Commit Graph

10 Commits

Author SHA1 Message Date
nicolaser15
663effa00e
Update Parsing.cpp (#4217)
* Update Parsing.cpp

When uploading TLS cert files the end of file "-----END CERTIFICATE-----" (or any kind of file with the sequence "CRLF--") is taken as posible end boundary. Then it is compared to the start boundary string. As it is expected, comparison turns to be false, and the whole end boundary string is put to _currentUpload->buf through _uploadWriteByte(). Here you have the problem: if you read boundary.length() bytes from HTTP request and you have some of the actual end boundary bytes in it, when you put all those bytes into _currentUpload->buf you are making a mistake. You will miss the actual end boundary string because some of those bytes were put in _currentUpload->buf.

* Update Parsing.cpp
2020-10-01 14:37:59 +03:00
Emil Sandstø
494061af26
WebServer: Fix OOB write (#4088)
Successful exploitation could lead to arbitrary code execution.

The bug can be reproduced by running the following in a browser:
```
const formData = new FormData();
for (let i = 0;i < 33;++i) { formData.append("foo", i.toString()); }
await fetch("http://esp.local", { method: 'POST', body: formData });
```
2020-09-30 15:28:28 +03:00
Roman Savrulin
e1548e9b7e Fix hang on client disconnect during upload (#2914) 2019-07-09 19:34:24 +03:00
Victor Aprea
25c0b52212 Alternative Improve _uploadReadByte (#2656)
* add opportunity for more than one retry to _uploadReadByte

* an alternative timeout-based method to making _uploadReadByte more resilient

* move timing variables in the correct scope

* implement and use client.getTimeout instead of hard-coded timeout in _uploadReadByte

* add missing return

* some refactoring to address respecting the timeout in a potentially deadlocked connection

* fix spelling in comment

* address review comments; move impl to cpp file for getTimeout, and remove local variable for currentMillis

* remove redundant cast

* need to check for timeout outside the inner while as well

* update WebUpdate example to print something in unexpected callback condition

* update log_e messages per review comments
2019-04-12 12:45:35 +02:00
Neal MIller
29d59876b4 Webserver library - fix logging (#2355) (#2359)
* Webserver fix logging (#1)

* Change logging to use esp32-hal-log.h

fixes #2355

* adjust log parameter output positions, reduce lines

The DEBUG_ESP method used less lines than I originally set `log_v` to use when displaying the details of the received params ("@" and "=" indexes, and File info on a single line)
2019-01-22 17:30:10 +08:00
me-no-dev
7d2560cbbf roll back the while loop in _parseForm 2018-07-25 20:59:56 +02:00
MaValki
2f5b3c0c56 Functions _uploadReadByte and _parseForm were modified in order to (#1677)
speed up uploading data. Now there is no need to call time consuming
client.connected() method.
2018-07-25 17:37:15 +02:00
Luc
e157ec06a7 expose post args during upload (#1650) 2018-07-17 10:58:03 +02:00
me-no-dev
b0c6991bcf Small adjustments to the web server 2018-07-05 22:31:19 +02:00
Me No Dev
a59eafbc9d
Update IDF to aaf1239 (#1539)
* fix sdmmc config

* Fix warnings in EEPROM

from @Curclamas

* remove leftover TAG in EEPROM

* Initial add of @stickbreaker i2c

* Add log_n

* fix warnings when log is off

* i2c code clean up and reorganization

* add flags to interrupt allocator

* fix sdmmc config

* Fix warnings in EEPROM

from @Curclamas

* remove leftover TAG in EEPROM

* fix errors with latest IDF

* fix debug optimization (#1365)

incorrect optimization for debugging tick markers.

* Fix some missing BT header

* Change BTSerial log calls

* Update BLE lib

* Arduino-ESP32 release management scripted (#1515)

* Calculate an absolute path for a custom partitions table (#1452)

* * Arduino-ESP32 release management scripted
(ready-to-merge)

* * secure env for espressif/arduino-esp32

* * build tests enabled
* gitter webhook enabled

* * gitter room link fixed
* better comment

* * filepaths fixed

* BT Serial adjustments

* * don't run sketch builds & tests for tagged builds

* Return false from WiFi.hostByName() if hostname is not resolved

* Free BT Memory when BT is not used

* WIFI_MODE_NULL is not supported anymore

* Select some key examples to build with PlatformIO to save some time

* Update BLE lib

* Fixed BLE lib

* Major WiFi overhaul

- auto reconnect on connection loss now works
- moved to event groups
- some code clean up and procedure optimizations
- new methods to get a more elaborate system ststus

* Add cmake tests to travis

* Add initial AsyncUDP

* Add NetBIOS lib and fix CMake includes

* Add Initial WebServer

* Fix WebServer and examples

* travis not quiting on build fail

* Try different travis build

* Update IDF to aaf1239

* Fix WPS Example

* fix script permission and add some fail tests to sketch builder

* Add missing space in WiFiClient::write(Stream &stream)
2018-06-27 09:01:06 +02:00