The optind--; operations in ykpers-args.c can lead to infinite loops.
This happens if ykpersonalize is invoked with -a or -c command line parameters that are directly followed by another - character.
The argument parsing via getopt() will then repeatedly loop over the same argument.
As briefly discussed with @nevun, this may be inconvenient during practical use if typos in the parameter spacing happen, but I see no apparent security impact.
The
optind--;
operations inykpers-args.c
can lead to infinite loops. This happens ifykpersonalize
is invoked with-a
or-c
command line parameters that are directly followed by another-
character. The argument parsing viagetopt()
will then repeatedly loop over the same argument.As briefly discussed with @nevun, this may be inconvenient during practical use if typos in the parameter spacing happen, but I see no apparent security impact.
The issue was found during fuzzing.
Relevant code: https://github.com/Yubico/yubikey-personalization/blob/621279725f71720876ec00b21fea91b8b22a92fa/ykpers-args.c#L409 https://github.com/Yubico/yubikey-personalization/blob/621279725f71720876ec00b21fea91b8b22a92fa/ykpers-args.c#L417
Issue examples:
This prints debug info about the Yubikey and then runs with 100% CPU usage (1 thread).
This endlessly asks for
Access code, 6 bytes (12 characters hex) :
and otherwise idles.Precondition: a Yubikey is present. Version: this was tested with v1.19.3 and v1.20.0 .