Commit ea87a5ef authored by Samuel Ortiz's avatar Samuel Ortiz

NFC: pn533: Frame is invalid if ccid.datalen is 0

Some ACR122 firmwares seem to send 0 length data frames. Before using
that length as a data index, we check that it's not 0. If it is we
report the frame as being invalid.
Reported-by: default avatarArthur Taylor <arthur@advancedtelematic.com>
Signed-off-by: default avatarSamuel Ortiz <sameo@linux.intel.com>
parent a434c240
...@@ -521,6 +521,9 @@ static bool pn533_acr122_is_rx_frame_valid(void *_frame, struct pn533 *dev) ...@@ -521,6 +521,9 @@ static bool pn533_acr122_is_rx_frame_valid(void *_frame, struct pn533 *dev)
if (frame->ccid.type != 0x83) if (frame->ccid.type != 0x83)
return false; return false;
if (!frame->ccid.datalen)
return false;
if (frame->data[frame->ccid.datalen - 2] == 0x63) if (frame->data[frame->ccid.datalen - 2] == 0x63)
return false; return false;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment