Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 663effa

Browse filesBrowse files
nicolaser15nicolaser15
authored
Update Parsing.cpp (espressif#4217)
* Update Parsing.cpp When uploading TLS cert files the end of file "-----END CERTIFICATE-----" (or any kind of file with the sequence "CRLF--") is taken as posible end boundary. Then it is compared to the start boundary string. As it is expected, comparison turns to be false, and the whole end boundary string is put to _currentUpload->buf through _uploadWriteByte(). Here you have the problem: if you read boundary.length() bytes from HTTP request and you have some of the actual end boundary bytes in it, when you put all those bytes into _currentUpload->buf you are making a mistake. You will miss the actual end boundary string because some of those bytes were put in _currentUpload->buf. * Update Parsing.cpp
1 parent 6f237a8 commit 663effa
Copy full SHA for 663effa

File tree

Expand file treeCollapse file tree

1 file changed

+17
-1
lines changed
Filter options
Expand file treeCollapse file tree

1 file changed

+17
-1
lines changed

‎libraries/WebServer/src/Parsing.cpp

Copy file name to clipboardExpand all lines: libraries/WebServer/src/Parsing.cpp
+17-1Lines changed: 17 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -461,7 +461,23 @@ bool WebServer::_parseForm(WiFiClient& client, String boundary, uint32_t len){
461461
}
462462

463463
uint8_t endBuf[boundary.length()];
464-
client.readBytes(endBuf, boundary.length());
464+
uint32_t i = 0;
465+
while(i < boundary.length()){
466+
argByte = _uploadReadByte(client);
467+
if(argByte < 0) return _parseFormUploadAborted();
468+
if ((char)argByte == 0x0D){
469+
_uploadWriteByte(0x0D);
470+
_uploadWriteByte(0x0A);
471+
_uploadWriteByte((uint8_t)('-'));
472+
_uploadWriteByte((uint8_t)('-'));
473+
uint32_t j = 0;
474+
while(j < i){
475+
_uploadWriteByte(endBuf[j++]);
476+
}
477+
goto readfile;
478+
}
479+
endBuf[i++] = (uint8_t)argByte;
480+
}
465481

466482
if (strstr((const char*)endBuf, boundary.c_str()) != NULL){
467483
if(_currentHandler && _currentHandler->canUpload(_currentUri))

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.