diff options
author | Sylvain Fonteneau <sylvain.fonteneau@trusted-logic.com> | 2011-03-25 15:23:53 +0100 |
---|---|---|
committer | Nick Pelly <npelly@google.com> | 2011-03-31 11:27:59 +0800 |
commit | b7e67c8dbd4aa5892815bfed4e7ff934cf49b904 (patch) | |
tree | eb2437d7d9e4b79d2594a7ae6479e119e43e67bc /src/phFriNfc_Llcp.c | |
parent | 00c98d516cac9dcdad6c22400267a2fd2bea3adf (diff) | |
download | external_libnfc-nxp-b7e67c8dbd4aa5892815bfed4e7ff934cf49b904.zip external_libnfc-nxp-b7e67c8dbd4aa5892815bfed4e7ff934cf49b904.tar.gz external_libnfc-nxp-b7e67c8dbd4aa5892815bfed4e7ff934cf49b904.tar.bz2 |
Handle correctly LLCP aggregated frames.
The parsing algorithm for AGF frames has been fixed. It was previously
only working if aggregated frames were 4-bytes long.
The current stack only support mandatory de-aggregation. It does not
send aggregated frames, so there won't be interop issue with previous
versions.
This fix prevents reading erroneous de-aggregated frames and rejecting
them using FRMR when communicating with an LLCP implementation
using aggregation mechanism.
Change-Id: Ia5728496a2917b6a57f478cc51dc0aaa0fcc165a
Diffstat (limited to 'src/phFriNfc_Llcp.c')
-rw-r--r-- | src/phFriNfc_Llcp.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/src/phFriNfc_Llcp.c b/src/phFriNfc_Llcp.c index b4f461c..13f1f92 100644 --- a/src/phFriNfc_Llcp.c +++ b/src/phFriNfc_Llcp.c @@ -302,6 +302,7 @@ static NFCSTATUS phFriNfc_Llcp_HandleAggregatedPacket( phFriNfc_Llcp_t *Llcp, phNfc_sData_t *psRawPacket ) { phNfc_sData_t sInfo; + phNfc_sData_t sCurrentInfo; uint16_t length; NFCSTATUS status; @@ -326,8 +327,8 @@ static NFCSTATUS phFriNfc_Llcp_HandleAggregatedPacket( phFriNfc_Llcp_t *Llcp, /* Read length */ length = (sInfo.buffer[0] << 8) | sInfo.buffer[1]; /* Update info buffer */ - sInfo.buffer += sizeof(sInfo.length); - sInfo.length -= sizeof(sInfo.length); + sInfo.buffer += 2; /*Size of length field is 2*/ + sInfo.length -= 2; /*Size of length field is 2*/ /* Check if declared length fits in remaining space */ if (length > sInfo.length) { @@ -348,10 +349,12 @@ static NFCSTATUS phFriNfc_Llcp_HandleAggregatedPacket( phFriNfc_Llcp_t *Llcp, /* Read length */ length = (sInfo.buffer[0] << 8) | sInfo.buffer[1]; /* Update info buffer */ - sInfo.buffer += sizeof(sInfo.length); - sInfo.length -= sizeof(sInfo.length); + sInfo.buffer += 2; /* Size of length field is 2 */ + sInfo.length -= 2; /*Size of length field is 2*/ /* Handle aggregated packet */ - status = phFriNfc_Llcp_HandleIncomingPacket(Llcp, &sInfo); + sCurrentInfo.buffer=sInfo.buffer; + sCurrentInfo.length=length; + status = phFriNfc_Llcp_HandleIncomingPacket(Llcp, &sCurrentInfo); if ( (status != NFCSTATUS_SUCCESS) && (status != NFCSTATUS_PENDING) ) { |