aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHarald Welte <laforge@osmocom.org>2020-03-01 15:56:07 +0100
committerlaforge <laforge@osmocom.org>2020-03-01 19:19:53 +0000
commite6806e58c250788935ce68c11124811ed8804033 (patch)
tree6f52c357925ef430c713020a4e71f76eaf017f76
parent37220cce25b7113e128d9e2b0db70f9643a9876a (diff)
cardem: Fix infinite loop + watchdog reset on long OUT message
In dispatch_received_usb_msg(), we ran into an infinite loop if a too long messages was received on the OUT EP. Let's break the loop. Change-Id: I5325ed15d3dd79a42f8dac34d618e86b9334c301 Closes: OS#4429
-rw-r--r--firmware/libcommon/source/mode_cardemu.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/firmware/libcommon/source/mode_cardemu.c b/firmware/libcommon/source/mode_cardemu.c
index c5c173f..5b17f86 100644
--- a/firmware/libcommon/source/mode_cardemu.c
+++ b/firmware/libcommon/source/mode_cardemu.c
@@ -682,6 +682,7 @@ static void dispatch_received_msg(struct msgb *msg, struct cardem_inst *ci)
TRACE_ERROR("%u: Unexpected large message (%u bytes)\n",
ci->num, mh->msg_len);
usb_buf_free(segm);
+ break;
} else {
uint8_t *cur = msgb_put(segm, mh->msg_len);
segm->l1h = segm->head;