infinite loop for particular command line arguments

[invd]

The optind--; operations in ykpers-args.c can lead to infinite loops.
This happens if ykpersonalize is invoked with -a or -c command line parameters that are directly followed by another - character.
The argument parsing via getopt() will then repeatedly loop over the same argument.

As briefly discussed with @nevun, this may be inconvenient during practical use if typos in the parameter spacing happen, but I see no apparent security impact.

The issue was found during fuzzing.

Relevant code:

yubikey-personalization/ykpers-args.c

Line 409 in 6212797

optind--;

yubikey-personalization/ykpers-args.c

Line 417 in 6212797

optind--;

Issue examples:

ykpersonalize -a-

This prints debug info about the Yubikey and then runs with 100% CPU usage (1 thread).

ykpersonalize -c-

This endlessly asks for Access code, 6 bytes (12 characters hex) : and otherwise idles.

Precondition: a Yubikey is present.
Version: this was tested with v1.19.3 and v1.20.0 .