From 8956d3e045e32748cdb8df7b2f69cb6c9e0837d5 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Wed, 12 Apr 2017 21:49:37 -0400
Subject: Fix buffer size check when crossing token->volatile boundary in
 pkey_match().

---
 rpc_pkey.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/rpc_pkey.c b/rpc_pkey.c
index e0d9bdc..dc930cf 100644
--- a/rpc_pkey.c
+++ b/rpc_pkey.c
@@ -1026,8 +1026,7 @@ static inline hal_error_t match_one_keystore(const hal_ks_driver_t * const drive
 
   if ((err = hal_ks_match(ks, client, session, type, curve,
                           mask, flags, attributes, attributes_len,
-                          *result, &len, result_max - *result_len,
-                          previous_uuid)) != HAL_OK) {
+                          *result, &len, result_max, previous_uuid)) != HAL_OK) {
     (void) hal_ks_close(ks);
     return err;
   }
-- 
cgit v1.2.3