Merge tag 'for-linus-4.1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml

[sfrench/cifs-2.6.git] / drivers / nfc / st21nfcb / st21nfcb_se.c

diff --git a/drivers/nfc/st21nfcb/st21nfcb_se.c b/drivers/nfc/st21nfcb/st21nfcb_se.c
index 7c82e9d87a65d718a92b7066e6b06c3b233e5c60..24862a525fb5044bbb3d18c8ea593e82b6f2c9bb 100644 (file)
--- a/drivers/nfc/st21nfcb/st21nfcb_se.c
+++ b/drivers/nfc/st21nfcb/st21nfcb_se.c
@@ -321,6 +321,12 @@ static int st21nfcb_hci_connectivity_event_received(struct nci_dev *ndev,
 
        break;
        case ST21NFCB_EVT_TRANSACTION:
+               /* According to specification etsi 102 622
+                * 11.2.2.4 EVT_TRANSACTION Table 52
+                * Description  Tag     Length
+                * AID          81      5 to 16
+                * PARAMETERS   82      0 to 255
+                */
                if (skb->len < NFC_MIN_AID_LENGTH + 2 &&
                    skb->data[0] != NFC_EVT_TRANSACTION_AID_TAG)
                        return -EPROTO;
@@ -329,8 +335,9 @@ static int st21nfcb_hci_connectivity_event_received(struct nci_dev *ndev,
                                            skb->len - 2, GFP_KERNEL);
 
                transaction->aid_len = skb->data[1];
-               memcpy(transaction->aid, &skb->data[2], skb->data[1]);
+               memcpy(transaction->aid, &skb->data[2], transaction->aid_len);
 
+               /* Check next byte is PARAMETERS tag (82) */
                if (skb->data[transaction->aid_len + 2] !=
                    NFC_EVT_TRANSACTION_PARAMS_TAG)
                        return -EPROTO;
@@ -340,6 +347,7 @@ static int st21nfcb_hci_connectivity_event_received(struct nci_dev *ndev,
                       transaction->aid_len + 4, transaction->params_len);
 
                r = nfc_se_transaction(ndev->nfc_dev, host, transaction);
+               break;
        default:
                return 1;
        }
@@ -542,14 +550,12 @@ static int st21nfcb_hci_network_init(struct nci_dev *ndev)
 
        r = nci_hci_dev_session_init(ndev);
        if (r != NCI_HCI_ANY_OK)
-               goto exit;
+               goto free_dest_params;
 
        r = nci_nfcee_mode_set(ndev, ndev->hci_dev->conn_info->id,
                               NCI_NFCEE_ENABLE);
        if (r != NCI_STATUS_OK)
-               goto exit;
-
-       return 0;
+               goto free_dest_params;
 
 free_dest_params:
        kfree(dest_params);