Fix token serial number matching when trying to find hidden PKCS#11 key

Spotted by Coverity.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

diff --git a/gnutls.c b/gnutls.c
index d9e550d8a354e3acfe1caed250757b4d717b57c2..3513ccb1ad8f5efbaa52444ef1b5dc8d48ea098c 100644 (file)
--- a/gnutls.c
+++ b/gnutls.c
@@ -1114,7 +1114,7 @@ static int load_certificate(struct openconnect_info *vpninfo)
                                }
                        }
                        if (!token->serialNumber[0]) {
-                               s = sizeof(token->serialNumber + 1);
+                               s = sizeof(token->serialNumber) + 1;
                                if (!gnutls_pkcs11_obj_get_info(crt, GNUTLS_PKCS11_OBJ_TOKEN_SERIAL,
                                                                buf, &s)) {
                                        s--;