mirror of
https://github.com/esp8266/Arduino.git
synced 2025-04-19 23:22:16 +03:00
ESP8266WebServer - fix possible memory leak in request argument handling (#9076)
* fix possible leak of _postArgs array in case of returning early from _parseForm(). * don't use _postArgs member, but instead use a new local variable postArgs instead. * same for _postArgsLen member vs.local postArgsLen. * remove useless NULL pointer check before delete(). * Remove _postArgs member from ESP8266WebServer.h * Remove searching through always empty _postArgs array in ESP8266WebServer-impl.h
This commit is contained in:
Clemens Kirchgatterer
GitHub
parent
de1029ffe0
commit
16e19181b9
@ -590,10 +590,6 @@ const String& ESP8266WebServerTemplate<ServerType>::pathArg(unsigned int i) cons
|
|||||||
|
|
||||||
template <typename ServerType>
|
template <typename ServerType>
|
||||||
const String& ESP8266WebServerTemplate<ServerType>::arg(const String& name) const {
|
const String& ESP8266WebServerTemplate<ServerType>::arg(const String& name) const {
|
||||||
for (int j = 0; j < _postArgsLen; ++j) {
|
|
||||||
if ( _postArgs[j].key == name )
|
|
||||||
return _postArgs[j].value;
|
|
||||||
}
|
|
||||||
for (int i = 0; i < _currentArgCount + _currentArgsHavePlain; ++i) {
|
for (int i = 0; i < _currentArgCount + _currentArgsHavePlain; ++i) {
|
||||||
if ( _currentArgs[i].key == name )
|
if ( _currentArgs[i].key == name )
|
||||||
return _currentArgs[i].value;
|
return _currentArgs[i].value;
|
||||||
@ -622,10 +618,6 @@ int ESP8266WebServerTemplate<ServerType>::args() const {
|
|||||||
|
|
||||||
template <typename ServerType>
|
template <typename ServerType>
|
||||||
bool ESP8266WebServerTemplate<ServerType>::hasArg(const String& name) const {
|
bool ESP8266WebServerTemplate<ServerType>::hasArg(const String& name) const {
|
||||||
for (int j = 0; j < _postArgsLen; ++j) {
|
|
||||||
if (_postArgs[j].key == name)
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
for (int i = 0; i < _currentArgCount + _currentArgsHavePlain; ++i) {
|
for (int i = 0; i < _currentArgCount + _currentArgsHavePlain; ++i) {
|
||||||
if (_currentArgs[i].key == name)
|
if (_currentArgs[i].key == name)
|
||||||
return true;
|
return true;
|
||||||
|
|||||||
@ -323,8 +323,6 @@ protected:
|
|||||||
RequestArgument* _currentArgs = nullptr;
|
RequestArgument* _currentArgs = nullptr;
|
||||||
int _currentArgsHavePlain = 0;
|
int _currentArgsHavePlain = 0;
|
||||||
std::unique_ptr<HTTPUpload> _currentUpload;
|
std::unique_ptr<HTTPUpload> _currentUpload;
|
||||||
int _postArgsLen = 0;
|
|
||||||
RequestArgument* _postArgs = nullptr;
|
|
||||||
|
|
||||||
int _headerKeysCount = 0;
|
int _headerKeysCount = 0;
|
||||||
RequestArgument* _currentHeaders = nullptr;
|
RequestArgument* _currentHeaders = nullptr;
|
||||||
|
|||||||
@ -358,9 +358,8 @@ bool ESP8266WebServerTemplate<ServerType>::_parseForm(ClientType& client, const
|
|||||||
client.readStringUntil('\n');
|
client.readStringUntil('\n');
|
||||||
//start reading the form
|
//start reading the form
|
||||||
if (line == ("--"+boundary)){
|
if (line == ("--"+boundary)){
|
||||||
if(_postArgs) delete[] _postArgs;
|
std::unique_ptr<RequestArgument[]> postArgs(new RequestArgument[WEBSERVER_MAX_POST_ARGS]);
|
||||||
_postArgs = new RequestArgument[WEBSERVER_MAX_POST_ARGS];
|
int postArgsLen = 0;
|
||||||
_postArgsLen = 0;
|
|
||||||
while(1){
|
while(1){
|
||||||
String argName;
|
String argName;
|
||||||
String argValue;
|
String argValue;
|
||||||
@ -408,7 +407,7 @@ bool ESP8266WebServerTemplate<ServerType>::_parseForm(ClientType& client, const
|
|||||||
}
|
}
|
||||||
DBGWS("PostArg Value: %s\n\n", argValue.c_str());
|
DBGWS("PostArg Value: %s\n\n", argValue.c_str());
|
||||||
|
|
||||||
RequestArgument& arg = _postArgs[_postArgsLen++];
|
RequestArgument& arg = postArgs[postArgsLen++];
|
||||||
arg.key = argName;
|
arg.key = argName;
|
||||||
arg.value = argValue;
|
arg.value = argValue;
|
||||||
|
|
||||||
@ -488,25 +487,20 @@ bool ESP8266WebServerTemplate<ServerType>::_parseForm(ClientType& client, const
|
|||||||
}
|
}
|
||||||
|
|
||||||
int iarg;
|
int iarg;
|
||||||
int totalArgs = ((WEBSERVER_MAX_POST_ARGS - _postArgsLen) < _currentArgCount)?(WEBSERVER_MAX_POST_ARGS - _postArgsLen):_currentArgCount;
|
int totalArgs = ((WEBSERVER_MAX_POST_ARGS - postArgsLen) < _currentArgCount)?(WEBSERVER_MAX_POST_ARGS - postArgsLen):_currentArgCount;
|
||||||
for (iarg = 0; iarg < totalArgs; iarg++){
|
for (iarg = 0; iarg < totalArgs; iarg++){
|
||||||
RequestArgument& arg = _postArgs[_postArgsLen++];
|
RequestArgument& arg = postArgs[postArgsLen++];
|
||||||
arg.key = _currentArgs[iarg].key;
|
arg.key = _currentArgs[iarg].key;
|
||||||
arg.value = _currentArgs[iarg].value;
|
arg.value = _currentArgs[iarg].value;
|
||||||
}
|
}
|
||||||
if (_currentArgs) delete[] _currentArgs;
|
delete[] _currentArgs;
|
||||||
_currentArgs = new RequestArgument[_postArgsLen];
|
_currentArgs = new RequestArgument[postArgsLen];
|
||||||
for (iarg = 0; iarg < _postArgsLen; iarg++){
|
for (iarg = 0; iarg < postArgsLen; iarg++){
|
||||||
RequestArgument& arg = _currentArgs[iarg];
|
RequestArgument& arg = _currentArgs[iarg];
|
||||||
arg.key = _postArgs[iarg].key;
|
arg.key = postArgs[iarg].key;
|
||||||
arg.value = _postArgs[iarg].value;
|
arg.value = postArgs[iarg].value;
|
||||||
}
|
}
|
||||||
_currentArgCount = iarg;
|
_currentArgCount = iarg;
|
||||||
if (_postArgs) {
|
|
||||||
delete[] _postArgs;
|
|
||||||
_postArgs = nullptr;
|
|
||||||
_postArgsLen = 0;
|
|
||||||
}
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
DBGWS("Error: line: %s\n", line.c_str());
|
DBGWS("Error: line: %s\n", line.c_str());
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user