiKey = base64_decode($cd['secret']);
$h = getHttpVal('h', '');
if ($cd['chk_sig'] && $h == '') {
debug('Signature missing');
@ -64,6 +65,14 @@ if ($cd['chk_sig'] && $h == '') {
}
}
//// Sanity check OTP
//
if (strlen($otp) <= TOKEN_LEN) {
debug('Too short OTP: ' . $otp);
sendResp(S_BAD_OTP);
exit;
}
//// Decode OTP from input
//
$otpinfo = decryptOTP($otp, $baseParams['__YKKMS_URL__']);
@ -75,12 +84,6 @@ debug($otpinfo);
//// Get Yubikey from DB
//
if (strlen($otp) <= TOKEN_LEN) {
debug('Too short OTP: ' . $otp);
sendResp(S_BAD_OTP);
exit;
}
$devId = substr($otp, 0, strlen ($otp) - TOKEN_LEN);
$ad = getAuthData($conn, $devId);
if (!is_array($ad)) {