From 33a99288f3ed43276957ebad442af5911e351abb Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Thu, 14 Oct 2010 20:17:58 +0000 Subject: [PATCH] pn53x target_init: fix bug to use Tk; nfc-relay-picc: fix potential segfault --- examples/nfc-relay-picc.c | 5 +++++ libnfc/chips/pn53x.c | 43 +++++++++++++++++++++------------------ libnfc/chips/pn53x.h | 2 +- 3 files changed, 29 insertions(+), 21 deletions(-) diff --git a/examples/nfc-relay-picc.c b/examples/nfc-relay-picc.c index 33e6b05..5ca4ab5 100644 --- a/examples/nfc-relay-picc.c +++ b/examples/nfc-relay-picc.c @@ -232,6 +232,11 @@ main (int argc, char *argv[]) pndInitiator = nfc_connect (&(pnddDevices[1])); } + if (!pndInitiator) { + printf ("Error connecting NFC reader\n"); + exit(EXIT_FAILURE); + } + printf ("Connected to the NFC reader device: %s\n", pndInitiator->acName); // Try to find a ISO 14443-4A tag diff --git a/libnfc/chips/pn53x.c b/libnfc/chips/pn53x.c index fedd299..36b02f2 100644 --- a/libnfc/chips/pn53x.c +++ b/libnfc/chips/pn53x.c @@ -69,8 +69,8 @@ const byte_t pncmd_initiator_auto_poll[5] = { 0xD4, 0x60 }; // Target const byte_t pncmd_target_get_data[2] = { 0xD4, 0x86 }; const byte_t pncmd_target_set_data[264] = { 0xD4, 0x8E }; -const byte_t pncmd_target_init[39] = { 0xD4, 0x8C }; -//Example of default values: +const byte_t pncmd_target_init[2] = { 0xD4, 0x8C }; +//Example of default values for PN532 or PN533: //const byte_t pncmd_target_init[39] = { 0xD4, 0x8C, 0x00, 0x08, 0x00, 0x12, 0x34, 0x56, 0x40, 0x01, 0xFE, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xFF, 0xFF, 0xAA, 0x99, 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00, 0x00 }; const byte_t pncmd_target_virtual_card[4] = { 0xD4, 0x14 }; const byte_t pncmd_target_receive[2] = { 0xD4, 0x88 }; @@ -1158,8 +1158,8 @@ pn53x_target_init (nfc_device_t * pnd, const nfc_target_mode_t ntm, nfc_target_t byte_t abtMifareParams[6]; byte_t * pbtMifareParams = NULL; - byte_t * pbtHBt = NULL; - size_t szHBt = 0; + byte_t * pbtTkt = NULL; + size_t szTkt = 0; byte_t abtFeliCaParams[18]; byte_t * pbtFeliCaParams = NULL; @@ -1184,7 +1184,7 @@ pn53x_target_init (nfc_device_t * pnd, const nfc_target_mode_t ntm, nfc_target_t pbtMifareParams = abtMifareParams; // Historical Bytes - pbtHBt = iso14443a_locate_historical_bytes (pnt->nti.nai.abtAts, pnt->nti.nai.szAtsLen, &szHBt); + pbtTkt = iso14443a_locate_historical_bytes (pnt->nti.nai.abtAts, pnt->nti.nai.szAtsLen, &szTkt); } break; @@ -1214,7 +1214,7 @@ pn53x_target_init (nfc_device_t * pnd, const nfc_target_mode_t ntm, nfc_target_t byte_t btActivatedMode; target_activation: - if(!pn53x_TgInitAsTarget(pnd, ntm, pbtMifareParams, pbtHBt, szHBt, pbtFeliCaParams, pbtNFCID3t, pbtGBt, szGBt, pbtRx, pszRx, &btActivatedMode)) { + if(!pn53x_TgInitAsTarget(pnd, ntm, pbtMifareParams, pbtTkt, szTkt, pbtFeliCaParams, pbtNFCID3t, pbtGBt, szGBt, pbtRx, pszRx, &btActivatedMode)) { return false; } @@ -1264,20 +1264,20 @@ target_activation: bool pn53x_TgInitAsTarget (nfc_device_t * pnd, nfc_target_mode_t ntm, const byte_t * pbtMifareParams, - const byte_t * pbtHBt, size_t szHBt, + const byte_t * pbtTkt, size_t szTkt, const byte_t * pbtFeliCaParams, const byte_t * pbtNFCID3t, const byte_t * pbtGBt, const size_t szGBt, byte_t * pbtRx, size_t * pszRx, byte_t * pbtModeByte) { byte_t abtRx[MAX_FRAME_LEN]; size_t szRx; - byte_t abtCmd[sizeof (pncmd_target_init) + 48 + 49]; // 47 bytes max. for General Bytes and 1 for GB lenght, 48 bytes max. for Historical Bytes and 1 for HB lenght + byte_t abtCmd[39 + 47 + 48]; // Worst case: 39-byte base, 47 bytes max. for General Bytes, 48 bytes max. for Historical Bytes size_t szOptionalBytes = 0; memcpy (abtCmd, pncmd_target_init, sizeof (pncmd_target_init)); // Clear the target init struct, reset to all zeros - memset (abtCmd + 2, 0x00, sizeof (pncmd_target_init)-2); + memset (abtCmd + sizeof (pncmd_target_init), 0x00, sizeof (abtCmd) - sizeof (pncmd_target_init)); // Store the target mode in the initialization params abtCmd[2] = ntm; @@ -1295,28 +1295,31 @@ pn53x_TgInitAsTarget (nfc_device_t * pnd, nfc_target_mode_t ntm, memcpy(abtCmd+27, pbtNFCID3t, 10); } // General Bytes (ISO/IEC 18092) - if (szGBt) { - if (pnd->nc == NC_PN531) { + if (pnd->nc == NC_PN531) { + if (szGBt) { memcpy (abtCmd+37, pbtGBt, szGBt); szOptionalBytes = szGBt; - } else { - abtCmd[37] = (byte_t)(szGBt); - memcpy (abtCmd+38, pbtGBt, szGBt); - szOptionalBytes = szGBt + 1; } + } else { + abtCmd[37] = (byte_t)(szGBt); + if (szGBt) { + memcpy (abtCmd+38, pbtGBt, szGBt); + } + szOptionalBytes = szGBt + 1; } // Historical bytes (ISO/IEC 14443-4) if (pnd->nc != NC_PN531) { // PN531 does not handle Historical Bytes - if (szHBt) { - abtCmd[37+szOptionalBytes] = (byte_t)(szHBt); - memcpy (abtCmd+38+szOptionalBytes, pbtHBt, szHBt); - szOptionalBytes += szHBt + 1; + abtCmd[37+szOptionalBytes] = (byte_t)(szTkt); + if (szTkt) { + memcpy (abtCmd+38+szOptionalBytes, pbtTkt, szTkt); } + szOptionalBytes += szTkt + 1; } // Request the initialization as a target szRx = MAX_FRAME_LEN; - if (!pn53x_transceive (pnd, abtCmd, sizeof (pncmd_target_init) + szOptionalBytes, abtRx, &szRx)) + + if (!pn53x_transceive (pnd, abtCmd, 37 + szOptionalBytes, abtRx, &szRx)) return false; // Note: the first byte is skip: diff --git a/libnfc/chips/pn53x.h b/libnfc/chips/pn53x.h index 8e7fec6..786a3a3 100644 --- a/libnfc/chips/pn53x.h +++ b/libnfc/chips/pn53x.h @@ -223,7 +223,7 @@ bool pn53x_InJumpForDEP (nfc_device_t * pnd, nfc_target_t * pnt); bool pn53x_TgInitAsTarget (nfc_device_t * pnd, nfc_target_mode_t ntm, const byte_t * pbtMifareParams, - const byte_t * pbtHBt, size_t szHBt, + const byte_t * pbtTkt, size_t szTkt, const byte_t * pbtFeliCaParams, const byte_t * pbtNFCID3t, const byte_t * pbtGB, const size_t szGB, byte_t * pbtRx, size_t * pszRx, byte_t * pbtModeByte);