Denial of Service with multipart forms when '=' not found

Question

Denial of Service with multipart forms when '=' not found

Closed this issue 4 years ago · 1 comments

silabs-steveegerter commented 4 years ago

if the '=' character is not found in a multipart form request,a NULL pointer is returned in Str_Char_N, this pointer is then incremented and dereferenced which can lead to a crash. See HTTPsReq_HdrParse() for details. I recommend adding a test for NULL.

Answer 1 · 2020-12-01T20:34:24.000Z

wrong project