SECURITY FIX for SA42658,

OpenSC Serial Number Processing Buffer Overflow Vulnerabilities.

patches from upstream svn
ok maintainer

security/opensc/Makefile

@@ -1,8 +1,9 @@
-# $OpenBSD: Makefile,v 1.14 2010/11/20 17:22:44 espie Exp $
+# $OpenBSD: Makefile,v 1.15 2010/12/27 15:30:11 jasper Exp $
 
 COMMENT=	set of libraries and utilities to access smart cards
 
 DISTNAME=	opensc-0.11.13
+REVISION=	0
 CATEGORIES=	security
 SHARED_LIBS +=  scconf               2.0      # .1.0
 SHARED_LIBS +=  opensc               2.0      # .1.0

security/opensc/patches/patch-src_libopensc_card-acos5_c

@@ -0,0 +1,21 @@
+$OpenBSD: patch-src_libopensc_card-acos5_c,v 1.1 2010/12/27 15:30:11 jasper Exp $
+
+Security fix for SA42658
+OpenSC Serial Number Processing Buffer Overflow Vulnerabilities.
+
+Patch from upstream svn:
+https://www.opensc-project.org/opensc/changeset/4913
+
+--- src/libopensc/card-acos5.c.orig	Mon Dec 27 13:06:14 2010
++++ src/libopensc/card-acos5.c	Mon Dec 27 13:06:27 2010
+@@ -140,8 +140,8 @@ static int acos5_get_serialnr(sc_card_t * card, sc_ser
+ 	/*
+ 	 * Cache serial number.
+ 	 */
+-	memcpy(card->serialnr.value, apdu.resp, apdu.resplen);
+-	card->serialnr.len = apdu.resplen;
++	memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR));
++	card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR);
+ 
+ 	/*
+ 	 * Copy and return serial number.

security/opensc/patches/patch-src_libopensc_card-atrust-acos_c

@@ -0,0 +1,21 @@
+$OpenBSD: patch-src_libopensc_card-atrust-acos_c,v 1.1 2010/12/27 15:30:11 jasper Exp $
+
+Security fix for SA42658
+OpenSC Serial Number Processing Buffer Overflow Vulnerabilities.
+
+Patch from upstream svn:
+https://www.opensc-project.org/opensc/changeset/4913
+
+--- src/libopensc/card-atrust-acos.c.orig	Mon Dec 27 13:04:23 2010
++++ src/libopensc/card-atrust-acos.c	Mon Dec 27 13:04:46 2010
+@@ -853,8 +853,8 @@ static int acos_get_serialnr(sc_card_t *card, sc_seria
+ 	if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00)
+ 		return SC_ERROR_INTERNAL;
+ 	/* cache serial number */
+-	memcpy(card->serialnr.value, apdu.resp, apdu.resplen);
+-	card->serialnr.len = apdu.resplen;
++	memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR));
++	card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR);
+ 	/* copy and return serial number */
+ 	memcpy(serial, &card->serialnr, sizeof(*serial));
+ 	return SC_SUCCESS;

security/opensc/patches/patch-src_libopensc_card-starcos_c

@@ -0,0 +1,21 @@
+$OpenBSD: patch-src_libopensc_card-starcos_c,v 1.1 2010/12/27 15:30:11 jasper Exp $
+
+Security fix for SA42658
+OpenSC Serial Number Processing Buffer Overflow Vulnerabilities.
+
+Patch from upstream svn:
+https://www.opensc-project.org/opensc/changeset/4913
+
+--- src/libopensc/card-starcos.c.orig	Mon Dec 27 13:05:41 2010
++++ src/libopensc/card-starcos.c	Mon Dec 27 13:06:02 2010
+@@ -1289,8 +1289,8 @@ static int starcos_get_serialnr(sc_card_t *card, sc_se
+ 	if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00)
+ 		return SC_ERROR_INTERNAL;
+ 	/* cache serial number */
+-	memcpy(card->serialnr.value, apdu.resp, apdu.resplen);
+-	card->serialnr.len = apdu.resplen;
++	memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR));
++	card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR);
+ 	/* copy and return serial number */
+ 	memcpy(serial, &card->serialnr, sizeof(*serial));
+ 	return SC_SUCCESS;

security/opensc/patches/patch-src_libopensc_cardctl_h

@@ -0,0 +1,17 @@
+$OpenBSD: patch-src_libopensc_cardctl_h,v 1.1 2010/12/27 15:30:11 jasper Exp $
+
+Provide a definition of MIN() in case it's not defined already.
+
+--- src/libopensc/cardctl.h.orig	Mon Dec 27 13:11:32 2010
++++ src/libopensc/cardctl.h	Mon Dec 27 13:11:47 2010
+@@ -740,6 +740,10 @@ typedef struct sc_rtecp_genkey_data {
+ 	unsigned char  *invq;
+ };
+ 
++#ifndef MIN
++#define MIN(a,b) (((a) < (b)) ? (a) : (b))
++#endif
++
+ #ifdef __cplusplus
+ }
+ #endif