Description: protect against possible buffer overflows from rogue cards
 (CVE-2010-4523)
Origin: https://www.opensc-project.org/opensc/changeset/4913
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607427
Forwarded: not-needed
Last-Update: 2010-12-22

--- opensc-0.11.13.orig/src/libopensc/card-acos5.c
+++ opensc-0.11.13/src/libopensc/card-acos5.c
@@ -140,8 +140,8 @@
 	/*
 	 * Cache serial number.
 	 */
-	memcpy(card->serialnr.value, apdu.resp, apdu.resplen);
-	card->serialnr.len = apdu.resplen;
+	memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR));
+	card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR);
 
 	/*
 	 * Copy and return serial number.
--- opensc-0.11.13.orig/src/libopensc/card-atrust-acos.c
+++ opensc-0.11.13/src/libopensc/card-atrust-acos.c
@@ -853,8 +853,8 @@
 	if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00)
 		return SC_ERROR_INTERNAL;
 	/* cache serial number */
-	memcpy(card->serialnr.value, apdu.resp, apdu.resplen);
-	card->serialnr.len = apdu.resplen;
+	memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR));
+	card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR);
 	/* copy and return serial number */
 	memcpy(serial, &card->serialnr, sizeof(*serial));
 	return SC_SUCCESS;
--- opensc-0.11.13.orig/src/libopensc/card-starcos.c
+++ opensc-0.11.13/src/libopensc/card-starcos.c
@@ -1289,8 +1289,8 @@
 	if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00)
 		return SC_ERROR_INTERNAL;
 	/* cache serial number */
-	memcpy(card->serialnr.value, apdu.resp, apdu.resplen);
-	card->serialnr.len = apdu.resplen;
+	memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR));
+	card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR);
 	/* copy and return serial number */
 	memcpy(serial, &card->serialnr, sizeof(*serial));
 	return SC_SUCCESS;
