Fix issue #5506 "WebServer serveStatic () can cause LoadProhibited exception in _svfprintf_r" (#5508)

"Using a Core Debug Level of Verbose and the WebServer serveStatic() function with the default value of nullptr for its cache_header argument, results in a LoadProhibited exception in _svfprintf_r().
This is because serveStatic() calls log_v() with cache_header corresponding to a "%s" in its format but without checking that cache_header is not nullptr, and then logv() (indirectly) calls _svfprintf_r().
On the other hand, with a Core Debug Level other than Verbose, this does not occur."

Changed serveStatic() to the check value of cache_header and if it is nullptr, instead pass an empty string to log_v().
This commit is contained in:
Tim 2021-08-11 21:31:07 +10:00 committed by GitHub
parent 0acbe781f5
commit c4fcab28e4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -69,7 +69,7 @@ public:
, _cache_header(cache_header) , _cache_header(cache_header)
{ {
_isFile = fs.exists(path); _isFile = fs.exists(path);
log_v("StaticRequestHandler: path=%s uri=%s isFile=%d, cache_header=%s\r\n", path, uri, _isFile, cache_header); log_v("StaticRequestHandler: path=%s uri=%s isFile=%d, cache_header=%s\r\n", path, uri, _isFile, cache_header ? cache_header : ""); // issue 5506 - cache_header can be nullptr
_baseUriLength = _uri.length(); _baseUriLength = _uri.length();
} }