https://bugs.gentoo.org/909781
https://github.com/OpenSC/OpenSC/pull/2765

From 36178c8188521f2627d2eea428a7e53d149eed58 Mon Sep 17 00:00:00 2001
From: Peter Popovec <popovec.peter@gmail.com>
Date: Fri, 28 Apr 2023 10:50:25 +0200
Subject: [PATCH] Fix pkcs11-tool unwrap / incorrect CKA_ID

"object_id[]" and "id_len" must be allocated so that it is not deallocated
or overwritten (on the stack) at the time of the C_UnwrapKey() call.

	modified:   src/tools/pkcs11-tool.c
---
 src/tools/pkcs11-tool.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
index 890ca27060..f3a01ab4cf 100644
--- a/src/tools/pkcs11-tool.c
+++ b/src/tools/pkcs11-tool.c
@@ -3347,6 +3347,8 @@ unwrap_key(CK_SESSION_HANDLE session)
 		{CKA_CLASS, &secret_key_class, sizeof(secret_key_class)},
 		{CKA_TOKEN, &_true, sizeof(_true)},
 	};
+	CK_BYTE object_id[100];
+	size_t id_len;
 	CK_OBJECT_HANDLE hSecretKey;
 	int n_attr = 2;
 	CK_RV rv;
@@ -3450,9 +3452,6 @@ unwrap_key(CK_SESSION_HANDLE session)
 	}
 
 	if (opt_application_id != NULL) {
-		CK_BYTE object_id[100];
-		size_t id_len;
-
 		id_len = sizeof(object_id);
 		if (!sc_hex_to_bin(opt_application_id, object_id, &id_len)) {
 			FILL_ATTR(keyTemplate[n_attr], CKA_ID, object_id, id_len);