From 606dacaa72344fb68ece0284006dff09a7303757 Mon Sep 17 00:00:00 2001
From: Assaf Morami <assaf.morami@gmail.com>
Date: Sun, 15 Aug 2021 16:59:30 +0300
Subject: [PATCH] p11_child: do_card partially fix loop exit condition when
 searching for token

This commit fixes the exit condition when searching for a token in p11_child/do_card,
specifically in case a token is present in a slot, but there are empty slots before it.

This commit partially fixes issue #5025,
thanks to this comment by @sumit-bose: https://github.com/SSSD/sssd/issues/5025#issuecomment-801842175

:relnote: p11_child does not stop at the first empty slot when searching for tokens

Co-Authored-By: Sumit Bose <sbose@redhat.com>
---
 src/p11_child/p11_child_openssl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/p11_child/p11_child_openssl.c b/src/p11_child/p11_child_openssl.c
index 78c05f5cb3..b5a10de570 100644
--- a/src/p11_child/p11_child_openssl.c
+++ b/src/p11_child/p11_child_openssl.c
@@ -1745,7 +1745,7 @@ errno_t do_card(TALLOC_CTX *mem_ctx, struct p11_ctx *p11_ctx,
 
                 }
 
-                if ((info.flags & CKF_REMOVABLE_DEVICE)) {
+                if ((info.flags & CKF_REMOVABLE_DEVICE) && (info.flags & CKF_TOKEN_PRESENT)) {
                     break;
                 }
             }