From 834924b3e4d827f6db03d307a88e23bf95dc4624 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Mon, 21 Nov 2016 09:25:16 -0500
Subject: pkey_match() should just skip keys it lacks permission to read.

---
 rpc_pkey.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'rpc_pkey.c')

diff --git a/rpc_pkey.c b/rpc_pkey.c
index 3788f5e..98b0ba1 100644
--- a/rpc_pkey.c
+++ b/rpc_pkey.c
@@ -945,7 +945,15 @@ static hal_error_t pkey_local_match(const hal_client_handle_t client,
   hal_ks_t *ks = NULL;
   hal_error_t err;
 
-  if ((err = check_readable(client, flags)) != HAL_OK)
+  err = check_readable(client, flags);
+
+  if (err == HAL_ERROR_FORBIDDEN) {
+    assert(result_len != NULL);
+    *result_len = 0;
+    return HAL_OK;
+  }
+
+  if (err != HAL_OK)
     return err;
 
   if ((err = ks_open_from_flags(&ks, flags)) == HAL_OK &&
-- 
cgit v1.2.3