From: Warren Date: Tue, 15 Aug 2023 10:28:14 +0000 (+1000) Subject: p11kit: check the flags associated with the slot instead of flags associated with... X-Git-Tag: v255-rc1~722 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5007942477ecfb69702f542cb6770ea4b5bc1e57;p=thirdparty%2Fsystemd.git p11kit: check the flags associated with the slot instead of flags associated with the token The logic around checking PKCS11 tokens (used by systemd-cryptenroll) contains a bug. The code is checking the flags field of a pkcs11 token_info structure against a set of flags defined for the pkcs11 slot_info structure. This PR changes the check so that the correct structure's flag field is being checked. (Reference to the PKCS#11 spec:http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html, section CK_SLOT_INFO). --- diff --git a/src/shared/pkcs11-util.c b/src/shared/pkcs11-util.c index 4d7edf8660b..daee267db80 100644 --- a/src/shared/pkcs11-util.c +++ b/src/shared/pkcs11-util.c @@ -1165,7 +1165,7 @@ static int list_callback( * out. (Note that the user can explicitly specify non-hardware tokens if they like, but during * enumeration we'll filter those, since software tokens are typically the system certificate store * and such, and it's typically not what people want to bind their home directories to.) */ - if (!FLAGS_SET(token_info->flags, CKF_HW_SLOT|CKF_TOKEN_PRESENT)) + if (!FLAGS_SET(slot_info->flags, CKF_HW_SLOT|CKF_TOKEN_PRESENT)) return -EAGAIN; token_label = pkcs11_token_label(token_info);