There is heap-based buffer overflow #8547

KaanaryOverFlow · 2022-04-21T00:14:28Z

the function is vulnerable

you can fix it

https://medium.com/@Mr.deadbeef.py/esp-unusable-heap-based-buffer-overlow-ba6e8d99f813

mcspr · 2022-04-21T00:43:33Z

We would appreciate a concise description of the issue, not the link to your blog :/
What's your suggestion for a fix here?

I think what you meant is that this line uses char to store the result of strlen(username) + strlen(password) + 1, and it must stay under 127 bytes to not overflow the value

Arduino/libraries/ESP8266WebServer/src/ESP8266WebServer-impl.h

Line 105 in 6c8c8cb

char toencodeLen = strlen(username)+strlen(password)+1;

KaanaryOverFlow · 2022-04-21T14:11:37Z

i prefer this solution, exactly, in this line should be validate string length lower than 127 bytes before defining "toencodeLen" for username and password
if you are want to error exception or you can use snprintf(buffer,toencodeLen+1,...) instead of sprintf.

the case is when remote user access the this function, they can trig to overflow

mcspr linked a pull request Apr 21, 2022 that will close this issue

WebServer: use String when working with Basic authentication #8548

Merged

mcspr closed this as completed in #8548 Apr 30, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

There is heap-based buffer overflow #8547

There is heap-based buffer overflow #8547

KaanaryOverFlow commented Apr 21, 2022

mcspr commented Apr 21, 2022

KaanaryOverFlow commented Apr 21, 2022

There is heap-based buffer overflow #8547

There is heap-based buffer overflow #8547

Comments

KaanaryOverFlow commented Apr 21, 2022

mcspr commented Apr 21, 2022

KaanaryOverFlow commented Apr 21, 2022