search

SHA2017-badge / Firmware

ESP32 firmware for the SHA2017 badge
https://wiki.sha2017.org/w/Badge
Other
83 stars 36 forks source link

sha2017_ota.c: out-of-bounds read in sha2017_read_past_http_header #200

Closed pesco closed 7 years ago

pesco commented 7 years ago

the line

  ptr = memchr(text + i, '\n', total_len);

will access memory after the text buffer as i is incremented but total_len stays constant. the loop will only terminate when it hits an area of memory of size total_len that incidentally contains no newline.

basvs commented 7 years ago

The ota code was buggy and completely unreadable; tried to make it bug-free and readable again:

https://github.com/SHA2017-badge/Firmware/pull/205

basvs commented 7 years ago

@pesco This file has largely been rewritten. Can I close this issue?

pesco commented 7 years ago

If the code in question no longer exists, sure.