From f631b5f733c9332e6bd68649afe8b926bf378911 Mon Sep 17 00:00:00 2001
From: alegon01 <alexandre.gonzalo@trustonic.com>
Date: Fri, 5 Apr 2019 10:39:52 +0200
Subject: [PATCH] Fix in encrypt_decrypt(), check for (in_len <= sizeof
 orig_data)

---
 src/tools/pkcs11-tool.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
index d1263245..a2f2a94d 100644
--- a/src/tools/pkcs11-tool.c
+++ b/src/tools/pkcs11-tool.c
@@ -5361,7 +5361,7 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session,
 		return 0;
 	}
 
-	if (in_len >= sizeof(orig_data)) {
+	if (in_len > sizeof(orig_data)) {
 		printf("Private key size is too long\n");
 		return 0;
 	}