1 files changed, 22 insertions, 1 deletions
diff --git a/drivers/nfc/st21nfcb/st21nfcb_se.c b/drivers/nfc/st21nfcb/st21nfcb_se.c
index f7977a47c047..9f4d8b744f32 100644
--- a/drivers/nfc/st21nfcb/st21nfcb_se.c
+++ b/drivers/nfc/st21nfcb/st21nfcb_se.c
@@ -311,14 +311,35 @@ static int st21nfcb_hci_connectivity_event_received(struct nci_dev *ndev,
                                                struct sk_buff *skb)
 {
        int r = 0;
+        struct device *dev = &ndev->nfc_dev->dev;
+        struct nfc_evt_transaction *transaction;
        pr_debug("connectivity gate event: %x\n", event);
        switch (event) {
        case ST21NFCB_EVT_CONNECTIVITY:
        break;
        case ST21NFCB_EVT_TRANSACTION:
-        break;
+                if (skb->len < NFC_MIN_AID_LENGTH + 2 &&
+                    skb->data[0] != NFC_EVT_TRANSACTION_AID_TAG)
+                        return -EPROTO;
+                transaction = (struct nfc_evt_transaction *)devm_kzalloc(dev,
+                                            skb->len - 2, GFP_KERNEL);
+                transaction->aid_len = skb->data[1];
+                memcpy(transaction->aid, &skb->data[2], skb->data[1]);
+                if (skb->data[transaction->aid_len + 2] !=
+                    NFC_EVT_TRANSACTION_PARAMS_TAG)
+                        return -EPROTO;
+                transaction->params_len = skb->data[transaction->aid_len + 3];
+                memcpy(transaction->params, skb->data +
+                       transaction->aid_len + 4, transaction->params_len);
+                r = nfc_se_transaction(ndev->nfc_dev, host, transaction);
        default:
                return 1;
        }

diff --git a/drivers/nfc/st21nfcb/st21nfcb_se.c b/drivers/nfc/st21nfcb/st21nfcb_se.c index f7977a47c047..9f4d8b744f32 100644 --- a/drivers/nfc/st21nfcb/st21nfcb_se.c +++ b/drivers/nfc/st21nfcb/st21nfcb_se.c
@@ -311,14 +311,35 @@ static int st21nfcb_hci_connectivity_event_received(struct nci_dev *ndev,
311	struct sk_buff *skb)	311	struct sk_buff *skb)
312	{	312	{
313	int r = 0;	313	int r = 0;
		314	struct device *dev = &ndev->nfc_dev->dev;
		315	struct nfc_evt_transaction *transaction;
314		316
315	pr_debug("connectivity gate event: %x\n", event);	317	pr_debug("connectivity gate event: %x\n", event);
316		318
317	switch (event) {	319	switch (event) {
318	case ST21NFCB_EVT_CONNECTIVITY:	320	case ST21NFCB_EVT_CONNECTIVITY:
		321
319	break;	322	break;
320	case ST21NFCB_EVT_TRANSACTION:	323	case ST21NFCB_EVT_TRANSACTION:
321	break;	324	if (skb->len < NFC_MIN_AID_LENGTH + 2 &&
		325	skb->data[0] != NFC_EVT_TRANSACTION_AID_TAG)
		326	return -EPROTO;
		327
		328	transaction = (struct nfc_evt_transaction *)devm_kzalloc(dev,
		329	skb->len - 2, GFP_KERNEL);
		330
		331	transaction->aid_len = skb->data[1];
		332	memcpy(transaction->aid, &skb->data[2], skb->data[1]);
		333
		334	if (skb->data[transaction->aid_len + 2] !=
		335	NFC_EVT_TRANSACTION_PARAMS_TAG)
		336	return -EPROTO;
		337
		338	transaction->params_len = skb->data[transaction->aid_len + 3];
		339	memcpy(transaction->params, skb->data +
		340	transaction->aid_len + 4, transaction->params_len);
		341
		342	r = nfc_se_transaction(ndev->nfc_dev, host, transaction);
322	default:	343	default:
323	return 1;	344	return 1;
324	}	345	}