From 4f189a51742fe833805aea21760244e00a7583b2 Mon Sep 17 00:00:00 2001 From: Frank Morgner Date: Wed, 20 Sep 2017 10:13:26 +0200 Subject: [PATCH] check for digits in case of BCD encoded PIN --- src/libopensc/sec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/libopensc/sec.c b/src/libopensc/sec.c index 024b2162..ff2f650f 100644 --- a/src/libopensc/sec.c +++ b/src/libopensc/sec.c @@ -258,6 +258,9 @@ int sc_build_pin(u8 *buf, size_t buflen, struct sc_pin_cmd_pin *pin, int pad) if (pin_len > 2 * buflen) return SC_ERROR_BUFFER_TOO_SMALL; for (i = j = 0; j < pin_len; j++) { + if (!isdigit(pin->data[j])) { + return SC_ERROR_INVALID_DATA; + } buf[i] <<= 4; buf[i] |= pin->data[j] & 0xf; if (j & 1)