diff --git a/examples/nfc-dep-target.c b/examples/nfc-dep-target.c index 82ce9f1..9d7e73e 100644 --- a/examples/nfc-dep-target.c +++ b/examples/nfc-dep-target.c @@ -126,7 +126,7 @@ main (int argc, const char *argv[]) } printf("Initiator request received. Waiting for data...\n"); - if ((res = nfc_target_receive_bytes (pnd, abtRx, 0)) < 0) { + if ((res = nfc_target_receive_bytes (pnd, abtRx, sizeof (abtRx), 0)) < 0) { nfc_perror(pnd, "nfc_target_receive_bytes"); goto error; } diff --git a/examples/nfc-emulate-tag.c b/examples/nfc-emulate-tag.c index c83eecf..8345370 100644 --- a/examples/nfc-emulate-tag.c +++ b/examples/nfc-emulate-tag.c @@ -159,7 +159,7 @@ nfc_target_emulate_tag(nfc_device *pnd, nfc_target *pnt) nfc_device_set_property_bool (pnd, NP_HANDLE_CRC, false); init_mfc_auth = false; } - if ((res = nfc_target_receive_bytes(pnd, abtRx, 0)) < 0) { + if ((res = nfc_target_receive_bytes(pnd, abtRx, sizeof (abtRx), 0)) < 0) { nfc_perror (pnd, "nfc_target_receive_bytes"); return false; } diff --git a/examples/nfc-emulate-uid.c b/examples/nfc-emulate-uid.c index b8f0a39..159ad4e 100644 --- a/examples/nfc-emulate-uid.c +++ b/examples/nfc-emulate-uid.c @@ -172,7 +172,7 @@ main (int argc, char *argv[]) while (true) { // Test if we received a frame - if ((szRecvBits = nfc_target_receive_bits (pnd, abtRecv, NULL)) > 0) { + if ((szRecvBits = nfc_target_receive_bits (pnd, abtRecv, sizeof (abtRecv), 0)) > 0) { // Prepare the command to send back for the anti-collision request switch (szRecvBits) { case 7: // Request or Wakeup diff --git a/examples/nfc-relay.c b/examples/nfc-relay.c index c984765..6459259 100644 --- a/examples/nfc-relay.c +++ b/examples/nfc-relay.c @@ -179,7 +179,7 @@ main (int argc, char *argv[]) while (!quitting) { // Test if we received a frame from the reader - if ((szReaderRxBits = nfc_target_receive_bits (pndTag, abtReaderRx, abtReaderRxPar)) > 0) { + if ((szReaderRxBits = nfc_target_receive_bits (pndTag, abtReaderRx, sizeof (abtReaderRx), abtReaderRxPar)) > 0) { // Drop down the field before sending a REQA command and start a new session if (szReaderRxBits == 7 && abtReaderRx[0] == 0x26) { // Drop down field for a very short time (original tag will reboot) diff --git a/include/nfc/nfc.h b/include/nfc/nfc.h index 6d4f475..8dd9ad7 100644 --- a/include/nfc/nfc.h +++ b/include/nfc/nfc.h @@ -85,9 +85,9 @@ extern "C" { /* NFC target: act as tag (i.e. MIFARE Classic) or NFC target device. */ NFC_EXPORT int nfc_target_init (nfc_device *pnd, nfc_target *pnt, uint8_t *pbtRx, size_t *pszRx, int timeout); NFC_EXPORT int nfc_target_send_bytes (nfc_device *pnd, const uint8_t *pbtTx, const size_t szTx, int timeout); - NFC_EXPORT int nfc_target_receive_bytes (nfc_device *pnd, uint8_t *pbtRx, int timeout); + NFC_EXPORT int nfc_target_receive_bytes (nfc_device *pnd, uint8_t *pbtRx, const size_t szRx, int timeout); NFC_EXPORT int nfc_target_send_bits (nfc_device *pnd, const uint8_t *pbtTx, const size_t szTxBits, const uint8_t *pbtTxPar); - NFC_EXPORT int nfc_target_receive_bits (nfc_device *pnd, uint8_t *pbtRx, uint8_t *pbtRxPar); + NFC_EXPORT int nfc_target_receive_bits (nfc_device *pnd, uint8_t *pbtRx, const size_t szRx, uint8_t *pbtRxPar); /* Error reporting */ NFC_EXPORT const char *nfc_strerror (const nfc_device *pnd); diff --git a/libnfc/chips/pn53x.c b/libnfc/chips/pn53x.c index c6be8b8..4475110 100644 --- a/libnfc/chips/pn53x.c +++ b/libnfc/chips/pn53x.c @@ -1811,7 +1811,7 @@ pn53x_target_init (struct nfc_device *pnd, nfc_target *pnt, uint8_t *pbtRx, size } int -pn53x_target_receive_bits (struct nfc_device *pnd, uint8_t *pbtRx, uint8_t *pbtRxPar) +pn53x_target_receive_bits (struct nfc_device *pnd, uint8_t *pbtRx, const size_t szRxLen, uint8_t *pbtRxPar) { size_t szRxBits = 0; uint8_t abtCmd[] = { TgGetInitiatorCommand }; @@ -1851,7 +1851,7 @@ pn53x_target_receive_bits (struct nfc_device *pnd, uint8_t *pbtRx, uint8_t *pbtR } int -pn53x_target_receive_bytes (struct nfc_device *pnd, uint8_t *pbtRx, int timeout) +pn53x_target_receive_bytes (struct nfc_device *pnd, uint8_t *pbtRx, const size_t szRxLen, int timeout) { uint8_t abtCmd[1]; @@ -1884,14 +1884,17 @@ pn53x_target_receive_bytes (struct nfc_device *pnd, uint8_t *pbtRx, int timeout) } // Try to gather a received frame from the reader - uint8_t abtRx[PN53x_EXTENDED_FRAME__DATA_MAX_LEN]; - size_t szRx = sizeof (abtRx); + uint8_t abtRx[PN53x_EXTENDED_FRAME__DATA_MAX_LEN]; + size_t szRx = sizeof (abtRx); if (pn53x_transceive (pnd, abtCmd, sizeof (abtCmd), abtRx, &szRx, timeout) < 0) return pnd->last_error; // Save the received bytes count szRx -= 1; + if (szRx > szRxLen) + return NFC_EOVFLOW; + // Copy the received bytes memcpy (pbtRx, abtRx + 1, szRx); diff --git a/libnfc/chips/pn53x.h b/libnfc/chips/pn53x.h index 66ccdc0..787ec38 100644 --- a/libnfc/chips/pn53x.h +++ b/libnfc/chips/pn53x.h @@ -309,8 +309,8 @@ int pn53x_initiator_deselect_target (struct nfc_device *pnd); // NFC device as Target functions int pn53x_target_init (struct nfc_device *pnd, nfc_target *pnt, uint8_t *pbtRx, size_t *pszRx, int timeout); -int pn53x_target_receive_bits (struct nfc_device *pnd, uint8_t *pbtRx, uint8_t *pbtRxPar); -int pn53x_target_receive_bytes (struct nfc_device *pnd, uint8_t *pbtRx, int timeout); +int pn53x_target_receive_bits (struct nfc_device *pnd, uint8_t *pbtRx, const size_t szRxLen, uint8_t *pbtRxPar); +int pn53x_target_receive_bytes (struct nfc_device *pnd, uint8_t *pbtRx, const size_t szRxLen, int timeout); int pn53x_target_send_bits (struct nfc_device *pnd, const uint8_t *pbtTx, const size_t szTxBits, const uint8_t *pbtTxPar); int pn53x_target_send_bytes (struct nfc_device *pnd, const uint8_t *pbtTx, const size_t szTx, int timeout); diff --git a/libnfc/nfc-emulation.c b/libnfc/nfc-emulation.c index a5eabd7..b83d01e 100644 --- a/libnfc/nfc-emulation.c +++ b/libnfc/nfc-emulation.c @@ -47,7 +47,7 @@ nfc_emulate_target (nfc_device *pnd, struct nfc_emulator *emulator) } } if (res >= 0) { - if ((res = nfc_target_receive_bytes(pnd, abtRx, 0)) < 0) { + if ((res = nfc_target_receive_bytes(pnd, abtRx, szRx, 0)) < 0) { return -1; } } diff --git a/libnfc/nfc-internal.h b/libnfc/nfc-internal.h index 1de9216..f5fbddd 100644 --- a/libnfc/nfc-internal.h +++ b/libnfc/nfc-internal.h @@ -144,9 +144,9 @@ struct nfc_driver_t { int (*target_init) (struct nfc_device *pnd, nfc_target * pnt, uint8_t * pbtRx, size_t * pszRx, int timeout); int (*target_send_bytes) (struct nfc_device *pnd, const uint8_t * pbtTx, const size_t szTx, int timeout); - int (*target_receive_bytes) (struct nfc_device *pnd, uint8_t * pbtRx, int timeout); + int (*target_receive_bytes) (struct nfc_device *pnd, uint8_t * pbtRx, const size_t szRxLen, int timeout); int (*target_send_bits) (struct nfc_device *pnd, const uint8_t * pbtTx, const size_t szTxBits, const uint8_t * pbtTxPar); - int (*target_receive_bits) (struct nfc_device *pnd, uint8_t * pbtRx, uint8_t * pbtRxPar); + int (*target_receive_bits) (struct nfc_device *pnd, uint8_t * pbtRx, const size_t szRxLen, uint8_t * pbtRxPar); int (*device_set_property_bool) (struct nfc_device *pnd, const nfc_property property, const bool bEnable); int (*device_set_property_int) (struct nfc_device *pnd, const nfc_property property, const int value); diff --git a/libnfc/nfc.c b/libnfc/nfc.c index b810803..7ed26d1 100644 --- a/libnfc/nfc.c +++ b/libnfc/nfc.c @@ -718,18 +718,19 @@ nfc_target_send_bytes (nfc_device *pnd, const uint8_t *pbtTx, const size_t szTx, * @return Returns received bytes count on success, otherwise returns libnfc's error code * * @param pnd \a nfc_device struct pointer that represent currently used device - * @param[out] pbtRx pointer to Rx buffer + * @param pbtRx pointer to Rx buffer + * @param szRx size of Rx buffer * @param timeout in milliseconds * * This function retrieves bytes frames (e.g. ADPU) sent by the \e initiator to the NFC device (configured as \e target). * - * If timeout is not a null pointer, it specifies the maximum interval to wait for the function to be executed. - * If timeout is a null pointer, the function blocks indefinitely (until an error is raised or function is completed). + * If timeout equals to 0, the function blocks indefinitely (until an error is raised or function is completed) + * If timeout equals to -1, the default timeout will be used */ int -nfc_target_receive_bytes (nfc_device *pnd, uint8_t *pbtRx, int timeout) +nfc_target_receive_bytes (nfc_device *pnd, uint8_t *pbtRx, const size_t szRx, int timeout) { - HAL (target_receive_bytes, pnd, pbtRx, timeout); + HAL (target_receive_bytes, pnd, pbtRx, szRx, timeout); } /** @@ -749,6 +750,9 @@ nfc_target_send_bits (nfc_device *pnd, const uint8_t *pbtTx, const size_t szTxBi * @brief Receive bit-frames * @return Returns received bits count on success, otherwise returns libnfc's error code * + * @param pbtRx + * @param szRx + * * This function makes it possible to receive (raw) bit-frames. It returns all * the messages that are stored in the FIFO buffer of the \e PN53x chip. It * does not require to send any frame and thereby could be used to snoop frames @@ -757,9 +761,9 @@ nfc_target_send_bits (nfc_device *pnd, const uint8_t *pbtTx, const size_t szTxBi * frames. */ int -nfc_target_receive_bits (nfc_device *pnd, uint8_t *pbtRx, uint8_t *pbtRxPar) +nfc_target_receive_bits (nfc_device *pnd, uint8_t *pbtRx, const size_t szRx, uint8_t *pbtRxPar) { - HAL (target_receive_bits, pnd, pbtRx, pbtRxPar); + HAL (target_receive_bits, pnd, pbtRx, szRx, pbtRxPar); } /** diff --git a/utils/nfc-relay-picc.c b/utils/nfc-relay-picc.c index 002cf61..4f0205a 100644 --- a/utils/nfc-relay-picc.c +++ b/utils/nfc-relay-picc.c @@ -354,6 +354,7 @@ main (int argc, char *argv[]) printf ("Connected to the NFC emulator device: %s\n", nfc_device_get_name (pndTarget)); + szCapduLen = sizeof (abtCapdu); if (nfc_target_init (pndTarget, &ntEmulatedTarget, abtCapdu, &szCapduLen, 0) < 0) { ERR ("%s", "Initialization of NFC emulator failed"); if (!target_only_mode) { @@ -371,7 +372,7 @@ main (int argc, char *argv[]) int res = 0; if (!initiator_only_mode) { // Receive external reader command through target - if ((res = nfc_target_receive_bytes(pndTarget, abtCapdu, 0)) < 0) { + if ((res = nfc_target_receive_bytes(pndTarget, abtCapdu, sizeof (abtCapdu), 0)) < 0) { nfc_perror (pndTarget, "nfc_target_receive_bytes"); if (!target_only_mode) { nfc_disconnect (pndInitiator);