diff options
Diffstat (limited to 'drivers/nfc/st21nfcb/st21nfcb_se.c')
-rw-r--r-- | drivers/nfc/st21nfcb/st21nfcb_se.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/drivers/nfc/st21nfcb/st21nfcb_se.c b/drivers/nfc/st21nfcb/st21nfcb_se.c index 7c82e9d87a65..24862a525fb5 100644 --- a/drivers/nfc/st21nfcb/st21nfcb_se.c +++ b/drivers/nfc/st21nfcb/st21nfcb_se.c @@ -321,6 +321,12 @@ static int st21nfcb_hci_connectivity_event_received(struct nci_dev *ndev, break; case ST21NFCB_EVT_TRANSACTION: + /* According to specification etsi 102 622 + * 11.2.2.4 EVT_TRANSACTION Table 52 + * Description Tag Length + * AID 81 5 to 16 + * PARAMETERS 82 0 to 255 + */ if (skb->len < NFC_MIN_AID_LENGTH + 2 && skb->data[0] != NFC_EVT_TRANSACTION_AID_TAG) return -EPROTO; @@ -329,8 +335,9 @@ static int st21nfcb_hci_connectivity_event_received(struct nci_dev *ndev, skb->len - 2, GFP_KERNEL); transaction->aid_len = skb->data[1]; - memcpy(transaction->aid, &skb->data[2], skb->data[1]); + memcpy(transaction->aid, &skb->data[2], transaction->aid_len); + /* Check next byte is PARAMETERS tag (82) */ if (skb->data[transaction->aid_len + 2] != NFC_EVT_TRANSACTION_PARAMS_TAG) return -EPROTO; @@ -340,6 +347,7 @@ static int st21nfcb_hci_connectivity_event_received(struct nci_dev *ndev, transaction->aid_len + 4, transaction->params_len); r = nfc_se_transaction(ndev->nfc_dev, host, transaction); + break; default: return 1; } @@ -542,14 +550,12 @@ static int st21nfcb_hci_network_init(struct nci_dev *ndev) r = nci_hci_dev_session_init(ndev); if (r != NCI_HCI_ANY_OK) - goto exit; + goto free_dest_params; r = nci_nfcee_mode_set(ndev, ndev->hci_dev->conn_info->id, NCI_NFCEE_ENABLE); if (r != NCI_STATUS_OK) - goto exit; - - return 0; + goto free_dest_params; free_dest_params: kfree(dest_params); |