KDF format validation should be done before removing data object.

ChangeLog

@@ -1,3 +1,7 @@
+2018-03-22  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/openpgp-do.c (rw_kdf): Do format validation earlier.
+
 2018-03-13  NIIBE Yutaka  <gniibe@fsij.org>
 
 	* src/flash.c [FLASH_UPGRADE_SUPPORT] (flash_terminate): Erase

src/openpgp-do.c

@@ -826,6 +826,22 @@ rw_kdf (uint16_t tag, int with_tag, const uint8_t *data, int len, int is_write)
 	  || do_ptr[NR_DO_PRVKEY_AUT])
 	return 0;
 
+      /* The valid data format is:
+	 81 01 03 = KDF_ITERSALTED_S2K
+	 82 01 08 = SHA256
+	 83 04 4-byte... = count
+	 84 08 8-byte... = salt user
+	 85 08 8-byte... = salt reset-code
+	 86 08 8-byte... = salt admin
+	 87 20 32-byte user hash
+	 88 20 32-byte admin hash
+      */
+      if (len != SIZE_OF_KDF_DO ||
+	  !(data[0] == 0x81 && data[3] == 0x82 && data[6] == 0x83
+	    && data[12] == 0x84 && data[22] == 0x85 && data[32] == 0x86
+	    && data[42] == 0x87 && data[76] == 0x88))
+	return 0;
+
       if (*do_data_p)
 	flash_do_release (*do_data_p);
 
@@ -834,21 +850,6 @@ rw_kdf (uint16_t tag, int with_tag, const uint8_t *data, int len, int is_write)
 	  *do_data_p = NULL;
 	  return 1;
 	}
-      else if (len != SIZE_OF_KDF_DO ||
-	       !(data[0] == 0x81 && data[3] == 0x82 && data[6] == 0x83
-		 && data[12] == 0x84 && data[22] == 0x85 && data[32] == 0x86
-		 && data[42] == 0x87 && data[76] == 0x88))
-	  /* Format validation failed.  The valid format is:
-	    81 01 03 = KDF_ITERSALTED_S2K
-	    82 01 08 = SHA256
-	    83 04 4-byte... = count
-	    84 08 8-byte... = salt user
-	    85 08 8-byte... = salt reset-code
-	    86 08 8-byte... = salt admin
-	    87 20 32-byte user hash
-	    88 20 32-byte admin hash
-	  */
-	return 0;
       else
 	{
 	  *do_data_p = flash_do_write (NR_DO_KDF, data, SIZE_OF_KDF_DO);