diff options
-rw-r--r-- | drivers/nfc/st21nfcb/st21nfcb_se.c | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/drivers/nfc/st21nfcb/st21nfcb_se.c b/drivers/nfc/st21nfcb/st21nfcb_se.c index f7977a47c047..9f4d8b744f32 100644 --- a/drivers/nfc/st21nfcb/st21nfcb_se.c +++ b/drivers/nfc/st21nfcb/st21nfcb_se.c @@ -311,14 +311,35 @@ static int st21nfcb_hci_connectivity_event_received(struct nci_dev *ndev, struct sk_buff *skb) { int r = 0; + struct device *dev = &ndev->nfc_dev->dev; + struct nfc_evt_transaction *transaction; pr_debug("connectivity gate event: %x\n", event); switch (event) { case ST21NFCB_EVT_CONNECTIVITY: + break; case ST21NFCB_EVT_TRANSACTION: - break; + if (skb->len < NFC_MIN_AID_LENGTH + 2 && + skb->data[0] != NFC_EVT_TRANSACTION_AID_TAG) + return -EPROTO; + + transaction = (struct nfc_evt_transaction *)devm_kzalloc(dev, + skb->len - 2, GFP_KERNEL); + + transaction->aid_len = skb->data[1]; + memcpy(transaction->aid, &skb->data[2], skb->data[1]); + + if (skb->data[transaction->aid_len + 2] != + NFC_EVT_TRANSACTION_PARAMS_TAG) + return -EPROTO; + + transaction->params_len = skb->data[transaction->aid_len + 3]; + memcpy(transaction->params, skb->data + + transaction->aid_len + 4, transaction->params_len); + + r = nfc_se_transaction(ndev->nfc_dev, host, transaction); default: return 1; } |