Skip to content

Commit 0b23d66

Browse files
Olivier GuiterSamuel Ortiz
authored andcommitted
NFC: llcp: Fix zero octets length SDU handling
LLCP Validation test Digilent#2 (Connection-less information transfer) send a service data unit of zero octets length. This is now handled correctly. Signed-off-by: Olivier Guiter <olivier.guiter@linux.intel.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
1 parent 00e856d commit 0b23d66

1 file changed

Lines changed: 8 additions & 8 deletions

File tree

net/nfc/llcp/commands.c

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -694,8 +694,7 @@ int nfc_llcp_send_i_frame(struct nfc_llcp_sock *sock,
694694
remaining_len = len;
695695
msg_ptr = msg_data;
696696

697-
while (remaining_len > 0) {
698-
697+
do {
699698
frag_len = min_t(size_t, sock->remote_miu, remaining_len);
700699

701700
pr_debug("Fragment %zd bytes remaining %zd",
@@ -708,7 +707,8 @@ int nfc_llcp_send_i_frame(struct nfc_llcp_sock *sock,
708707

709708
skb_put(pdu, LLCP_SEQUENCE_SIZE);
710709

711-
memcpy(skb_put(pdu, frag_len), msg_ptr, frag_len);
710+
if (likely(frag_len > 0))
711+
memcpy(skb_put(pdu, frag_len), msg_ptr, frag_len);
712712

713713
skb_queue_tail(&sock->tx_queue, pdu);
714714

@@ -720,7 +720,7 @@ int nfc_llcp_send_i_frame(struct nfc_llcp_sock *sock,
720720

721721
remaining_len -= frag_len;
722722
msg_ptr += frag_len;
723-
}
723+
} while (remaining_len > 0);
724724

725725
kfree(msg_data);
726726

@@ -754,8 +754,7 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap,
754754
remaining_len = len;
755755
msg_ptr = msg_data;
756756

757-
while (remaining_len > 0) {
758-
757+
do {
759758
frag_len = min_t(size_t, sock->remote_miu, remaining_len);
760759

761760
pr_debug("Fragment %zd bytes remaining %zd",
@@ -770,14 +769,15 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap,
770769

771770
pdu = llcp_add_header(pdu, dsap, ssap, LLCP_PDU_UI);
772771

773-
memcpy(skb_put(pdu, frag_len), msg_ptr, frag_len);
772+
if (likely(frag_len > 0))
773+
memcpy(skb_put(pdu, frag_len), msg_ptr, frag_len);
774774

775775
/* No need to check for the peer RW for UI frames */
776776
skb_queue_tail(&local->tx_queue, pdu);
777777

778778
remaining_len -= frag_len;
779779
msg_ptr += frag_len;
780-
}
780+
} while (remaining_len > 0);
781781

782782
kfree(msg_data);
783783

0 commit comments

Comments
 (0)