Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mem corruption, when POSTing form with more the 32 args #5

Open
everslick opened this issue Jul 25, 2017 · 2 comments
Open

Mem corruption, when POSTing form with more the 32 args #5

everslick opened this issue Jul 25, 2017 · 2 comments

Comments

@everslick
Copy link

in bool WebServer::_parseForm(WiFiClient& client, String boundary, uint32_t len) { there is a hard limit of 32 arguments in the form. unfortunately this is not guarded against and leads to silent memory corruption, if a form contains more. The crash will happen some time later at a completely unrelated place in the code.

I think this bug is present ever since in the WebServer also on the ESP8266.

Dynamically expanding the argument array might be overkill, but we could make the upper limit configurable and stop the parser when postArgsLen++ reaches that limit (also logging an error message)?
@bbx10
Copy link
Owner

bbx10 commented Jul 26, 2017

I suggest opening an issue on esp8266/arduino as well because it is definitely present there. If it is fixed there I will merge in the fix here.

@bbx10
Copy link
Owner

bbx10 commented Jul 27, 2017

Issue already reported.

esp8266/Arduino#3284

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bbx10 @everslick