From 6148977adf09125e2c47bd0b8a1936f7112de7be Mon Sep 17 00:00:00 2001
From: XANTRONIX Development <dev@xantronix.com>
Date: Mon, 5 Oct 2020 00:19:11 -0400
Subject: [PATCH] Fix bug parsing KISS frames not for port 0

Fix bug parsing KISS frames not for port 0 in patty_kiss_tnc_drain();
furthermore, ensure frames are only handled when they are indeed for
port 0
---
 src/tnc.c | 25 ++++++++++++++++++-------
 1 file changed, 18 insertions(+), 7 deletions(-)

diff --git a/src/tnc.c b/src/tnc.c
index 4333508..470e0ee 100644
--- a/src/tnc.c
+++ b/src/tnc.c
@@ -41,6 +41,7 @@ struct _patty_kiss_tnc {
 
     enum state state;
     enum patty_kiss_command command;
+    int port;
 
     size_t bufsz,
            readlen,
@@ -151,6 +152,7 @@ patty_kiss_tnc *patty_kiss_tnc_new(patty_kiss_tnc_info *info) {
     tnc->opts     = TNC_NONE;
     tnc->state    = KISS_NONE;
     tnc->command  = PATTY_KISS_RETURN;
+    tnc->port     = 0;
     tnc->bufsz    = PATTY_KISS_TNC_BUFSZ;
     tnc->offset_i = 0;
     tnc->offset_o = 0;
@@ -207,6 +209,8 @@ int patty_kiss_tnc_ready(patty_kiss_tnc *tnc, fd_set *fds) {
 
 static void tnc_drop(patty_kiss_tnc *tnc) {
     tnc->state    = KISS_NONE;
+    tnc->command  = PATTY_KISS_RETURN;
+    tnc->port     = 0;
     tnc->offset_i = 0;
     tnc->offset_o = 0;
     tnc->readlen  = 0;
@@ -247,12 +251,15 @@ ssize_t patty_kiss_tnc_drain(patty_kiss_tnc *tnc, void *buf, size_t len) {
 
                 break;
 
-            case KISS_FRAME_COMMAND:
-                if (c == PATTY_KISS_FEND) {
+            case KISS_FRAME_COMMAND: {
+                uint8_t command = PATTY_KISS_COMMAND(c),
+                        port    = PATTY_KISS_COMMAND_PORT(c);
+
+                if (command == PATTY_KISS_FEND) {
                     break;
                 }
 
-                switch (c) {
+                switch (command) {
                     case PATTY_KISS_DATA:
                     case PATTY_KISS_TXDELAY:
                     case PATTY_KISS_PERSISTENCE:
@@ -270,16 +277,17 @@ ssize_t patty_kiss_tnc_drain(patty_kiss_tnc *tnc, void *buf, size_t len) {
                 }
 
                 tnc->state   = KISS_FRAME_BODY;
-                tnc->command = (enum patty_kiss_command)c;
+                tnc->command = command;
+                tnc->port    = port;
 
                 break;
+            }
 
             case KISS_FRAME_BODY:
                 if (c == PATTY_KISS_FESC) {
                     tnc->state = KISS_FRAME_ESCAPE;
                 } else if (c == PATTY_KISS_FEND) {
-                    tnc->state   = KISS_FRAME_COMMAND;
-                    tnc->command = PATTY_KISS_RETURN;
+                    tnc->state = KISS_FRAME_COMMAND;
 
                     goto done;
                 } else {
@@ -317,7 +325,10 @@ error_io:
 }
 
 int patty_kiss_tnc_pending(patty_kiss_tnc *tnc) {
-    return tnc->state == KISS_FRAME_COMMAND && tnc->offset_o > 0? 1: 0;
+    return tnc->state   == KISS_FRAME_COMMAND
+        && tnc->command == PATTY_KISS_DATA
+        && tnc->port    == 0
+        && tnc->offset_o > 0? 1: 0;
 }
 
 ssize_t patty_kiss_tnc_flush(patty_kiss_tnc *tnc) {