pkinit_open_session() has logic that assumes the CK_TOKEN_INFO
tinfo.label will contain some white space padding at the end:

        for (cp = tinfo.label + sizeof (tinfo.label) - 1;
             *cp == '\0' || *cp == ' '; cp--)
            *cp = '\0';
        pkiDebug("open_session: slotid %d token \"%s\"\n",
                 (int) slotlist[i], tinfo.label);
        if (cctx->token_label == NULL ||
            !strcmp((char *) cctx->token_label, (char *) tinfo.label))

There is no guarantee this is the case however as the PKCS11 spec states
this label is an array of characters, padded with white space if
necessary, not a C string.  So if the last byte of tinfo.label is a
non-white space character "*cp = '\0';" will never be executed which
means strcmp() will have been passed a bogus arg in tinfo.label.