"Using a Core Debug Level of Verbose and the WebServer serveStatic() function with the default value of nullptr for its cache_header argument, results in a LoadProhibited exception in _svfprintf_r().
This is because serveStatic() calls log_v() with cache_header corresponding to a "%s" in its format but without checking that cache_header is not nullptr, and then logv() (indirectly) calls _svfprintf_r().
On the other hand, with a Core Debug Level other than Verbose, this does not occur."
Changed serveStatic() to the check value of cache_header and if it is nullptr, instead pass an empty string to log_v().
Fixes: #4884
* Use HTTP method table from ESP-IDF's nghttp
* Parse methods using IDF's HTTP method list
* Make example's loops to allow the CPU to switch tasks
* Speed up upload by a factor of 17
Uploads are very slow because of an unnecessary "client.connected()" check in _uploadReadByte().
Here is what happens:
client.connected() is called for every byte read. WiFiClient::connected() calls recv(fd(), &dummy, 0, MSG_DONTWAIT); which takes a relatively long time, so the optimized path of returning a buffered byte via client.read() is effectively nullified.
Removing the one line changed the upload speed for a 2 MB file (discarding the received data) from 22 KB/sec (before) to 367 KB/sec (after).
The change is safe in the face of disconnects because client.read(), when it no longer has buffered data, calls (WiFiClient) fillBuffer(), which calls recv(), so the disconnection will be detected in due course.
* Move disconnect check into the timeout loop
* If WebServer.handleClient is run in a tight loop, it will starve other processes. So, if there is no connection, throw in a delay(1). Fixes#4348
* Made a variable to control the delay behavior
* Update Parsing.cpp
When uploading TLS cert files the end of file "-----END CERTIFICATE-----" (or any kind of file with the sequence "CRLF--") is taken as posible end boundary. Then it is compared to the start boundary string. As it is expected, comparison turns to be false, and the whole end boundary string is put to _currentUpload->buf through _uploadWriteByte(). Here you have the problem: if you read boundary.length() bytes from HTTP request and you have some of the actual end boundary bytes in it, when you put all those bytes into _currentUpload->buf you are making a mistake. You will miss the actual end boundary string because some of those bytes were put in _currentUpload->buf.
* Update Parsing.cpp
Successful exploitation could lead to arbitrary code execution.
The bug can be reproduced by running the following in a browser:
```
const formData = new FormData();
for (let i = 0;i < 33;++i) { formData.append("foo", i.toString()); }
await fetch("http://esp.local", { method: 'POST', body: formData });
```
I compiled the sample "WebServer -> HttpAdvancedAuth". But the right username and password can not login in. I found the file "Webserver.h" may be have some problem. So I fix it. Please check it.
* add opportunity for more than one retry to _uploadReadByte
* an alternative timeout-based method to making _uploadReadByte more resilient
* move timing variables in the correct scope
* implement and use client.getTimeout instead of hard-coded timeout in _uploadReadByte
* add missing return
* some refactoring to address respecting the timeout in a potentially deadlocked connection
* fix spelling in comment
* address review comments; move impl to cpp file for getTimeout, and remove local variable for currentMillis
* remove redundant cast
* need to check for timeout outside the inner while as well
* update WebUpdate example to print something in unexpected callback condition
* update log_e messages per review comments
* Webserver fix logging (#1)
* Change logging to use esp32-hal-log.h
fixes#2355
* adjust log parameter output positions, reduce lines
The DEBUG_ESP method used less lines than I originally set `log_v` to use when displaying the details of the received params ("@" and "=" indexes, and File info on a single line)
* fix sdmmc config
* Fix warnings in EEPROM
from @Curclamas
* remove leftover TAG in EEPROM
* Initial add of @stickbreaker i2c
* Add log_n
* fix warnings when log is off
* i2c code clean up and reorganization
* add flags to interrupt allocator
* fix sdmmc config
* Fix warnings in EEPROM
from @Curclamas
* remove leftover TAG in EEPROM
* fix errors with latest IDF
* fix debug optimization (#1365)
incorrect optimization for debugging tick markers.
* Fix some missing BT header
* Change BTSerial log calls
* Update BLE lib
* Arduino-ESP32 release management scripted (#1515)
* Calculate an absolute path for a custom partitions table (#1452)
* * Arduino-ESP32 release management scripted
(ready-to-merge)
* * secure env for espressif/arduino-esp32
* * build tests enabled
* gitter webhook enabled
* * gitter room link fixed
* better comment
* * filepaths fixed
* BT Serial adjustments
* * don't run sketch builds & tests for tagged builds
* Return false from WiFi.hostByName() if hostname is not resolved
* Free BT Memory when BT is not used
* WIFI_MODE_NULL is not supported anymore
* Select some key examples to build with PlatformIO to save some time
* Update BLE lib
* Fixed BLE lib
* Major WiFi overhaul
- auto reconnect on connection loss now works
- moved to event groups
- some code clean up and procedure optimizations
- new methods to get a more elaborate system ststus
* Add cmake tests to travis
* Add initial AsyncUDP
* Add NetBIOS lib and fix CMake includes
* Add Initial WebServer
* Fix WebServer and examples
* travis not quiting on build fail
* Try different travis build
* Update IDF to aaf1239
* Fix WPS Example
* fix script permission and add some fail tests to sketch builder
* Add missing space in WiFiClient::write(Stream &stream)