From f3b70a9352ae16a1ba2b12a7ee216f63ade1ead4 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 2 Oct 2025 15:14:41 +0200
Subject: scd: Fix an oddity in changing the PIN.

* scd/app-openpgp.c (do_change_pin): Verify the PIN before sending the
Change_Reference_Data APDU.
--

Without this it was possible to enter a longer old PIN and the new PIN
had the surplus PIN digits as its prefix.

GnuPG-bug-id: 7840
---
 scd/app-openpgp.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'scd/app-openpgp.c')

diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index 4df88694f..caabe26ad 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -3746,6 +3746,9 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
           rc = pin2hash_if_kdf (app, chvno, oldpinvalue, &buffer1, &bufferlen1);
           if (!rc)
             rc = pin2hash_if_kdf (app, chvno, pinvalue, &buffer2, &bufferlen2);
+          if (!rc)
+            rc = iso7816_verify (app_get_slot (app),
+                                 0x80 + chvno, buffer1, bufferlen1);
           if (!rc)
             rc = iso7816_change_reference_data (app_get_slot (app),
                                                 0x80 + chvno,
-- 
cgit