From 6e7bb818aeabcafe5f9872c7cbd97ef8edaa463a Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sun, 12 Jul 2026 22:47:06 +0200 Subject: [PATCH] C4 rejects payloads longer than four bytes, preventing retry-counter corruption. Signed-off-by: Pol Henarejos --- src/openpgp/cmd_put_data.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/openpgp/cmd_put_data.c b/src/openpgp/cmd_put_data.c index 5837082..2134a4c 100644 --- a/src/openpgp/cmd_put_data.c +++ b/src/openpgp/cmd_put_data.c @@ -46,6 +46,9 @@ int cmd_put_data(void) { return SW_SECURITY_STATUS_NOT_SATISFIED(); } if (fid == EF_PW_STATUS) { + if (apdu.nc > 4) { + return SW_WRONG_DATA(); + } fid = EF_PW_PRIV; if (apdu.nc == 0) { return SW_WRONG_LENGTH();