arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-07-26 07:02:15 +03:00
Code Activity

ESP8266WebServer - fix possible memory leak in request argument handling (#9076)

Browse Source 
* fix possible leak of _postArgs array in case of returning early from _parseForm().
* don't use _postArgs member, but instead use a new local variable postArgs instead.
* same for _postArgsLen member vs.local postArgsLen.
* remove useless NULL pointer check before delete().
* Remove _postArgs member from ESP8266WebServer.h
* Remove searching through always empty _postArgs array in ESP8266WebServer-impl.h
This commit is contained in:
Clemens Kirchgatterer
2024-02-09 15:28:14 +01:00
committed by GitHub
parent de1029ffe0
commit 16e19181b9
3 changed files with 11 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
libraries/ESP8266WebServer/src/Parsing-impl.h
View File

@ -358,9 +358,8 @@ bool ESP8266WebServerTemplate<ServerType>::_parseForm(ClientType& client, const
client.readStringUntil('\n');
//start reading the form
if (line == ("--"+boundary)){
if(_postArgs) delete[] _postArgs;
_postArgs = new RequestArgument[WEBSERVER_MAX_POST_ARGS];
_postArgsLen = 0;
std::unique_ptr<RequestArgument[]> postArgs(new RequestArgument[WEBSERVER_MAX_POST_ARGS]);
int postArgsLen = 0;
while(1){
String argName;
String argValue;
@ -408,7 +407,7 @@ bool ESP8266WebServerTemplate<ServerType>::_parseForm(ClientType& client, const
}
DBGWS("PostArg Value: %s\n\n", argValue.c_str());
RequestArgument& arg = _postArgs[_postArgsLen++];
RequestArgument& arg = postArgs[postArgsLen++];
arg.key = argName;
arg.value = argValue;
@ -488,25 +487,20 @@ bool ESP8266WebServerTemplate<ServerType>::_parseForm(ClientType& client, const
}
int iarg;
int totalArgs = ((WEBSERVER_MAX_POST_ARGS - _postArgsLen) < _currentArgCount)?(WEBSERVER_MAX_POST_ARGS - _postArgsLen):_currentArgCount;
int totalArgs = ((WEBSERVER_MAX_POST_ARGS - postArgsLen) < _currentArgCount)?(WEBSERVER_MAX_POST_ARGS - postArgsLen):_currentArgCount;
for (iarg = 0; iarg < totalArgs; iarg++){
RequestArgument& arg = _postArgs[_postArgsLen++];
RequestArgument& arg = postArgs[postArgsLen++];
arg.key = _currentArgs[iarg].key;
arg.value = _currentArgs[iarg].value;
}
if (_currentArgs) delete[] _currentArgs;
_currentArgs = new RequestArgument[_postArgsLen];
for (iarg = 0; iarg < _postArgsLen; iarg++){
delete[] _currentArgs;
_currentArgs = new RequestArgument[postArgsLen];
for (iarg = 0; iarg < postArgsLen; iarg++){
RequestArgument& arg = _currentArgs[iarg];
arg.key = _postArgs[iarg].key;
arg.value = _postArgs[iarg].value;
arg.key = postArgs[iarg].key;
arg.value = postArgs[iarg].value;
}
_currentArgCount = iarg;
if (_postArgs) {
delete[] _postArgs;
_postArgs = nullptr;
_postArgsLen = 0;
}
return true;
}
DBGWS("Error: line: %s\n", line.c_str());