From: Christophe Ricard <christophe.ricard@gmail.com>
Date: Tue, 31 Mar 2015 06:02:16 +0000 (+0200)
Subject: NFC: st21nfca: fix st21nfca_get_iso14443_3_uid data copy
X-Git-Tag: firefly_0821_release~176^2~1974^2~44^2~11
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=9906a88df224bc2b8be50fdb14df5eda0936fe34;p=firefly-linux-kernel-4.4.55.git

NFC: st21nfca: fix st21nfca_get_iso14443_3_uid data copy

st21nfca_get_iso14443_3_uid() does not correctly copy the uid from
uid_skb->data to its gate parameter. "gate = uid_skb->data;" only
puts a pointer to uid_skb->data to the local variable gate.
This means that in st21nfca_hci_target_from_gate() the content
of "u8 uid[NFC_NFCID1_MAXSIZE]" local variable is never initialized
before being used in memcpy(target->nfcid1, uid, len).

Fix this by replacing the local variable assignment with a memcpy.

This was found by compiling Linux with
"gcc -Wunused-but-set-parameter".

Acked-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Nicolas Iooss <nicolas.iooss_linux@m4x.org>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
---

diff --git a/drivers/nfc/st21nfca/st21nfca.c b/drivers/nfc/st21nfca/st21nfca.c
index 24d3d240d5f4..ff70d2838b29 100644
--- a/drivers/nfc/st21nfca/st21nfca.c
+++ b/drivers/nfc/st21nfca/st21nfca.c
@@ -588,7 +588,7 @@ static int st21nfca_get_iso14443_3_uid(struct nfc_hci_dev *hdev, u8 *gate,
 		goto exit;
 	}
 
-	gate = uid_skb->data;
+	memcpy(gate, uid_skb->data, uid_skb->len);
 	*len = uid_skb->len;
 exit:
 	kfree_skb(uid_skb);