diff --git a/backport-CVE-2021-42780-tcos-Check-bounds-in-insert_pin.patch b/backport-CVE-2021-42780-tcos-Check-bounds-in-insert_pin.patch
new file mode 100644
index 0000000000000000000000000000000000000000..a2913bd48b5c1eb991bfcb2266e0cff94781f574
--- /dev/null
+++ b/backport-CVE-2021-42780-tcos-Check-bounds-in-insert_pin.patch
@@ -0,0 +1,33 @@
+From 5df913b7f57ad89b9832555d24c08d23a534311e Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Tue, 8 Dec 2020 14:37:39 +0100
+Subject: [PATCH] tcos: Check bounds in insert_pin()
+
+Thanks oss-fuzz
+
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383
+---
+ src/libopensc/pkcs15-tcos.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/libopensc/pkcs15-tcos.c b/src/libopensc/pkcs15-tcos.c
+index feeb7eb39d..74ae0cb92f 100644
+--- a/src/libopensc/pkcs15-tcos.c
++++ b/src/libopensc/pkcs15-tcos.c
+@@ -242,13 +242,13 @@ static int insert_pin(
+ 			"Searching for PIN-Ref %02X\n", pin_reference);
+ 		while ((r = sc_read_record(card, ++rec_no, buf, sizeof(buf), SC_RECORD_BY_REC_NR)) > 0) {
+ 			int found = 0, fbz = -1;
+-			if (buf[0] != 0xA0)
++			if (r < 2 || buf[0] != 0xA0)
+ 				continue;
+-			for (i = 2; i < buf[1] + 2; i += 2 + buf[i + 1]) {
++			for (i = 2; i < buf[1] + 2 && (i + 2) < r; i += 2 + buf[i + 1]) {
+ 				if (buf[i] == 0x83 && buf[i + 1] == 1 && buf[i + 2] == pin_reference) {
+ 					++found;
+ 				}
+-				if (buf[i] == 0x90) {
++				if (buf[i] == 0x90 && (i + 1 + buf[i + 1]) < r) {
+ 					fbz = buf[i + 1 + buf[i + 1]];
+ 				}
+ 			}
diff --git a/backport-tcos-Reformat-insert_pin-for-readability.patch b/backport-tcos-Reformat-insert_pin-for-readability.patch
new file mode 100644
index 0000000000000000000000000000000000000000..26ee12b8dcd812576b0dcac7cb6b98669c1ad8c1
--- /dev/null
+++ b/backport-tcos-Reformat-insert_pin-for-readability.patch
@@ -0,0 +1,73 @@
+From 69544553c36f0613f6283e0eeb3f9eb549825986 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Mon, 7 Dec 2020 17:44:34 +0100
+Subject: [PATCH] tcos: Reformat insert_pin() for readability
+
+---
+ src/libopensc/pkcs15-tcos.c | 35 ++++++++++++++++++++++-------------
+ 1 file changed, 22 insertions(+), 13 deletions(-)
+
+diff --git a/src/libopensc/pkcs15-tcos.c b/src/libopensc/pkcs15-tcos.c
+index 1134ac11ba..feeb7eb39d 100644
+--- a/src/libopensc/pkcs15-tcos.c
++++ b/src/libopensc/pkcs15-tcos.c
+@@ -225,12 +225,14 @@ static int insert_pin(
+ 	pin_obj.auth_id.len      = auth_id ? 0 : 1;
+ 	pin_obj.auth_id.value[0] = auth_id;
+ 
+-	if(card->type==SC_CARD_TYPE_TCOS_V3){
++	if(card->type == SC_CARD_TYPE_TCOS_V3) {
+ 		unsigned char buf[256];
+ 		int i, rec_no=0;
+-		if(pin_info.path.len>=2) pin_info.path.len-=2;
++		if (pin_info.path.len >= 2) {
++			pin_info.path.len -= 2;
++		}
+ 		sc_append_file_id(&pin_info.path, 0x5049);
+-		if(sc_select_file(card, &pin_info.path, NULL)!=SC_SUCCESS){
++		if (sc_select_file(card, &pin_info.path, NULL) != SC_SUCCESS) {
+ 			sc_log(ctx, 
+ 				"Select(%s) failed\n",
+ 				sc_print_path(&pin_info.path));
+@@ -238,17 +240,24 @@ static int insert_pin(
+ 		}
+ 		sc_log(ctx, 
+ 			"Searching for PIN-Ref %02X\n", pin_reference);
+-		while((r=sc_read_record(card, ++rec_no, buf, sizeof(buf), SC_RECORD_BY_REC_NR))>0){
+-			int found=0, fbz=-1;
+-			if(buf[0]!=0xA0) continue;
+-			for(i=2;i<buf[1]+2;i+=2+buf[i+1]){
+-				if(buf[i]==0x83 && buf[i+1]==1 && buf[i+2]==pin_reference) ++found;
+-				if(buf[i]==0x90) fbz=buf[i+1+buf[i+1]];
++		while ((r = sc_read_record(card, ++rec_no, buf, sizeof(buf), SC_RECORD_BY_REC_NR)) > 0) {
++			int found = 0, fbz = -1;
++			if (buf[0] != 0xA0)
++				continue;
++			for (i = 2; i < buf[1] + 2; i += 2 + buf[i + 1]) {
++				if (buf[i] == 0x83 && buf[i + 1] == 1 && buf[i + 2] == pin_reference) {
++					++found;
++				}
++				if (buf[i] == 0x90) {
++					fbz = buf[i + 1 + buf[i + 1]];
++				}
++			}
++			if (found) {
++				pin_info.tries_left = fbz;
++				break;
+ 			}
+-			if(found) pin_info.tries_left=fbz;
+-			if(found) break;
+ 		}
+-		if(r<=0){
++		if (r <= 0) {
+ 			sc_log(ctx, "No EF_PWDD-Record found\n");
+ 			return 1;
+ 		}
+@@ -259,6 +268,6 @@ static int insert_pin(
+ 			return 1;
+ 		}
+-		pin_info.tries_left=f->prop_attr[3];
++		pin_info.tries_left = f->prop_attr[3];
+ 		sc_file_free(f);
+ 	}
+ 
diff --git a/opensc.spec b/opensc.spec
index 7c5dc9bbf7a0f9f7ab90daacfdd0eae5e32a4e3f..73ff3eb0de1bf8838c060fbddd59f6d720384878 100644
--- a/opensc.spec
+++ b/opensc.spec
@@ -3,7 +3,7 @@
 
 Name:            opensc
 Version:         0.20.0
-Release:         8
+Release:         9
 License:         LGPLv2.1+
 Summary:         Smart card library and applications
 URL:             https://github.com/OpenSC/OpenSC/wiki
@@ -25,6 +25,8 @@ Patch12:         oberthur-One-more-overlooked-buffer-overflow.patch
 Patch13:         cardos-Correctly-calculate-the-left-bytes-to-avoid-b.patch
 Patch14:         oberthur-Handle-1B-OIDs.patch 
 Patch15:         Fix-ACLs-support.patch
+Patch16:         backport-tcos-Reformat-insert_pin-for-readability.patch
+Patch17:         backport-CVE-2021-42780-tcos-Check-bounds-in-insert_pin.patch
 
 BuildRequires:   openssl-devel pcsc-lite-devel bash-completion docbook-style-xsl readline-devel
 BuildRequires:   desktop-file-utils /usr/bin/xsltproc autoconf automake libtool gcc
@@ -148,6 +150,9 @@ make check
 %{_sysconfdir}/xdg/autostart/pkcs11-register.desktop
 
 %changelog
+* Mon May 9 2022 Hugel <gengqihu1@h-partners.com> - 0.20.0-9
+- fix CVE-2021-42780
+
 * Tue Aug 24 2021 wangjie <wangjie375@huawei.com> - 0.20.0-8
 - fix oss-fuzz