Fix: Check password length based on its type

The different password types have different length requirements, so
update is_valid_pin to validate according to the password type being
validated (PIN / PUK / NET)

diff --git a/src/call-barring.c b/src/call-barring.c
index 07e324d..7607f3f 100644 (file)
--- a/src/call-barring.c
+++ b/src/call-barring.c
@@ -402,7 +402,7 @@ static gboolean cb_ss_control(int type, const char *sc,
        if (strlen(dn) > 0)
                goto bad_format;
 
-       if (type != SS_CONTROL_TYPE_QUERY && !is_valid_pin(sia))
+       if (type != SS_CONTROL_TYPE_QUERY && !is_valid_pin(sia, PIN_TYPE_NET))
                goto bad_format;
 
        switch (type) {
@@ -523,7 +523,7 @@ static gboolean cb_ss_passwd(const char *sc,
        if (!fac)
                return FALSE;
 
-       if (!is_valid_pin(old) || !is_valid_pin(new))
+       if (!is_valid_pin(old, PIN_TYPE_NET) || !is_valid_pin(new, PIN_TYPE_NET))
                goto bad_format;
 
        cb->pending = dbus_message_ref(msg);
@@ -854,7 +854,7 @@ static DBusMessage *cb_set_property(DBusConnection *conn, DBusMessage *msg,
                        return __ofono_error_invalid_args(msg);
 
                dbus_message_iter_get_basic(&iter, &passwd);
-               if (!is_valid_pin(passwd))
+               if (!is_valid_pin(passwd, PIN_TYPE_NET))
                        return __ofono_error_invalid_format(msg);
        }
 
@@ -901,7 +901,7 @@ static DBusMessage *cb_disable_all(DBusConnection *conn, DBusMessage *msg,
                                        DBUS_TYPE_INVALID) == FALSE)
                return __ofono_error_invalid_args(msg);
 
-       if (!is_valid_pin(passwd))
+       if (!is_valid_pin(passwd, PIN_TYPE_NET))
                return __ofono_error_invalid_format(msg);
 
        cb_set_query_bounds(cb, fac, FALSE);
@@ -949,10 +949,10 @@ static DBusMessage *cb_set_passwd(DBusConnection *conn, DBusMessage *msg,
                                        DBUS_TYPE_INVALID) == FALSE)
                return __ofono_error_invalid_args(msg);
 
-       if (!is_valid_pin(old_passwd))
+       if (!is_valid_pin(old_passwd, PIN_TYPE_NET))
                return __ofono_error_invalid_format(msg);
 
-       if (!is_valid_pin(new_passwd))
+       if (!is_valid_pin(new_passwd, PIN_TYPE_NET))
                return __ofono_error_invalid_format(msg);
 
        cb->pending = dbus_message_ref(msg);

diff --git a/src/call-meter.c b/src/call-meter.c
index 2b1e6a5..335b33c 100644 (file)
--- a/src/call-meter.c
+++ b/src/call-meter.c
@@ -546,7 +546,7 @@ static DBusMessage *cm_set_property(DBusConnection *conn, DBusMessage *msg,
 
        dbus_message_iter_get_basic(&iter, &passwd);
 
-       if (!is_valid_pin(passwd))
+       if (!is_valid_pin(passwd, PIN_TYPE_PIN))
                return __ofono_error_invalid_format(msg);
 
        for (property = cm_properties; property->name; property++) {
@@ -618,7 +618,7 @@ static DBusMessage *cm_acm_reset(DBusConnection *conn, DBusMessage *msg,
                                        DBUS_TYPE_INVALID) == FALSE)
                return __ofono_error_invalid_args(msg);
 
-       if (!is_valid_pin(pin2))
+       if (!is_valid_pin(pin2, PIN_TYPE_PIN))
                return __ofono_error_invalid_format(msg);
 
        cm->pending = dbus_message_ref(msg);

diff --git a/src/common.c b/src/common.c
index db3e38b..e67a655 100644 (file)
--- a/src/common.c
+++ b/src/common.c
@@ -580,7 +580,7 @@ const char *bearer_class_to_string(enum bearer_class cls)
        return NULL;
 }
 
-gboolean is_valid_pin(const char *pin)
+gboolean is_valid_pin(const char *pin, enum pin_type type)
 {
        unsigned int i;
 
@@ -588,14 +588,33 @@ gboolean is_valid_pin(const char *pin)
        if (pin == NULL || pin[0] == '\0')
                return FALSE;
 
-       for (i = 0; i < strlen(pin); i++)
-               if (pin[i] < '0' || pin[i] > '9')
-                       return FALSE;
-
-       if (i > 8)
+       i = strlen(pin);
+       if (i != strspn(pin, "012345679"))
                return FALSE;
 
-       return TRUE;
+       switch (type)
+       {
+       case PIN_TYPE_PIN:
+               /* 11.11 Section 9.3 ("CHV"): 4..8 IA-5 digits */
+               if (4 <= i && i <= 8)
+                       return TRUE;
+               break;
+       case PIN_TYPE_PUK:
+               /* 11.11 Section 9.3 ("UNBLOCK CHV"), 8 IA-5 digits */
+               if (i == 8)
+                       return TRUE;
+               break;
+       case PIN_TYPE_NET:
+               /* 22.004 Section 5.2, 4 IA-5 digits */
+               if (i == 4)
+                       return TRUE;
+               break;
+       case PIN_TYPE_NONE:
+               if (i < 8)
+                       return TRUE;
+       }
+
+       return FALSE;
 }
 
 const char *registration_status_to_string(int status)

diff --git a/src/common.h b/src/common.h
index 2b74dc4..d166f48 100644 (file)
--- a/src/common.h
+++ b/src/common.h
@@ -115,6 +115,13 @@ enum ss_cssu {
        SS_MT_CALL_DEFLECTED            = 9,
 };
 
+enum pin_type {
+       PIN_TYPE_NONE = 0,
+       PIN_TYPE_PIN = 1,
+       PIN_TYPE_PUK = 2,
+       PIN_TYPE_NET = 3,
+};
+
 const char *telephony_error_to_str(const struct ofono_error *error);
 
 gboolean valid_phone_number_format(const char *number);
@@ -134,7 +141,7 @@ const char *ss_control_type_to_string(enum ss_control_type type);
 
 const char *bearer_class_to_string(enum bearer_class cls);
 
-gboolean is_valid_pin(const char *pin);
+gboolean is_valid_pin(const char *pin, enum pin_type type);
 
 const char *registration_status_to_string(int status);
 const char *registration_tech_to_string(int tech);

diff --git a/src/sim.c b/src/sim.c
index cc258c8..2e92329 100644 (file)
--- a/src/sim.c
+++ b/src/sim.c
@@ -554,7 +554,7 @@ static DBusMessage *sim_lock_or_unlock(struct ofono_sim *sim, int lock,
                        type == OFONO_SIM_PASSWORD_SIM_PIN2)
                return __ofono_error_invalid_format(msg);
 
-       if (!is_valid_pin(pin))
+       if (!is_valid_pin(pin, PIN_TYPE_PIN))
                return __ofono_error_invalid_format(msg);
 
        sim->pending = dbus_message_ref(msg);
@@ -621,10 +621,10 @@ static DBusMessage *sim_change_pin(DBusConnection *conn, DBusMessage *msg,
        if (password_is_pin(type) == FALSE)
                return __ofono_error_invalid_format(msg);
 
-       if (!is_valid_pin(old))
+       if (!is_valid_pin(old, PIN_TYPE_PIN))
                return __ofono_error_invalid_format(msg);
 
-       if (!is_valid_pin(new))
+       if (!is_valid_pin(new, PIN_TYPE_PIN))
                return __ofono_error_invalid_format(msg);
 
        if (!strcmp(new, old))
@@ -676,7 +676,7 @@ static DBusMessage *sim_enter_pin(DBusConnection *conn, DBusMessage *msg,
        if (type == OFONO_SIM_PASSWORD_NONE || type != sim->pin_type)
                return __ofono_error_invalid_format(msg);
 
-       if (!is_valid_pin(pin))
+       if (!is_valid_pin(pin, PIN_TYPE_PIN))
                return __ofono_error_invalid_format(msg);
 
        sim->pending = dbus_message_ref(msg);
@@ -711,10 +711,10 @@ static DBusMessage *sim_reset_pin(DBusConnection *conn, DBusMessage *msg,
        if (type == OFONO_SIM_PASSWORD_NONE || type != sim->pin_type)
                return __ofono_error_invalid_format(msg);
 
-       if (!is_valid_pin(puk))
+       if (!is_valid_pin(puk, PIN_TYPE_PUK))
                return __ofono_error_invalid_format(msg);
 
-       if (!is_valid_pin(pin))
+       if (!is_valid_pin(pin, PIN_TYPE_PIN))
                return __ofono_error_invalid_format(msg);
 
        sim->pending = dbus_message_ref(msg);