NFC: digital: Ensure no DID in NFC-DEP responses
authorMark A. Greer <mgreer@animalcreek.com>
Tue, 23 Sep 2014 23:38:04 +0000 (16:38 -0700)
committerSamuel Ortiz <sameo@linux.intel.com>
Fri, 28 Nov 2014 11:38:10 +0000 (12:38 +0100)
When in Initiator mode, the digital layer's
NFC-DEP code always sets the Device ID (DID)
value in the ATR_REQ to '0'.  This means that
subsequent DEP_REQ and DEP_RES frames must
never include a DID byte.  This is specified
in sections 14.8.1.1 and 14.8.2.1 of the NFC
Digital Protocol Spec.

Currently, the digital layer's NFC-DEP code
doesn't enforce this rule so add code to ensure
that there is no DID byte in DEP_RES frames.

Reviewed-by: Thierry Escande <thierry.escande@linux.intel.com>
Tested-by: Thierry Escande <thierry.escande@linux.intel.com>
Signed-off-by: Mark A. Greer <mgreer@animalcreek.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
net/nfc/digital_dep.c

index f3f2b61fb5da3f3dbdf7637f0095910a1155571b..d07c9ab993c83ac11770471e60cf6a4fecf9900f 100644 (file)
@@ -411,8 +411,11 @@ static void digital_in_recv_dep_res(struct nfc_digital_dev *ddev, void *arg,
 
        pfb = dep_res->pfb;
 
-       if (DIGITAL_NFC_DEP_DID_BIT_SET(pfb))
-               size++;
+       if (DIGITAL_NFC_DEP_DID_BIT_SET(pfb)) {
+               PROTOCOL_ERR("14.8.2.1");
+               rc = -EIO;
+               goto error;
+       }
 
        if (size > resp->len) {
                rc = -EIO;