From 0f7f9b5ad9cb33584890d2a7c504d7bd2ae69c5f Mon Sep 17 00:00:00 2001
From: yang_zhuang_zhuang <1162011203@qq.com>
Date: Thu, 31 Dec 2020 11:01:42 +0800
Subject: [PATCH] fix CVE-2020-26570

---
 ...020-26570-Heap-buffer-overflow-WRITE.patch | 36 +++++++++++++++++++
 opensc.spec                                   |  6 +++-
 2 files changed, 41 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2020-26570-Heap-buffer-overflow-WRITE.patch

diff --git a/backport-CVE-2020-26570-Heap-buffer-overflow-WRITE.patch b/backport-CVE-2020-26570-Heap-buffer-overflow-WRITE.patch
new file mode 100644
index 0000000..ff00f44
--- /dev/null
+++ b/backport-CVE-2020-26570-Heap-buffer-overflow-WRITE.patch
@@ -0,0 +1,36 @@
+From 6903aebfddc466d966c7b865fae34572bf3ed23e Mon Sep 17 00:00:00 2001
+From: Frank Morgner <frankmorgner@gmail.com>
+Date: Thu, 30 Jul 2020 02:21:17 +0200
+Subject: [PATCH] Heap-buffer-overflow WRITE
+
+fixes https://oss-fuzz.com/testcase-detail/5088104168554496
+---
+ src/libopensc/pkcs15-oberthur.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/src/libopensc/pkcs15-oberthur.c b/src/libopensc/pkcs15-oberthur.c
+index a873aaa..2fb32b8 100644
+--- a/src/libopensc/pkcs15-oberthur.c
++++ b/src/libopensc/pkcs15-oberthur.c
+@@ -271,11 +271,15 @@ sc_oberthur_read_file(struct sc_pkcs15_card *p15card, const char *in_path,
+ 		rv = sc_read_binary(card, 0, *out, sz, 0);
+ 	}
+ 	else	{
+-		int rec;
+-		int offs = 0;
+-		int rec_len = file->record_length;
++		size_t rec;
++		size_t offs = 0;
++		size_t rec_len = file->record_length;
+ 
+ 		for (rec = 1; ; rec++)   {
++			if (rec > file->record_count) {
++				rv = 0;
++				break;
++			}
+ 			rv = sc_read_record(card, rec, *out + offs + 2, rec_len, SC_RECORD_BY_REC_NR);
+ 			if (rv == SC_ERROR_RECORD_NOT_FOUND)   {
+ 				rv = 0;
+-- 
+1.8.3.1
+
diff --git a/opensc.spec b/opensc.spec
index 0c18831..85e13ff 100644
--- a/opensc.spec
+++ b/opensc.spec
@@ -3,13 +3,14 @@
 
 Name:            opensc
 Version:         0.20.0
-Release:         4
+Release:         5
 License:         LGPLv2.1+
 Summary:         Smart card library and applications
 URL:             https://github.com/OpenSC/OpenSC/wiki
 Source0:         https://github.com/OpenSC/OpenSC/releases/download/%{version}/%{name}-%{version}.tar.gz
 
 Patch0:          myeid-fixed-memory-leak.patch
+Patch1:          backport-CVE-2020-26570-Heap-buffer-overflow-WRITE.patch
 
 BuildRequires:   openssl-devel pcsc-lite-devel bash-completion docbook-style-xsl readline-devel
 BuildRequires:   desktop-file-utils /usr/bin/xsltproc autoconf automake libtool gcc
@@ -133,6 +134,9 @@ make check
 %{_sysconfdir}/xdg/autostart/pkcs11-register.desktop
 
 %changelog
+* Thu Dec 31 2020 yangzhuangzhuang <yangzhuagzhuang1@huawei.com> - 0.20.0-5
+- fix CVE-2020-26570
+
 * Mon Sep 21 2020 liquor <lirui130@huawei.com> - 0.20.0-4
 - myeid: fixed memory leak
 
-- 
Gitee