summaryrefslogtreecommitdiffstats
path: root/net/nfc
diff options
context:
space:
mode:
authorMark A. Greer <mgreer@animalcreek.com>2014-09-24 01:38:03 +0200
committerSamuel Ortiz <sameo@linux.intel.com>2014-11-28 12:37:58 +0100
commit6ce306682f7f07a5e9e51c655764ead214ef3869 (patch)
tree1805b58787ab94dea3e401d2e82e6b84ea35c480 /net/nfc
parentNFC: digital: Fix potential skb leaks in NFC-DEP code (diff)
downloadlinux-6ce306682f7f07a5e9e51c655764ead214ef3869.tar.xz
linux-6ce306682f7f07a5e9e51c655764ead214ef3869.zip
NFC: digital: Rearrange NFC-DEP DEP_REQ/DEP_RES Code
Rearrange some of the code in digital_in_recv_dep_res() and digital_tg_recv_dep_req() so the initial code looks similar. The real reason is prepare the code for some upcoming patches that require these changes. Reviewed-by: Thierry Escande <thierry.escande@linux.intel.com> Tested-by: Thierry Escande <thierry.escande@linux.intel.com> Signed-off-by: Mark A. Greer <mgreer@animalcreek.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Diffstat (limited to 'net/nfc')
-rw-r--r--net/nfc/digital_dep.c43
1 files changed, 22 insertions, 21 deletions
diff --git a/net/nfc/digital_dep.c b/net/nfc/digital_dep.c
index 70fcce03e8a9..f3f2b61fb5da 100644
--- a/net/nfc/digital_dep.c
+++ b/net/nfc/digital_dep.c
@@ -400,10 +400,10 @@ static void digital_in_recv_dep_res(struct nfc_digital_dev *ddev, void *arg,
goto exit;
}
+ size = sizeof(struct digital_dep_req_res);
dep_res = (struct digital_dep_req_res *)resp->data;
- if (resp->len < sizeof(struct digital_dep_req_res) ||
- dep_res->dir != DIGITAL_NFC_DEP_FRAME_DIR_IN ||
+ if (resp->len < size || dep_res->dir != DIGITAL_NFC_DEP_FRAME_DIR_IN ||
dep_res->cmd != DIGITAL_CMD_DEP_RES) {
rc = -EIO;
goto error;
@@ -411,6 +411,16 @@ static void digital_in_recv_dep_res(struct nfc_digital_dev *ddev, void *arg,
pfb = dep_res->pfb;
+ if (DIGITAL_NFC_DEP_DID_BIT_SET(pfb))
+ size++;
+
+ if (size > resp->len) {
+ rc = -EIO;
+ goto error;
+ }
+
+ skb_pull(resp, size);
+
switch (DIGITAL_NFC_DEP_PFB_TYPE(pfb)) {
case DIGITAL_NFC_DEP_PFB_I_PDU:
if (DIGITAL_NFC_DEP_PFB_PNI(pfb) != ddev->curr_nfc_dep_pni) {
@@ -435,7 +445,7 @@ static void digital_in_recv_dep_res(struct nfc_digital_dev *ddev, void *arg,
goto error;
}
- rc = digital_in_send_rtox(ddev, data_exch, resp->data[3]);
+ rc = digital_in_send_rtox(ddev, data_exch, resp->data[0]);
if (rc)
goto error;
@@ -449,18 +459,6 @@ static void digital_in_recv_dep_res(struct nfc_digital_dev *ddev, void *arg,
goto error;
}
- size = sizeof(struct digital_dep_req_res);
-
- if (DIGITAL_NFC_DEP_DID_BIT_SET(pfb))
- size++;
-
- if (size > resp->len) {
- rc = -EIO;
- goto error;
- }
-
- skb_pull(resp, size);
-
exit:
data_exch->cb(data_exch->cb_context, resp, rc);
@@ -524,6 +522,7 @@ static void digital_tg_recv_dep_req(struct nfc_digital_dev *ddev, void *arg,
{
int rc;
struct digital_dep_req_res *dep_req;
+ u8 pfb;
size_t size;
if (IS_ERR(resp)) {
@@ -553,18 +552,22 @@ static void digital_tg_recv_dep_req(struct nfc_digital_dev *ddev, void *arg,
goto exit;
}
- if (DIGITAL_NFC_DEP_DID_BIT_SET(dep_req->pfb))
+ pfb = dep_req->pfb;
+
+ if (DIGITAL_NFC_DEP_DID_BIT_SET(pfb))
size++;
- if (resp->len < size) {
+ if (size > resp->len) {
rc = -EIO;
goto exit;
}
- switch (DIGITAL_NFC_DEP_PFB_TYPE(dep_req->pfb)) {
+ skb_pull(resp, size);
+
+ switch (DIGITAL_NFC_DEP_PFB_TYPE(pfb)) {
case DIGITAL_NFC_DEP_PFB_I_PDU:
pr_debug("DIGITAL_NFC_DEP_PFB_I_PDU\n");
- ddev->curr_nfc_dep_pni = DIGITAL_NFC_DEP_PFB_PNI(dep_req->pfb);
+ ddev->curr_nfc_dep_pni = DIGITAL_NFC_DEP_PFB_PNI(pfb);
break;
case DIGITAL_NFC_DEP_PFB_ACK_NACK_PDU:
pr_err("Received a ACK/NACK PDU\n");
@@ -576,8 +579,6 @@ static void digital_tg_recv_dep_req(struct nfc_digital_dev *ddev, void *arg,
goto exit;
}
- skb_pull(resp, size);
-
rc = nfc_tm_data_received(ddev->nfc_dev, resp);
exit: