diff options
author | Samuel Ortiz <sameo@linux.intel.com> | 2014-01-04 03:23:35 +0100 |
---|---|---|
committer | Samuel Ortiz <sameo@linux.intel.com> | 2014-01-04 03:32:27 +0100 |
commit | ea87a5efa9efa84cd48fbf7a969d951b32c9e5e4 (patch) | |
tree | 1eadf018fa8ada1fc741cca9fa0931ac70fefd54 /drivers/nfc | |
parent | a434c2407467a76c0e1416c45f7b31cfbe1b6b3b (diff) | |
download | linux-ea87a5efa9efa84cd48fbf7a969d951b32c9e5e4.tar.gz linux-ea87a5efa9efa84cd48fbf7a969d951b32c9e5e4.tar.bz2 linux-ea87a5efa9efa84cd48fbf7a969d951b32c9e5e4.zip |
NFC: pn533: Frame is invalid if ccid.datalen is 0
Some ACR122 firmwares seem to send 0 length data frames. Before using
that length as a data index, we check that it's not 0. If it is we
report the frame as being invalid.
Reported-by: Arthur Taylor <arthur@advancedtelematic.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Diffstat (limited to 'drivers/nfc')
-rw-r--r-- | drivers/nfc/pn533.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/drivers/nfc/pn533.c b/drivers/nfc/pn533.c index 3df19e657bc1..cf1a87bb74f8 100644 --- a/drivers/nfc/pn533.c +++ b/drivers/nfc/pn533.c @@ -521,6 +521,9 @@ static bool pn533_acr122_is_rx_frame_valid(void *_frame, struct pn533 *dev) if (frame->ccid.type != 0x83) return false; + if (!frame->ccid.datalen) + return false; + if (frame->data[frame->ccid.datalen - 2] == 0x63) return false; |