diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-11-03 15:03:35 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-11-03 16:10:59 +0000 |
commit | 12f4abc02e718e2ab0f7ae80b3026a29028536e7 (patch) | |
tree | 906487e6bffb832e9cde30229c97b39e79b38ec0 /lib/pkcs11.c | |
parent | a630d5a5d0ba58766092ba3489e17d73a53b96cd (diff) | |
download | gnutls-12f4abc02e718e2ab0f7ae80b3026a29028536e7.tar.gz |
pkcs11: refuse to load modules with duplicate information
That is, when ck_info matches, we soft fail loading the module.
That is, because in several cases the pointers got by p11-kit
may differ for the same modules.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/pkcs11.c')
-rw-r--r-- | lib/pkcs11.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/pkcs11.c b/lib/pkcs11.c index 5955f19c61..e6e37c60cf 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -235,7 +235,8 @@ pkcs11_add_module(const char* name, struct ck_function_list *module, unsigned cu /* initially check if this module is a duplicate */ for (i = 0; i < active_providers; i++) { /* already loaded, skip the rest */ - if (module == providers[i].module) { + if (module == providers[i].module || + memcmp(&info, &providers[i].info, sizeof(info)) == 0) { _gnutls_debug_log("p11: module %s is already loaded.\n", name); return GNUTLS_E_INT_RET_0; } |