scd: Fix an oddity in changing the PIN.

* scd/app-openpgp.c (do_change_pin): Verify the PIN before sending the Change_Reference_Data APDU. -- Without this it was possible to enter a longer old PIN and the new PIN had the surplus PIN digits as its prefix. GnuPG-bug-id: 7840
author: Werner Koch <[email protected]> 2025-10-02 13:14:41 +0000
committer: Werner Koch <[email protected]> 2025-10-02 13:14:41 +0000
commit: f3b70a9352ae16a1ba2b12a7ee216f63ade1ead4 (patch)
tree: 95ec27c53e6e64fe57fda30b1340e37fda5d35d7 /scd/app-openpgp.c
parent: gpg: Revamp structure of PKT_symkey_enc. (diff)
download: gnupg-f3b70a9352ae16a1ba2b12a7ee216f63ade1ead4.tar.gz
gnupg-f3b70a9352ae16a1ba2b12a7ee216f63ade1ead4.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index 4df88694f..caabe26ad 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -3747,6 +3747,9 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
           if (!rc)
             rc = pin2hash_if_kdf (app, chvno, pinvalue, &buffer2, &bufferlen2);
           if (!rc)
+            rc = iso7816_verify (app_get_slot (app),
+                                 0x80 + chvno, buffer1, bufferlen1);
+          if (!rc)
             rc = iso7816_change_reference_data (app_get_slot (app),
                                                 0x80 + chvno,
                                                 buffer1, bufferlen1,
author	Werner Koch <[email protected]>	2025-10-02 13:14:41 +0000
committer	Werner Koch <[email protected]>	2025-10-02 13:14:41 +0000
commit	f3b70a9352ae16a1ba2b12a7ee216f63ade1ead4 (patch)
tree	95ec27c53e6e64fe57fda30b1340e37fda5d35d7 /scd/app-openpgp.c
parent	gpg: Revamp structure of PKT_symkey_enc. (diff)
download	gnupg-f3b70a9352ae16a1ba2b12a7ee216f63ade1ead4.tar.gz gnupg-f3b70a9352ae16a1ba2b12a7ee216f63ade1ead4.zip