bbx10/WebServer_tng

Mem corruption, when POSTing form with more the 32 args

everslick opened this issue · 2 comments

in bool WebServer::_parseForm(WiFiClient& client, String boundary, uint32_t len) { there is a hard limit of 32 arguments in the form. unfortunately this is not guarded against and leads to silent memory corruption, if a form contains more. The crash will happen some time later at a completely unrelated place in the code.

I think this bug is present ever since in the WebServer also on the ESP8266.

Dynamically expanding the argument array might be overkill, but we could make the upper limit configurable and stop the parser when postArgsLen++ reaches that limit (also logging an error message)?

bbx10 commented

I suggest opening an issue on esp8266/arduino as well because it is definitely present there. If it is fixed there I will merge in the fix here.

bbx10 commented

Issue already reported.

esp8266/Arduino#3284