diff --git a/libraries/ArduinoOTA/ArduinoOTA.cpp b/libraries/ArduinoOTA/ArduinoOTA.cpp index e9e0a3464..fd24bf100 100644 --- a/libraries/ArduinoOTA/ArduinoOTA.cpp +++ b/libraries/ArduinoOTA/ArduinoOTA.cpp @@ -6,6 +6,8 @@ //#define OTA_DEBUG 1 +#define U_AUTH 200 + ArduinoOTAClass::ArduinoOTAClass() { _udp_ota = new WiFiUDP(); @@ -169,12 +171,17 @@ void ArduinoOTAClass::handle() { if (!_udp_ota->parsePacket()) return; if(_state == OTA_IDLE){ + int cmd = _udp_ota->parseInt(); + if(cmd != U_FLASH && cmd != U_SPIFFS) + return; _ota_ip = _udp_ota->remoteIP(); - _cmd = _udp_ota->parseInt(); + _cmd = cmd; _ota_port = _udp_ota->parseInt(); _size = _udp_ota->parseInt(); _udp_ota->read(); sprintf(_md5, "%s", _udp_ota->readStringUntil('\n').c_str()); + if(strlen(_md5) != 32) + return; #if OTA_DEBUG Serial.print("Update Start: ip:"); @@ -199,8 +206,18 @@ void ArduinoOTAClass::handle() { _state = OTA_RUNUPDATE; } } else if(_state == OTA_WAITAUTH){ + int cmd = _udp_ota->parseInt(); + if(cmd != U_AUTH){ + _state = OTA_IDLE; + return; + } + _udp_ota->read(); String cnonce = _udp_ota->readStringUntil(' '); String response = _udp_ota->readStringUntil('\n'); + if(cnonce.length() != 32 || response.length() != 32){ + _state = OTA_IDLE; + return; + } MD5Builder _passmd5; _passmd5.begin(); diff --git a/tools/espota.py b/tools/espota.py index a07c8d61c..c03e1c4a7 100755 --- a/tools/espota.py +++ b/tools/espota.py @@ -34,6 +34,7 @@ import hashlib # Commands FLASH = 0 SPIFFS = 100 +AUTH = 200 def serve(remoteAddr, remotePort, password, filename, command = FLASH): @@ -78,7 +79,7 @@ def serve(remoteAddr, remotePort, password, filename, command = FLASH): result = hashlib.md5(result_text).hexdigest() sys.stderr.write('Authenticating...') sys.stderr.flush() - message = '%s %s\n' % (cnonce, result) + message = '%d %s %s\n' % (AUTH, cnonce, result) sock2.sendto(message, remote_address) sock2.settimeout(10) try: