ioLibrary_Driver icon indicating copy to clipboard operation
ioLibrary_Driver copied to clipboard
verified publisher icon Wiznet

Buffer overflow error in httpParser

Open jarred-aos opened this issue 2 years ago • 0 comments

When sending large data to the get_http_param_value function in httpParser, there is no check for if the length of the parameter value is larger than the buffer created in ret[BUFPUB]. This can result in buffer overruns when the data is copied to the buffer with strncpy.

A short term solution is to change

if(len)

to

if(len && len <= sizeof(BUFPUB))

on line 233.

However, this just fails to parse the data correctly and doesn't return an error message to the user.

jarred-aos avatar Jun 04 '23 23:06 jarred-aos