From 5007942477ecfb69702f542cb6770ea4b5bc1e57 Mon Sep 17 00:00:00 2001 From: Warren Date: Tue, 15 Aug 2023 20:28:14 +1000 Subject: [PATCH] p11kit: check the flags associated with the slot instead of flags associated with the token The logic around checking PKCS11 tokens (used by systemd-cryptenroll) contains a bug. The code is checking the flags field of a pkcs11 token_info structure against a set of flags defined for the pkcs11 slot_info structure. This PR changes the check so that the correct structure's flag field is being checked. (Reference to the PKCS#11 spec:http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html, section CK_SLOT_INFO). --- src/shared/pkcs11-util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/shared/pkcs11-util.c b/src/shared/pkcs11-util.c index 4d7edf8660b..daee267db80 100644 --- a/src/shared/pkcs11-util.c +++ b/src/shared/pkcs11-util.c @@ -1165,7 +1165,7 @@ static int list_callback( * out. (Note that the user can explicitly specify non-hardware tokens if they like, but during * enumeration we'll filter those, since software tokens are typically the system certificate store * and such, and it's typically not what people want to bind their home directories to.) */ - if (!FLAGS_SET(token_info->flags, CKF_HW_SLOT|CKF_TOKEN_PRESENT)) + if (!FLAGS_SET(slot_info->flags, CKF_HW_SLOT|CKF_TOKEN_PRESENT)) return -EAGAIN; token_label = pkcs11_token_label(token_info); -- 2.47.3