p11kit: check the flags associated with the slot instead of flags associated with...

The logic around checking PKCS11 tokens (used by systemd-cryptenroll) contains a bug.
The code is checking the flags field of a pkcs11 token_info structure against a set of flags defined for the pkcs11 slot_info structure. This PR changes the check so that the correct structure's flag field is being checked.
(Reference to the PKCS#11 spec:http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html, section CK_SLOT_INFO).

diff --git a/src/shared/pkcs11-util.c b/src/shared/pkcs11-util.c
index 4d7edf8660bdd818afc971b756812cbb9db6eb74..daee267db80c3eecd0a65b0d1c02491ee2f4baed 100644 (file)
--- a/src/shared/pkcs11-util.c
+++ b/src/shared/pkcs11-util.c
@@ -1165,7 +1165,7 @@ static int list_callback(
          * out. (Note that the user can explicitly specify non-hardware tokens if they like, but during
          * enumeration we'll filter those, since software tokens are typically the system certificate store
          * and such, and it's typically not what people want to bind their home directories to.) */
-        if (!FLAGS_SET(token_info->flags, CKF_HW_SLOT|CKF_TOKEN_PRESENT))
+        if (!FLAGS_SET(slot_info->flags, CKF_HW_SLOT|CKF_TOKEN_PRESENT))
                 return -EAGAIN;
 
         token_label = pkcs11_token_label(token_info);