HTTP Authentication Freezes Arduino on LONG base64 encoded Username and Password pairs.

Question

HTTP Authentication Freezes Arduino on LONG base64 encoded Username and Password pairs.

Closed this issue 12 years ago · 1 comments

Hi,

using HTTP Authentication and WebServer::checkCredentials I discovered that the Arduino Board is freezed if a base64-encoded Username-Password Pair over 50 chars is sent.

The problem resides in WebServer::readHeader, pathed version follows:

  void WebServer::readHeader(char *value, int valueLen)
  {
    int ch;
    memset(value, 0, valueLen);
    --valueLen;
  
    // absorb whitespace
    do
    {
      ch = read();
    } while (ch == ' ' || ch == '\t');
  
    // read rest of line
    do
    {
      if (valueLen > 1)
      {
        *value++=ch;
        --valueLen;
      }
      ch = read();
    } while (ch != '\r');
    push(ch);
  }

Using this patched version, Long username & password (both gt than 15 chars) won't match resulting in a "401 Unauthorized", but (at least) won't be able to freeze the board.

Bye,
-A

Answer 1 · 2012-12-06T07:58:34.000Z

Thanks, patch applied!