Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WebServer: use String when working with Basic authentication #8548

Merged
merged 4 commits into from
Apr 30, 2022

Conversation

mcspr
Copy link
Collaborator

@mcspr mcspr commented Apr 21, 2022

Avoid blowing up user code when $user:$password string is longer than
127 bytes. Use String to both manage the memory and handle concatenation.

Also clean-up historical quicks such as

  • if(StringObject) that is always true since we implemented SSO
  • authReq = ""; / authReq = String();, which will happen anyway
  • (String)... casts that happen anyway, implicitly

Avoid blowing up user code when `$user:$password` string is longer than
127 bytes. Use String to both manage the memory and handle concatenation.

Also clean-up historical quicks such as
- `authReq = "";` / `authReq = String();`, which will happen anyway
- `(String)...` casts that happen anyway, implicitly
@mcspr mcspr linked an issue Apr 21, 2022 that may be closed by this pull request
@mcspr mcspr merged commit 1a49a04 into esp8266:master Apr 30, 2022
@mcspr mcspr deleted the webserver-basic-auth-overflows branch April 30, 2022 15:25
hasenradball pushed a commit to hasenradball/Arduino that referenced this pull request Nov 18, 2024
…#8548)

Avoid blowing up user code when `$user:$password` string is longer than
127 bytes. Use String to both manage the memory and handle concatenation.

Also clean-up historical quicks such as
- `if(StringObject)` that is always true since we implemented SSO
- `authReq = "";` / `authReq = String();`, which will happen anyway
- `(String)...` casts that happen anyway, implicitly (and which is also not a 'cast' btw, we do init it)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

There is heap-based buffer overflow
2 participants