| Message ID | 1342113454-23110-2-git-send-email-sameo@linux.intel.com (mailing list archive) |
|---|---|
| State | Not Applicable, archived |
| Headers | show |
What is the bug we are preventing with this? On Thu, Jul 12, 2012 at 07:17:33PM +0200, Samuel Ortiz wrote: > From: Eric Lapuyade <eric.lapuyade@intel.com> > > Signed-off-by: Eric Lapuyade <eric.lapuyade@intel.com> > Reported-by: Mathias Jeppsson <mathias.jeppsson@sonymobile.com> > Signed-off-by: Samuel Ortiz <sameo@linux.intel.com> > --- > net/nfc/hci/core.c | 15 +++++++++++++++ > 1 file changed, 15 insertions(+) > > diff --git a/net/nfc/hci/core.c b/net/nfc/hci/core.c > index e1a640d..7b1ca7d 100644 > --- a/net/nfc/hci/core.c > +++ b/net/nfc/hci/core.c > @@ -170,6 +170,7 @@ static int nfc_hci_target_discovered(struct nfc_hci_dev *hdev, u8 gate) > struct nfc_target *targets; > struct sk_buff *atqa_skb = NULL; > struct sk_buff *sak_skb = NULL; > + struct sk_buff *uid_skb = NULL; > int r; > > pr_debug("from gate %d\n", gate); > @@ -205,6 +206,19 @@ static int nfc_hci_target_discovered(struct nfc_hci_dev *hdev, u8 gate) > targets->sens_res = be16_to_cpu(*(u16 *)atqa_skb->data); > targets->sel_res = sak_skb->data[0]; > > + r = nfc_hci_get_param(hdev, NFC_HCI_RF_READER_A_GATE, > + NFC_HCI_RF_READER_A_UID, &uid_skb); > + if (r < 0) > + goto exit; > + > + if (uid_skb->len == 0 || uid_skb->len > NFC_NFCID1_MAXSIZE) { > + r = -EPROTO; > + goto exit; > + } > + > + memcpy (targets->nfcid1, uid_skb->data, uid_skb->len); > + targets->nfcid1_len = uid_skb->len; > + > if (hdev->ops->complete_target_discovered) { > r = hdev->ops->complete_target_discovered(hdev, gate, > targets); > @@ -240,6 +254,7 @@ exit: > kfree(targets); > kfree_skb(atqa_skb); > kfree_skb(sak_skb); > + kfree_skb(uid_skb); > > return r; > } > -- > 1.7.10 > >
Hi John,
On Thu, Jul 12, 2012 at 01:30:35PM -0400, John W. Linville wrote:
> What is the bug we are preventing with this?
My bad for not having a proper changelog.
Let me send a new pull request to you with a better description.
Cheers,
Samuel.
diff --git a/net/nfc/hci/core.c b/net/nfc/hci/core.c index e1a640d..7b1ca7d 100644 --- a/net/nfc/hci/core.c +++ b/net/nfc/hci/core.c @@ -170,6 +170,7 @@ static int nfc_hci_target_discovered(struct nfc_hci_dev *hdev, u8 gate) struct nfc_target *targets; struct sk_buff *atqa_skb = NULL; struct sk_buff *sak_skb = NULL; + struct sk_buff *uid_skb = NULL; int r; pr_debug("from gate %d\n", gate); @@ -205,6 +206,19 @@ static int nfc_hci_target_discovered(struct nfc_hci_dev *hdev, u8 gate) targets->sens_res = be16_to_cpu(*(u16 *)atqa_skb->data); targets->sel_res = sak_skb->data[0]; + r = nfc_hci_get_param(hdev, NFC_HCI_RF_READER_A_GATE, + NFC_HCI_RF_READER_A_UID, &uid_skb); + if (r < 0) + goto exit; + + if (uid_skb->len == 0 || uid_skb->len > NFC_NFCID1_MAXSIZE) { + r = -EPROTO; + goto exit; + } + + memcpy (targets->nfcid1, uid_skb->data, uid_skb->len); + targets->nfcid1_len = uid_skb->len; + if (hdev->ops->complete_target_discovered) { r = hdev->ops->complete_target_discovered(hdev, gate, targets); @@ -240,6 +254,7 @@ exit: kfree(targets); kfree_skb(atqa_skb); kfree_skb(sak_skb); + kfree_skb(uid_skb); return r; }