From 31f2831b67eb906ad5e26bbe9086c21137ea7884 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dag-Erling=20Sm=C3=B8rgrav?= <des@des.no>
Date: Thu, 26 Apr 2018 03:09:51 +0200
Subject: [PATCH] Fix a few key URI validation issues.

---
 lib/oath/cryb_oath_key_from_uri.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/lib/oath/cryb_oath_key_from_uri.c b/lib/oath/cryb_oath_key_from_uri.c
index dd9b558..4fdd33d 100644
--- a/lib/oath/cryb_oath_key_from_uri.c
+++ b/lib/oath/cryb_oath_key_from_uri.c
@@ -127,10 +127,11 @@ oath_key_from_uri(oath_key *key, const char *uri)
 			if (key->digits != 0)
 				/* dupe */
 				goto invalid;
-			/* only 6 or 8 */
-			if (valuelen != 1 || (*value != '6' && *value != '8'))
+			n = strtoumax(value, &e, 10);
+			if (e == value || *e != '\0' ||
+			    n < OATH_MIN_DIGITS || n > OATH_MAX_DIGITS)
 				goto invalid;
-			key->digits = *q - '0';
+			key->digits = n;
 		} else if (strcmp("counter", name) == 0) {
 			if (key->counter != UINT64_MAX)
 				/* dupe */
@@ -158,7 +159,7 @@ oath_key_from_uri(oath_key *key, const char *uri)
 		} else if (strcmp("issuer", name) == 0) {
 			key->issuerlen = strlcpy(key->issuer, value,
 			    sizeof key->issuer);
-			if (key->issuerlen > sizeof key->issuer)
+			if (key->issuerlen >= sizeof key->issuer)
 				goto invalid;
 		} else {
 			goto invalid;