Commit Graph

21 Commits

Author SHA1 Message Date
nicolaser15
663effa00e
Update Parsing.cpp (#4217)
* Update Parsing.cpp

When uploading TLS cert files the end of file "-----END CERTIFICATE-----" (or any kind of file with the sequence "CRLF--") is taken as posible end boundary. Then it is compared to the start boundary string. As it is expected, comparison turns to be false, and the whole end boundary string is put to _currentUpload->buf through _uploadWriteByte(). Here you have the problem: if you read boundary.length() bytes from HTTP request and you have some of the actual end boundary bytes in it, when you put all those bytes into _currentUpload->buf you are making a mistake. You will miss the actual end boundary string because some of those bytes were put in _currentUpload->buf.

* Update Parsing.cpp
2020-10-01 14:37:59 +03:00
Emil Sandstø
494061af26
WebServer: Fix OOB write (#4088)
Successful exploitation could lead to arbitrary code execution.

The bug can be reproduced by running the following in a browser:
```
const formData = new FormData();
for (let i = 0;i < 33;++i) { formData.append("foo", i.toString()); }
await fetch("http://esp.local", { method: 'POST', body: formData });
```
2020-09-30 15:28:28 +03:00
ToXIc
b551310c37
Minor change but could confuse some (#4084) 2020-09-30 15:26:38 +03:00
M. Betz
fa8a1c38d5
fix #4071 (#4072)
SPIFFS File object evaluates as true even if the file could not be opened.
2020-09-30 15:24:59 +03:00
Bob
cfe8526ec8 Add Uri with support for regexUri and globUri (#3441)
* Add Uri with support for staticUri, regexUri and globUri

* Add newline to end of files

* Update example

* Suppress gcc warnings (unused params)
2020-01-20 15:21:01 +02:00
lightzl
a35035f827 fix authrization problem (#3329)
I compiled the sample "WebServer -> HttpAdvancedAuth". But the right username and password can not login in. I found the file "Webserver.h" may be have some problem. So I fix it. Please check it.
2019-10-08 10:34:36 +03:00
Roman Savrulin
e1548e9b7e Fix hang on client disconnect during upload (#2914) 2019-07-09 19:34:24 +03:00
Victor Aprea
02e51728c4 Fix Timeout Bug in WebServer (#2938) 2019-07-09 19:27:24 +03:00
Nick Hynes
0202ba7c21 Fix reorder error in WebServer (#2700) 2019-04-23 17:57:33 +03:00
Victor Aprea
672e4faa92 Add optional support for CORS headers (#2688)
* add support for CORS headers

* remove accidental function impl

* rename setCORS to enableCORS, and add aliased function enableCrossOrigin
2019-04-22 21:52:39 +03:00
Victor Aprea
25c0b52212 Alternative Improve _uploadReadByte (#2656)
* add opportunity for more than one retry to _uploadReadByte

* an alternative timeout-based method to making _uploadReadByte more resilient

* move timing variables in the correct scope

* implement and use client.getTimeout instead of hard-coded timeout in _uploadReadByte

* add missing return

* some refactoring to address respecting the timeout in a potentially deadlocked connection

* fix spelling in comment

* address review comments; move impl to cpp file for getTimeout, and remove local variable for currentMillis

* remove redundant cast

* need to check for timeout outside the inner while as well

* update WebUpdate example to print something in unexpected callback condition

* update log_e messages per review comments
2019-04-12 12:45:35 +02:00
lbernstone
2e9cb5945d default FORMAT_FILESYSTEM to false in FSBrowser.ino (#2425) 2019-02-14 13:06:21 +01:00
Neal MIller
29d59876b4 Webserver library - fix logging (#2355) (#2359)
* Webserver fix logging (#1)

* Change logging to use esp32-hal-log.h

fixes #2355

* adjust log parameter output positions, reduce lines

The DEBUG_ESP method used less lines than I originally set `log_v` to use when displaying the details of the received params ("@" and "=" indexes, and File info on a single line)
2019-01-22 17:30:10 +08:00
Bob
3902aa4019 Adding path arguments to WebServer (#1994) 2018-11-19 17:00:52 +01:00
lbernstone
7206b2f397 FAT on SPI Flash Library (#1809)
* First commit of FFat library

* Fixed reboot loops if no fat present. Added CMakeLists

* Functionalize the partition checks

* Cleanup, especially in format

* Dont format if mounted.  More wording cleanup

* 16M ffat should only be on 16M board

* Fix some casting issues that trip up the compiler when building as ESP-IDF component
2018-09-17 23:06:04 +02:00
me-no-dev
7d2560cbbf roll back the while loop in _parseForm 2018-07-25 20:59:56 +02:00
MaValki
2f5b3c0c56 Functions _uploadReadByte and _parseForm were modified in order to (#1677)
speed up uploading data. Now there is no need to call time consuming
client.connected() method.
2018-07-25 17:37:15 +02:00
Luc
e157ec06a7 expose post args during upload (#1650) 2018-07-17 10:58:03 +02:00
me-no-dev
b0c6991bcf Small adjustments to the web server 2018-07-05 22:31:19 +02:00
lbernstone
c4c946a83d Broke HTTP_Method out into a separate library for reuse in ESPAsyncWebServer (#1562) 2018-07-02 18:24:08 +02:00
Me No Dev
a59eafbc9d
Update IDF to aaf1239 (#1539)
* fix sdmmc config

* Fix warnings in EEPROM

from @Curclamas

* remove leftover TAG in EEPROM

* Initial add of @stickbreaker i2c

* Add log_n

* fix warnings when log is off

* i2c code clean up and reorganization

* add flags to interrupt allocator

* fix sdmmc config

* Fix warnings in EEPROM

from @Curclamas

* remove leftover TAG in EEPROM

* fix errors with latest IDF

* fix debug optimization (#1365)

incorrect optimization for debugging tick markers.

* Fix some missing BT header

* Change BTSerial log calls

* Update BLE lib

* Arduino-ESP32 release management scripted (#1515)

* Calculate an absolute path for a custom partitions table (#1452)

* * Arduino-ESP32 release management scripted
(ready-to-merge)

* * secure env for espressif/arduino-esp32

* * build tests enabled
* gitter webhook enabled

* * gitter room link fixed
* better comment

* * filepaths fixed

* BT Serial adjustments

* * don't run sketch builds & tests for tagged builds

* Return false from WiFi.hostByName() if hostname is not resolved

* Free BT Memory when BT is not used

* WIFI_MODE_NULL is not supported anymore

* Select some key examples to build with PlatformIO to save some time

* Update BLE lib

* Fixed BLE lib

* Major WiFi overhaul

- auto reconnect on connection loss now works
- moved to event groups
- some code clean up and procedure optimizations
- new methods to get a more elaborate system ststus

* Add cmake tests to travis

* Add initial AsyncUDP

* Add NetBIOS lib and fix CMake includes

* Add Initial WebServer

* Fix WebServer and examples

* travis not quiting on build fail

* Try different travis build

* Update IDF to aaf1239

* Fix WPS Example

* fix script permission and add some fail tests to sketch builder

* Add missing space in WiFiClient::write(Stream &stream)
2018-06-27 09:01:06 +02:00