diff options
| author | Sylvain Fonteneau <sylvain.fonteneau@trusted-logic.com> | 2011-05-23 13:41:52 +0200 |
|---|---|---|
| committer | Martijn Coenen <maco@google.com> | 2011-07-04 10:33:27 +0200 |
| commit | 3a9d18ff42ce17d62e1968ed93358d036989b670 (patch) | |
| tree | c74ec57df1a8875d7f52d5d5add0d25c34f46cfd | |
| parent | a74fcf0b7a509cb70b69c6362b704d8014edcab1 (diff) | |
| download | external_libnfc-nxp-3a9d18ff42ce17d62e1968ed93358d036989b670.zip external_libnfc-nxp-3a9d18ff42ce17d62e1968ed93358d036989b670.tar.gz external_libnfc-nxp-3a9d18ff42ce17d62e1968ed93358d036989b670.tar.bz2 | |
Check SAP range in LLCP sockets.
LLCP specification mentions that SAP numbers are allocated as follows:
- from 0x00 to 0x0F, used for well-known services
- from 0x10 to 0x1F, used for SDP advertised services
- from 0x20 to 0x3F, used for *non* SDP advertised services
This patch enforce this restriction.
Change-Id: Idd8ab4da4cfa9ad9e2dbf7eddc3c66900bcf9ff8
| -rw-r--r-- | src/phFriNfc_Llcp.h | 1 | ||||
| -rw-r--r-- | src/phFriNfc_LlcpTransport.c | 59 |
2 files changed, 49 insertions, 11 deletions
diff --git a/src/phFriNfc_Llcp.h b/src/phFriNfc_Llcp.h index a91afa5..287f9f9 100644 --- a/src/phFriNfc_Llcp.h +++ b/src/phFriNfc_Llcp.h @@ -117,6 +117,7 @@ extern char phOsalNfc_DbgTraceBuffer[]; /*@{*/ #define PHFRINFC_LLCP_SAP_LINK 0x00 /**< Link SAP.*/ #define PHFRINFC_LLCP_SAP_SDP 0x01 /**< Service Discovery Protocol SAP.*/ +#define PHFRINFC_LLCP_SAP_WKS_FIRST 0x02 /**< Other Well-Known Services defined by the NFC Forum.*/ #define PHFRINFC_LLCP_SAP_SDP_ADVERTISED_FIRST 0x10 /**< First SAP number from SDP-avertised SAP range.*/ #define PHFRINFC_LLCP_SAP_SDP_UNADVERTISED_FIRST 0x20 /**< First SAP number from SDP-unavertised SAP range.*/ #define PHFRINFC_LLCP_SAP_NUMBER 0x40 /**< Number of possible SAP values (also first invalid value).*/ diff --git a/src/phFriNfc_LlcpTransport.c b/src/phFriNfc_LlcpTransport.c index 2ec44cf..9638d90 100644 --- a/src/phFriNfc_LlcpTransport.c +++ b/src/phFriNfc_LlcpTransport.c @@ -32,6 +32,11 @@ #include <phFriNfc_LlcpTransport_Connectionless.h> #include <phFriNfc_LlcpTransport_Connection.h> +/* local macros */ + +/* Check if (a <= x < b) */ +#define IS_BETWEEN(x, a, b) (((x)>=(a)) && ((x)<(b))) + /* TODO: comment function Transport recv CB */ static void phFriNfc_LlcpTransport__Recv_CB(void *pContext, @@ -644,6 +649,20 @@ NFCSTATUS phFriNfc_LlcpTransport_Listen(phFriNfc_LlcpTransport_Socket_t* { status = PHNFCSTVAL(CID_FRI_NFC_LLCP_TRANSPORT, NFCSTATUS_INVALID_PARAMETER); } + /* Test the SAP range for SDP-advertised services */ + else if((psServiceName->length > 0) && + (!IS_BETWEEN(pLlcpSocket->socket_sSap, PHFRINFC_LLCP_SAP_SDP_ADVERTISED_FIRST, PHFRINFC_LLCP_SAP_SDP_UNADVERTISED_FIRST)) && + (!IS_BETWEEN(pLlcpSocket->socket_sSap, PHFRINFC_LLCP_SAP_WKS_FIRST, PHFRINFC_LLCP_SAP_SDP_ADVERTISED_FIRST))) + { + status = PHNFCSTVAL(CID_FRI_NFC_LLCP_TRANSPORT, NFCSTATUS_INVALID_PARAMETER); + } + /* Test the SAP range for non SDP-advertised services */ + else if((psServiceName->length == 0) && + (!IS_BETWEEN(pLlcpSocket->socket_sSap, PHFRINFC_LLCP_SAP_SDP_UNADVERTISED_FIRST, PHFRINFC_LLCP_SAP_NUMBER)) && + (!IS_BETWEEN(pLlcpSocket->socket_sSap, PHFRINFC_LLCP_SAP_WKS_FIRST, PHFRINFC_LLCP_SAP_SDP_ADVERTISED_FIRST))) + { + status = PHNFCSTVAL(CID_FRI_NFC_LLCP_TRANSPORT, NFCSTATUS_INVALID_PARAMETER); + } else { status = phFriNfc_LlcpTransport_ConnectionOriented_Listen(pLlcpSocket, @@ -847,14 +866,22 @@ NFCSTATUS phFriNfc_LlcpTransport_Connect( phFriNfc_LlcpTransport_Socket_t* pLlcpSocket->socket_sSap++; } } + pLlcpSocket->eSocket_State = phFriNfc_LlcpTransportSocket_eSocketBound; } - pLlcpSocket->eSocket_State = phFriNfc_LlcpTransportSocket_eSocketBound; - status = phFriNfc_LlcpTransport_ConnectionOriented_Connect(pLlcpSocket, - nSap, - NULL, - pConnect_RspCb, - pContext); + /* Test the SAP range for non SDP-advertised services */ + if(!IS_BETWEEN(pLlcpSocket->socket_sSap, PHFRINFC_LLCP_SAP_SDP_UNADVERTISED_FIRST, PHFRINFC_LLCP_SAP_NUMBER)) + { + status = PHNFCSTVAL(CID_FRI_NFC_LLCP_TRANSPORT, NFCSTATUS_INVALID_PARAMETER); + } + else + { + status = phFriNfc_LlcpTransport_ConnectionOriented_Connect(pLlcpSocket, + nSap, + NULL, + pConnect_RspCb, + pContext); + } } return status; @@ -927,12 +954,22 @@ NFCSTATUS phFriNfc_LlcpTransport_ConnectByUri(phFriNfc_LlcpTransport_Socket_t* pLlcpSocket->socket_sSap++; } } + pLlcpSocket->eSocket_State = phFriNfc_LlcpTransportSocket_eSocketBound; + } + + /* Test the SAP range for non SDP-advertised services */ + if(!IS_BETWEEN(pLlcpSocket->socket_sSap, PHFRINFC_LLCP_SAP_SDP_UNADVERTISED_FIRST, PHFRINFC_LLCP_SAP_NUMBER)) + { + status = PHNFCSTVAL(CID_FRI_NFC_LLCP_TRANSPORT, NFCSTATUS_INVALID_PARAMETER); + } + else + { + status = phFriNfc_LlcpTransport_ConnectionOriented_Connect(pLlcpSocket, + PHFRINFC_LLCP_SAP_DEFAULT, + psUri, + pConnect_RspCb, + pContext); } - status = phFriNfc_LlcpTransport_ConnectionOriented_Connect(pLlcpSocket, - PHFRINFC_LLCP_SAP_DEFAULT, - psUri, - pConnect_RspCb, - pContext); } return status; |