From 9638a7db5212a2af83aec7617038ce586c1099e4 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Fri, 3 Nov 2017 15:03:35 +0100
Subject: pkcs11: refuse to load modules with duplicate information

That is, when ck_info matches, we soft fail loading the module.
That is, because in several cases the pointers got by p11-kit
may differ for the same modules.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 lib/pkcs11.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index 4adfe653b3..ec5754e898 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -233,7 +233,8 @@ pkcs11_add_module(const char* name, struct ck_function_list *module, const char
 	/* initially check if this module is a duplicate */
 	for (i = 0; i < active_providers; i++) {
 		/* already loaded, skip the rest */
-		if (module == providers[i].module) {
+		if (module == providers[i].module ||
+		    memcmp(&info, &providers[i].info, sizeof(info)) == 0) {
 			_gnutls_debug_log("p11: module %s is already loaded.\n", name);
 			return GNUTLS_E_INT_RET_0;
 		}
-- 
cgit v1.2.1