From 439923e6e1a8e238e50068732c3bad77674eec37 Mon Sep 17 00:00:00 2001 From: nicolaser15 <68961128+nicolaser15@users.noreply.github.com> Date: Thu, 30 Jul 2020 11:09:06 -0300 Subject: [PATCH 1/2] Update Parsing.cpp When uploading TLS cert files the end of file "-----END CERTIFICATE-----" (or any kind of file with the sequence "CRLF--") is taken as posible end boundary. Then it is compared to the start boundary string. As it is expected, comparison turns to be false, and the whole end boundary string is put to _currentUpload->buf through _uploadWriteByte(). Here you have the problem: if you read boundary.length() bytes from HTTP request and you have some of the actual end boundary bytes in it, when you put all those bytes into _currentUpload->buf you are making a mistake. You will miss the actual end boundary string because some of those bytes were put in _currentUpload->buf. --- libraries/WebServer/src/Parsing.cpp | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/libraries/WebServer/src/Parsing.cpp b/libraries/WebServer/src/Parsing.cpp index e2e9cc43b7e..a1130d9e468 100644 --- a/libraries/WebServer/src/Parsing.cpp +++ b/libraries/WebServer/src/Parsing.cpp @@ -458,7 +458,23 @@ bool WebServer::_parseForm(WiFiClient& client, String boundary, uint32_t len){ } uint8_t endBuf[boundary.length()]; - client.readBytes(endBuf, boundary.length()); + uint32_t i = 0; + while(i < boundary.length()){ + argByte = _uploadReadByte(client); + if(argByte < 0) return _parseFormUploadAborted(); + if ((char)argByte == 0x0D){ + _uploadWriteByte(0x0D); + _uploadWriteByte(0x0A); + _uploadWriteByte((uint8_t)('-')); + _uploadWriteByte((uint8_t)('-')); + uint32_t j = 0; + while(j < i){ + _uploadWriteByte(endBuf[j++]); + } + goto readfile; + } + endBuf[i++] = (uint8_t)argByte; + } if (strstr((const char*)endBuf, boundary.c_str()) != NULL){ if(_currentHandler && _currentHandler->canUpload(_currentUri)) From 7294ff1df8036cfc9a50360778d98d8b39bd6b4f Mon Sep 17 00:00:00 2001 From: nicolaser15 <68961128+nicolaser15@users.noreply.github.com> Date: Thu, 30 Jul 2020 14:35:19 -0300 Subject: [PATCH 2/2] Update Parsing.cpp --- libraries/WebServer/src/Parsing.cpp | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/libraries/WebServer/src/Parsing.cpp b/libraries/WebServer/src/Parsing.cpp index a1130d9e468..ea5527b977c 100644 --- a/libraries/WebServer/src/Parsing.cpp +++ b/libraries/WebServer/src/Parsing.cpp @@ -460,21 +460,21 @@ bool WebServer::_parseForm(WiFiClient& client, String boundary, uint32_t len){ uint8_t endBuf[boundary.length()]; uint32_t i = 0; while(i < boundary.length()){ - argByte = _uploadReadByte(client); + argByte = _uploadReadByte(client); if(argByte < 0) return _parseFormUploadAborted(); if ((char)argByte == 0x0D){ - _uploadWriteByte(0x0D); - _uploadWriteByte(0x0A); - _uploadWriteByte((uint8_t)('-')); - _uploadWriteByte((uint8_t)('-')); - uint32_t j = 0; - while(j < i){ - _uploadWriteByte(endBuf[j++]); - } - goto readfile; - } - endBuf[i++] = (uint8_t)argByte; - } + _uploadWriteByte(0x0D); + _uploadWriteByte(0x0A); + _uploadWriteByte((uint8_t)('-')); + _uploadWriteByte((uint8_t)('-')); + uint32_t j = 0; + while(j < i){ + _uploadWriteByte(endBuf[j++]); + } + goto readfile; + } + endBuf[i++] = (uint8_t)argByte; + } if (strstr((const char*)endBuf, boundary.c_str()) != NULL){ if(_currentHandler && _currentHandler->canUpload(_currentUri))