alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'bugfix/http_client_buffer_overflow_v3.3' into 'release/v3.3'

Browse Source 
Fix HTTP client buffer overflow (v3.3)

See merge request espressif/esp-idf!6667
This commit is contained in:
Jiang Jiang Jian 2019-12-16 11:31:55 +08:00
commit ce9ec29737
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
components/esp_http_client/lib/http_header.c
View File

@ -178,6 +178,8 @@ int http_header_generate_string(http_header_handle_t header, int index, char *bu
int idx = 0; int idx = 0;
int ret_idx = -1; int ret_idx = -1;
bool is_end = false; bool is_end = false;
// iterate over the header entries to calculate buffer size and determine last item
STAILQ_FOREACH(item, header, next) { STAILQ_FOREACH(item, header, next) {
if (item->value && idx >= index) { if (item->value && idx >= index) {
siz += strlen(item->key); siz += strlen(item->key);
@ -187,7 +189,9 @@ int http_header_generate_string(http_header_handle_t header, int index, char *bu
idx ++; idx ++;
if (siz + 1 > *buffer_len - 2) { if (siz + 1 > *buffer_len - 2) {
// if this item would not fit to the buffer, return the index of the last fitting one
ret_idx = idx - 1; ret_idx = idx - 1;
break;
} }
} }
@ -195,10 +199,12 @@ int http_header_generate_string(http_header_handle_t header, int index, char *bu
return 0; return 0;
} }
if (ret_idx < 0) { if (ret_idx < 0) {
// all items would fit, mark this as the end of http header string
ret_idx = idx; ret_idx = idx;
is_end = true; is_end = true;
} }
// iterate again over the header entries to write only the fitting indeces
int str_len = 0; int str_len = 0;
idx = 0; idx = 0;
STAILQ_FOREACH(item, header, next) { STAILQ_FOREACH(item, header, next) {
@ -208,6 +214,7 @@ int http_header_generate_string(http_header_handle_t header, int index, char *bu
idx ++; idx ++;
} }
if (is_end) { if (is_end) {
// write the http header terminator if all header entries have been written in this function call
str_len += snprintf(buffer + str_len, *buffer_len - str_len, "\r\n"); str_len += snprintf(buffer + str_len, *buffer_len - str_len, "\r\n");
} }
*buffer_len = str_len; *buffer_len = str_len;