From c885fe78d1bbc105ccc507e22175184da865ab8d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sosth=C3=A8ne=20Gu=C3=A9don?= <sosthene@nitrokey.com>
Date: Mon, 10 Oct 2022 09:54:51 +0200
Subject: [PATCH] Fix bad error on too long resetting code

---
 src/command.rs  | 5 +++++
 tests/verify.rs | 4 +++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/command.rs b/src/command.rs
index d6589504..a9ed7753 100644
--- a/src/command.rs
+++ b/src/command.rs
@@ -577,6 +577,11 @@ fn reset_retry_conter_with_code<const R: usize, T: trussed::Client>(
         Ok(()) => {}
     }
 
+    if new.len() > MAX_PIN_LENGTH {
+        warn!("Attempt to set resetting code too short");
+        return Err(Status::IncorrectDataParameter);
+    }
+
     ctx.state
         .internal
         .change_pin(ctx.backend.client_mut(), new, Password::Pw1)
diff --git a/tests/verify.rs b/tests/verify.rs
index 06ccc3c3..600ac01f 100644
--- a/tests/verify.rs
+++ b/tests/verify.rs
@@ -112,6 +112,8 @@ fn verify() {
             tx.reset_retry_counter_pw1(b"new code", None).unwrap();
             assert_checks!(tx, Some(3), Some(3), None);
             tx.verify_pw1_user(b"new code").unwrap();
+            tx.set_resetting_code(&[0; 127]).unwrap();
+            tx.set_resetting_code(&[0; 128]).unwrap_err();
         });
         card.reset();
         card.with_tx(|mut tx| {
@@ -119,7 +121,7 @@ fn verify() {
             assert!(tx.verify_pw1_user(b"bad code").is_err());
             assert!(tx.verify_pw1_user(b"bad code").is_err());
             assert_checks!(tx, Some(0), Some(0), Some(3));
-            tx.reset_retry_counter_pw1(b"123456", Some(b"1234567890"))
+            tx.reset_retry_counter_pw1(b"123456", Some(&[0; 127]))
                 .unwrap();
             assert_checks!(tx, Some(3), Some(3), Some(3));
             tx.verify_pw1_user(b"123456").unwrap();