From 37ad7123188f8c45d583706a625525394c636327 Mon Sep 17 00:00:00 2001
From: Samuel Ortiz <sameo@linux.intel.com>
Date: Mon, 25 Nov 2013 00:28:54 +0100
Subject: [PATCH] nfctype1: Check for remaining space before memcpy'ing meta
 data

Code review done by Sebastian Krahmer <krahmer@suse.de>.
---
 plugins/nfctype1.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/plugins/nfctype1.c b/plugins/nfctype1.c
index 5e2d95a..c8bc664 100644
--- a/plugins/nfctype1.c
+++ b/plugins/nfctype1.c
@@ -321,6 +321,11 @@ static int meta_recv(uint8_t *resp, int length, void *data)
 		DBG("READ Static complete");
 
 		tagdata = near_tag_get_data(t1_tag->tag, &data_length);
+
+		/* Check that we have enough free space */
+		if (data_length < (size_t)TAG_T1_DATA_LENGTH(cc))
+			return -EINVAL;
+
 		memcpy(tagdata, cc + LEN_CC_BYTES, TAG_T1_DATA_LENGTH(cc));
 
 		near_tag_set_memory_layout(tag, NEAR_TAG_MEMORY_STATIC);
-- 
2.7.4