summaryrefslogtreecommitdiffstats
path: root/drivers/nfc
diff options
context:
space:
mode:
authorSamuel Ortiz <sameo@linux.intel.com>2014-01-04 03:23:35 +0100
committerSamuel Ortiz <sameo@linux.intel.com>2014-01-04 03:32:27 +0100
commitea87a5efa9efa84cd48fbf7a969d951b32c9e5e4 (patch)
tree1eadf018fa8ada1fc741cca9fa0931ac70fefd54 /drivers/nfc
parenta434c2407467a76c0e1416c45f7b31cfbe1b6b3b (diff)
downloadlinux-ea87a5efa9efa84cd48fbf7a969d951b32c9e5e4.tar.gz
linux-ea87a5efa9efa84cd48fbf7a969d951b32c9e5e4.tar.bz2
linux-ea87a5efa9efa84cd48fbf7a969d951b32c9e5e4.zip
NFC: pn533: Frame is invalid if ccid.datalen is 0
Some ACR122 firmwares seem to send 0 length data frames. Before using that length as a data index, we check that it's not 0. If it is we report the frame as being invalid. Reported-by: Arthur Taylor <arthur@advancedtelematic.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Diffstat (limited to 'drivers/nfc')
-rw-r--r--drivers/nfc/pn533.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/drivers/nfc/pn533.c b/drivers/nfc/pn533.c
index 3df19e657bc1..cf1a87bb74f8 100644
--- a/drivers/nfc/pn533.c
+++ b/drivers/nfc/pn533.c
@@ -521,6 +521,9 @@ static bool pn533_acr122_is_rx_frame_valid(void *_frame, struct pn533 *dev)
if (frame->ccid.type != 0x83)
return false;
+ if (!frame->ccid.datalen)
+ return false;
+
if (frame->data[frame->ccid.datalen - 2] == 0x63)
return false;