From a6e52db696dc0a2b3898b6d8a3d8d2d4710052c1 Mon Sep 17 00:00:00 2001
From: Romain Tartiere <romain.tartiere@gmail.com>
Date: Sat, 18 Dec 2010 01:05:35 +0000
Subject: [PATCH] Workaround invalid write in read_data () (sic)

This has to be improved to some extend in the near future (hence the FIXME).
---
 libfreefare/mifare_desfire.c | 7 ++++++-
 test/test_mifare_desfire.c   | 2 +-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/libfreefare/mifare_desfire.c b/libfreefare/mifare_desfire.c
index 97b0fff..75f1a05 100644
--- a/libfreefare/mifare_desfire.c
+++ b/libfreefare/mifare_desfire.c
@@ -1193,8 +1193,13 @@ read_data (MifareTag tag, uint8_t command, uint8_t file_no, off_t offset, size_t
 	cs = MDCM_PLAIN;
     }
     uint8_t *p = mifare_cryto_preprocess_data (tag, cmd, &__cmd_n, 8, cs | CMAC_COMMAND);
-    cs= ocs;
+    cs = ocs;
 
+    /*
+     * FIXME: This is bogus: the user has to provide a data buffer with enougth
+     * room to store CRC + padding or MAC.  If the user wants to read 1 byte,
+     * there is no reason to provide a 16 bytes buffer.
+     */
     do {
 	DESFIRE_TRANSCEIVE2 (tag, p, __cmd_n, res);
 
diff --git a/test/test_mifare_desfire.c b/test/test_mifare_desfire.c
index 35e8ef6..7d9630a 100644
--- a/test/test_mifare_desfire.c
+++ b/test/test_mifare_desfire.c
@@ -914,7 +914,7 @@ test_mifare_desfire_des_macing (void)
     res = mifare_desfire_write_data (tag, 1, 0, strlen (s), s);
     cut_assert_success ("mifare_desfire_write_data()");
 
-    char buffer[20];
+    char buffer[50];
     res = mifare_desfire_read_data (tag, 1, 0, 0, buffer);
     cut_assert_success ("mifare_desfire_read_data()");
     cut_assert_equal_int (20, res, cut_message ("retval"));