Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: espressif/arduino-esp32
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 13cd0d3
Choose a base ref
...
head repository: nicolaser15/arduino-esp32
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 7294ff1
Choose a head ref
  • 2 commits
  • 1 file changed
  • 1 contributor

Commits on Jul 30, 2020

  1. Update Parsing.cpp 

    When uploading TLS cert files the end of file "-----END CERTIFICATE-----" (or any kind of file with the sequence "CRLF--") is taken as posible end boundary. Then it is compared to the start boundary string. As it is expected, comparison turns to be false, and the whole end boundary string is put to _currentUpload->buf through _uploadWriteByte(). Here you have the problem: if you read boundary.length() bytes from HTTP request and you have some of the actual end boundary bytes in it, when you put all those bytes into _currentUpload->buf you are making a mistake. You will miss the actual end boundary string because some of those bytes were put in _currentUpload->buf.
    @nicolaser15
    nicolaser15 authored Jul 30, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    439923e View commit details

  2. Update Parsing.cpp

    @nicolaser15
    nicolaser15 authored Jul 30, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    7294ff1 View commit details
Showing with 17 additions and 1 deletion.
  1. +17 −1 libraries/WebServer/src/Parsing.cpp
18 changes: 17 additions & 1 deletion libraries/WebServer/src/Parsing.cpp
View file
Original file line number Diff line number Diff line change
@@ -458,7 +458,23 @@ bool WebServer::_parseForm(WiFiClient& client, String boundary, uint32_t len){
}

uint8_t endBuf[boundary.length()];
client.readBytes(endBuf, boundary.length());
uint32_t i = 0;
while(i < boundary.length()){
argByte = _uploadReadByte(client);
if(argByte < 0) return _parseFormUploadAborted();
if ((char)argByte == 0x0D){
_uploadWriteByte(0x0D);
_uploadWriteByte(0x0A);
_uploadWriteByte((uint8_t)('-'));
_uploadWriteByte((uint8_t)('-'));
uint32_t j = 0;
while(j < i){
_uploadWriteByte(endBuf[j++]);
}
goto readfile;
}
endBuf[i++] = (uint8_t)argByte;
}

if (strstr((const char*)endBuf, boundary.c_str()) != NULL){
if(_currentHandler && _currentHandler->canUpload(_currentUri))