Successful exploitation could lead to arbitrary code execution.
The bug can be reproduced by running the following in a browser:
```
const formData = new FormData();
for (let i = 0;i < 33;++i) { formData.append("foo", i.toString()); }
await fetch("http://esp.local", { method: 'POST', body: formData });
```
I compiled the sample "WebServer -> HttpAdvancedAuth". But the right username and password can not login in. I found the file "Webserver.h" may be have some problem. So I fix it. Please check it.
* add opportunity for more than one retry to _uploadReadByte
* an alternative timeout-based method to making _uploadReadByte more resilient
* move timing variables in the correct scope
* implement and use client.getTimeout instead of hard-coded timeout in _uploadReadByte
* add missing return
* some refactoring to address respecting the timeout in a potentially deadlocked connection
* fix spelling in comment
* address review comments; move impl to cpp file for getTimeout, and remove local variable for currentMillis
* remove redundant cast
* need to check for timeout outside the inner while as well
* update WebUpdate example to print something in unexpected callback condition
* update log_e messages per review comments
* Webserver fix logging (#1)
* Change logging to use esp32-hal-log.h
fixes#2355
* adjust log parameter output positions, reduce lines
The DEBUG_ESP method used less lines than I originally set `log_v` to use when displaying the details of the received params ("@" and "=" indexes, and File info on a single line)
* First commit of FFat library
* Fixed reboot loops if no fat present. Added CMakeLists
* Functionalize the partition checks
* Cleanup, especially in format
* Dont format if mounted. More wording cleanup
* 16M ffat should only be on 16M board
* Fix some casting issues that trip up the compiler when building as ESP-IDF component
* fix sdmmc config
* Fix warnings in EEPROM
from @Curclamas
* remove leftover TAG in EEPROM
* Initial add of @stickbreaker i2c
* Add log_n
* fix warnings when log is off
* i2c code clean up and reorganization
* add flags to interrupt allocator
* fix sdmmc config
* Fix warnings in EEPROM
from @Curclamas
* remove leftover TAG in EEPROM
* fix errors with latest IDF
* fix debug optimization (#1365)
incorrect optimization for debugging tick markers.
* Fix some missing BT header
* Change BTSerial log calls
* Update BLE lib
* Arduino-ESP32 release management scripted (#1515)
* Calculate an absolute path for a custom partitions table (#1452)
* * Arduino-ESP32 release management scripted
(ready-to-merge)
* * secure env for espressif/arduino-esp32
* * build tests enabled
* gitter webhook enabled
* * gitter room link fixed
* better comment
* * filepaths fixed
* BT Serial adjustments
* * don't run sketch builds & tests for tagged builds
* Return false from WiFi.hostByName() if hostname is not resolved
* Free BT Memory when BT is not used
* WIFI_MODE_NULL is not supported anymore
* Select some key examples to build with PlatformIO to save some time
* Update BLE lib
* Fixed BLE lib
* Major WiFi overhaul
- auto reconnect on connection loss now works
- moved to event groups
- some code clean up and procedure optimizations
- new methods to get a more elaborate system ststus
* Add cmake tests to travis
* Add initial AsyncUDP
* Add NetBIOS lib and fix CMake includes
* Add Initial WebServer
* Fix WebServer and examples
* travis not quiting on build fail
* Try different travis build
* Update IDF to aaf1239
* Fix WPS Example
* fix script permission and add some fail tests to sketch builder
* Add missing space in WiFiClient::write(Stream &stream)