File opensc-0_13_0-CVE-2020-26570.patch of Package opensc
Index: opensc-0.13.0/src/libopensc/pkcs15-oberthur.c
===================================================================
--- opensc-0.13.0.orig/src/libopensc/pkcs15-oberthur.c
+++ opensc-0.13.0/src/libopensc/pkcs15-oberthur.c
@@ -265,11 +265,15 @@ sc_oberthur_read_file(struct sc_pkcs15_c
rv = sc_read_binary(card, 0, *out, sz, 0);
}
else {
- int rec;
- int offs = 0;
- int rec_len = file->record_length;
-
+ size_t rec;
+ size_t offs = 0;
+ size_t rec_len = file->record_length;
+
for (rec = 1; ; rec++) {
+ if ((file->record_count < 0) || (rec > (size_t)file->record_count)) {
+ rv = 0;
+ break;
+ }
rv = sc_read_record(card, rec, *out + offs + 2, rec_len, SC_RECORD_BY_REC_NR);
if (rv == SC_ERROR_RECORD_NOT_FOUND) {
rv = 0;