diff options
author | Harald Welte <laforge@osmocom.org> | 2020-03-01 15:56:07 +0100 |
---|---|---|
committer | laforge <laforge@osmocom.org> | 2020-03-01 19:19:53 +0000 |
commit | e6806e58c250788935ce68c11124811ed8804033 (patch) | |
tree | 6f52c357925ef430c713020a4e71f76eaf017f76 | |
parent | 37220cce25b7113e128d9e2b0db70f9643a9876a (diff) |
cardem: Fix infinite loop + watchdog reset on long OUT message
In dispatch_received_usb_msg(), we ran into an infinite loop if a
too long messages was received on the OUT EP. Let's break the loop.
Change-Id: I5325ed15d3dd79a42f8dac34d618e86b9334c301
Closes: OS#4429
-rw-r--r-- | firmware/libcommon/source/mode_cardemu.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/firmware/libcommon/source/mode_cardemu.c b/firmware/libcommon/source/mode_cardemu.c index c5c173f..5b17f86 100644 --- a/firmware/libcommon/source/mode_cardemu.c +++ b/firmware/libcommon/source/mode_cardemu.c @@ -682,6 +682,7 @@ static void dispatch_received_msg(struct msgb *msg, struct cardem_inst *ci) TRACE_ERROR("%u: Unexpected large message (%u bytes)\n", ci->num, mh->msg_len); usb_buf_free(segm); + break; } else { uint8_t *cur = msgb_put(segm, mh->msg_len); segm->l1h = segm->head; |