From d9ef6b5f183d34ab2d471ee8573de1bf0b5a70a6 Mon Sep 17 00:00:00 2001
From: yoursunny <sunnylandh@gmail.com>
Date: Wed, 3 Jan 2018 22:14:32 -0500
Subject: [PATCH] ArduinoOTA: don't crash on unrecognized packets (#4086)

* ArduinoOTA: handle end of packet in readStringUntil

fixes #3912

* ArduinoOTA: fix buffer overflow in parseInt

fixes #3912
---
 libraries/ArduinoOTA/ArduinoOTA.cpp | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/libraries/ArduinoOTA/ArduinoOTA.cpp b/libraries/ArduinoOTA/ArduinoOTA.cpp
index aaf4c5ff5..3c6acd943 100644
--- a/libraries/ArduinoOTA/ArduinoOTA.cpp
+++ b/libraries/ArduinoOTA/ArduinoOTA.cpp
@@ -143,10 +143,10 @@ void ArduinoOTAClass::begin() {
 
 int ArduinoOTAClass::parseInt(){
   char data[16];
-  uint8_t index = 0;
+  uint8_t index;
   char value;
   while(_udp_ota->peek() == ' ') _udp_ota->read();
-  while(true){
+  for(index = 0; index < sizeof(data); ++index){
     value = _udp_ota->peek();
     if(value < '0' || value > '9'){
       data[index++] = '\0';
@@ -159,13 +159,13 @@ int ArduinoOTAClass::parseInt(){
 
 String ArduinoOTAClass::readStringUntil(char end){
   String res = "";
-  char value;
+  int value;
   while(true){
     value = _udp_ota->read();
-    if(value == '\0' || value == end){
+    if(value < 0 || value == '\0' || value == end){
       return res;
     }
-    res += value;
+    res += static_cast<char>(value);
   }
   return res;
 }