CRC check broken, silently appears to work about yubico-yubiserve HOT 6 CLOSED

Hi,

Do you have an example test that causes this problem to occur?

Thanks,
Glen

I tried applying your patch, and running the test script, which is located in 
the testing directory, in SVN.  The test script performs a number of actions.

I found that when I update the statement to:
if not self.CRC() or not self.isCRCValid():

The test fails. oddly with no output from the curl command, rather than the 
expected output or an error.  So, changing this if statement, might be exposing 
a bug somewhere else.

Not sure why yet.

I've got the test running in my environment now.  I believe the crash you are 
seeing is because OTPValidation::isCRCValid is looking at self.crc, but should 
be looking at self.OTPcrc instead, since OTPValidation::CRC sets self.OTPcrc, 
not self.crc (maybe to avoid confusion between self.crc as a property and 
self.CRC as a method).

Even with that and the other changes I suggested, I get BAD_OTP, so I'm going 
to run through some of the CRC calculations by hand to see what's going on.

Ok, I've got a patch file here that makes the test pass.  My previous test 
accidentally omitted the crc = crc ^ (b & 0xff) change.

Here is a patch for basic_test.sh that includes a new test that should come up 
with BAD_OTP due to an incorrect CRC.  Using the old code, it comes up with 
REPLAYED_OTP.

Good work.  Both patches applied to SVN, revision 55.   Thank you.