From: Samuel Ortiz <sameo@linux.intel.com>
Date: Sat, 4 Jan 2014 02:23:35 +0000 (+0100)
Subject: NFC: pn533: Frame is invalid if ccid.datalen is 0
X-Git-Tag: v3.14-rc1~94^2~113^2^2~38^2~13
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ea87a5efa9efa84cd48fbf7a969d951b32c9e5e4;p=thirdparty%2Flinux.git

NFC: pn533: Frame is invalid if ccid.datalen is 0

Some ACR122 firmwares seem to send 0 length data frames. Before using
that length as a data index, we check that it's not 0. If it is we
report the frame as being invalid.

Reported-by: Arthur Taylor <arthur@advancedtelematic.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
---

diff --git a/drivers/nfc/pn533.c b/drivers/nfc/pn533.c
index 3df19e657bc1e..cf1a87bb74f86 100644
--- a/drivers/nfc/pn533.c
+++ b/drivers/nfc/pn533.c
@@ -521,6 +521,9 @@ static bool pn533_acr122_is_rx_frame_valid(void *_frame, struct pn533 *dev)
 	if (frame->ccid.type != 0x83)
 		return false;
 
+	if (!frame->ccid.datalen)
+		return false;
+
 	if (frame->data[frame->ccid.datalen - 2] == 0x63)
 		return false;