add patch from upstream to protect for possible buffer overflows from

rogue cards (SA42658)
author: drochner <drochner@pkgsrc.org> 2010-12-16 18:00:59 +0000
committer: drochner <drochner@pkgsrc.org> 2010-12-16 18:00:59 +0000
commit: 4b032efd8e79c70394f410808b996eddac9d8c2f (patch)
tree: 27bf9b2662d241bf27aa768a1dd1aa8eabed7d33 /security/opensc
parent: 65dbc06625f10634ade315fc0dfee68f769d817b (diff)
download: pkgsrc-4b032efd8e79c70394f410808b996eddac9d8c2f.tar.gz
6 files changed, 68 insertions, 2 deletions
diff --git a/security/opensc/Makefile b/security/opensc/Makefile
index 6a3f649c8a2..6d9ce8c8943 100644
--- a/security/opensc/Makefile
+++ b/security/opensc/Makefile
@@ -1,10 +1,12 @@
-# $NetBSD: Makefile,v 1.6 2010/09/01 15:59:22 drochner Exp $
+# $NetBSD: Makefile,v 1.7 2010/12/16 18:00:59 drochner Exp $
 
 COMMENT=		Smart Card drivers and middleware
 LICENSE=		gnu-lgpl-v2.1
 
 .include "../../security/opensc/Makefile.common"
 
+PKGREVISION=	1
+
 PKG_DESTDIR_SUPPORT=	user-destdir
 
 CONFIGURE_ARGS+=	--disable-nsplugin
diff --git a/security/opensc/distinfo b/security/opensc/distinfo
index 43ca8e82f2f..a742deac56d 100644
--- a/security/opensc/distinfo
+++ b/security/opensc/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.6 2010/09/01 15:59:22 drochner Exp $
+$NetBSD: distinfo,v 1.7 2010/12/16 18:00:59 drochner Exp $
 
 SHA1 (opensc-0.11.13.tar.gz) = 408b374286004c3df15ec17856f69fd4c2a1aceb
 RMD160 (opensc-0.11.13.tar.gz) = cd900866e51cd64fa7c5a3287cd58193dec26528
@@ -7,3 +7,7 @@ SHA1 (patch-aa) = ad1c02161590c43170137d1deeaf5e88e7fef1ce
 SHA1 (patch-ab) = 6d3d055abd1b94c7024838b9b25cc6005af0d36a
 SHA1 (patch-ac) = 6c77415312d1ab149a9cbae9c49f4cf31c950502
 SHA1 (patch-ad) = a618df0e8bc59af9ccea3f3b423b363e09ab0a4c
+SHA1 (patch-ae) = 94ca059a2e9bf5689f4193587247e443213df9a4
+SHA1 (patch-af) = 3b8db1b680c833940973f11b8abb47e34fa5ecd0
+SHA1 (patch-ag) = 1d2de187008d4ce9aac1f97f829aafd035324082
+SHA1 (patch-ah) = e9a8e3aa06af5a7ce47015f8eba41fd2bb12b32d
diff --git a/security/opensc/patches/patch-ae b/security/opensc/patches/patch-ae
new file mode 100644
index 00000000000..993a51ca273
--- /dev/null
+++ b/security/opensc/patches/patch-ae
@@ -0,0 +1,15 @@
+$NetBSD: patch-ae,v 1.1 2010/12/16 18:00:59 drochner Exp $
+
+--- src/libopensc/card-acos5.c.orig	2010-02-16 09:03:28.000000000 +0000
++++ src/libopensc/card-acos5.c
+@@ -140,8 +140,8 @@ static int acos5_get_serialnr(sc_card_t 
+ 	/*
+ 	 * Cache serial number.
+ 	 */
+-	memcpy(card->serialnr.value, apdu.resp, apdu.resplen);
+-	card->serialnr.len = apdu.resplen;
++	memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR));
++	card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR);
+ 
+ 	/*
+ 	 * Copy and return serial number.
diff --git a/security/opensc/patches/patch-af b/security/opensc/patches/patch-af
new file mode 100644
index 00000000000..81d122fc066
--- /dev/null
+++ b/security/opensc/patches/patch-af
@@ -0,0 +1,15 @@
+$NetBSD: patch-af,v 1.1 2010/12/16 18:00:59 drochner Exp $
+
+--- src/libopensc/card-atrust-acos.c.orig	2010-02-16 09:03:28.000000000 +0000
++++ src/libopensc/card-atrust-acos.c
+@@ -853,8 +853,8 @@ static int acos_get_serialnr(sc_card_t *
+ 	if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00)
+ 		return SC_ERROR_INTERNAL;
+ 	/* cache serial number */
+-	memcpy(card->serialnr.value, apdu.resp, apdu.resplen);
+-	card->serialnr.len = apdu.resplen;
++	memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR));
++	card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR);
+ 	/* copy and return serial number */
+ 	memcpy(serial, &card->serialnr, sizeof(*serial));
+ 	return SC_SUCCESS;
diff --git a/security/opensc/patches/patch-ag b/security/opensc/patches/patch-ag
new file mode 100644
index 00000000000..dc51e79344b
--- /dev/null
+++ b/security/opensc/patches/patch-ag
@@ -0,0 +1,15 @@
+$NetBSD: patch-ag,v 1.1 2010/12/16 18:00:59 drochner Exp $
+
+--- src/libopensc/card-starcos.c.orig	2010-02-16 09:03:28.000000000 +0000
++++ src/libopensc/card-starcos.c
+@@ -1289,8 +1289,8 @@ static int starcos_get_serialnr(sc_card_
+ 	if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00)
+ 		return SC_ERROR_INTERNAL;
+ 	/* cache serial number */
+-	memcpy(card->serialnr.value, apdu.resp, apdu.resplen);
+-	card->serialnr.len = apdu.resplen;
++	memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR));
++	card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR);
+ 	/* copy and return serial number */
+ 	memcpy(serial, &card->serialnr, sizeof(*serial));
+ 	return SC_SUCCESS;
diff --git a/security/opensc/patches/patch-ah b/security/opensc/patches/patch-ah
new file mode 100644
index 00000000000..c88b2301c89
--- /dev/null
+++ b/security/opensc/patches/patch-ah
@@ -0,0 +1,15 @@
+$NetBSD: patch-ah,v 1.1 2010/12/16 18:00:59 drochner Exp $
+
+--- src/libopensc/internal.h.orig	2010-02-16 09:03:28.000000000 +0000
++++ src/libopensc/internal.h
+@@ -39,6 +39,10 @@ extern "C" {
+ #include <windows.h>
+ #endif
+ 
++#ifndef MIN
++#define MIN(a,b) ((a) < (b) ? (a) : (b))
++#endif
++
+ #define SC_FILE_MAGIC			0x14426950
+ #define SC_CARD_MAGIC			0x27182818
+ #define SC_CTX_MAGIC			0x0A550335
author	drochner <drochner@pkgsrc.org>	2010-12-16 18:00:59 +0000
committer	drochner <drochner@pkgsrc.org>	2010-12-16 18:00:59 +0000
commit	4b032efd8e79c70394f410808b996eddac9d8c2f (patch)
tree	27bf9b2662d241bf27aa768a1dd1aa8eabed7d33 /security/opensc
parent	65dbc06625f10634ade315fc0dfee68f769d817b (diff)
download	pkgsrc-4b032efd8e79c70394f410808b996eddac9d8c2f.tar.gz