Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[TW#24589] Out of bounds write in example http_perform_as_stream_reader #2208

Closed
Phaiax opened this issue Jul 19, 2018 · 0 comments
Closed

[TW#24589] Out of bounds write in example http_perform_as_stream_reader #2208

Phaiax opened this issue Jul 19, 2018 · 0 comments

Comments

@Phaiax
Copy link

Phaiax commented Jul 19, 2018

Environment

  • Development Kit: [none]
  • Core (if using chip or module): [ESP-WROOM32]
  • IDF version: //c1fdd45 v3.1-beta1

Problem Description

The stream example in the file esp_http_client_example.c:

  char *buffer = malloc(MAX_HTTP_RECV_BUFFER); // Allocate buffer of size MAX_HTTP_RECV_BUFFER
  int content_length =  esp_http_client_fetch_headers(client); // Assume content_length == buffer size
  read_len = esp_http_client_read(client, buffer, content_length); // will return just the buffer size
  buffer[read_len] = 0;  // A trailing 0 byte is written to a position one after the last element of the array

Expected Behavior

Allocated buffer has size MAX_HTTP_RECV_BUFFER+1.
I like the idea of adding a zero byte for security reasons.

Actual Behavior

Out of bounds write if the server response body size matches the buffer size.

Also

The streaming example could be a real streaming example containing a while loop receiving data in chunks. Otherwise it is not really streaming.
@FayeY FayeY changed the title Out of bounds write in example http_perform_as_stream_reader [TW#24589] Out of bounds write in example http_perform_as_stream_reader Jul 26, 2018
@igrr igrr closed this as completed in 6ef5583 Jul 28, 2018
dacevedo pushed a commit to dacevedo/esp-idf that referenced this issue May 16, 2019
@tuanpmt @dacevedo
esp_http_client: Resolve some bugs from the github community
d4263c5 
- Closes espressif#2135
- Closes espressif#2208
- Closes espressif#2213

(cherry picked from commit 6ef5583)
catalinio pushed a commit to catalinio/pycom-esp-idf that referenced this issue Jun 28, 2019
@tuanpmt
esp_http_client: Resolve some bugs from the github community
98b47b5 
- Closes espressif/esp-idf#2135
- Closes espressif/esp-idf#2208
- Closes espressif/esp-idf#2213
0xFEEDC0DE64 pushed a commit to 0xFEEDC0DE64/esp-idf that referenced this issue May 5, 2021
@uerkal @me-no-dev
Add Turta IoT Node Board (espressif#2208)
512d0d0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Phaiax