mirror of
https://github.com/linuxboot/heads.git
synced 2025-02-21 01:31:26 +00:00
286303d95c
Reading the file into a variable and then redirecting to stdin via echo() can cause the binary data to be truncated, leading to an invalid base32 value and failure to properly generate and validate the HOTP code. To resolve this, pass the file directly to hotp(), and ensure it is removed properly regardless of success or failure to prevent leakage. Fixes "Invalid base32 string" error seen when attempting to generate a new TOTP secret. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>