Export to GitHub

webduino - issue #12

There's a off-by-one error in WebServer::readPOSTparam()

Posted on Nov 3, 2010 by Swift Cat

There's a off-by one error in WebServer::readPOSTparam(). The buffers passed to the function will not be fully used.

In the beginning the length of the two buffers is decreased to make sure that the trailing 0 is not overwritten:

// decrement length so we don't write into NUL terminator --nameLen; --valueLen;

This already ensures that the NULL terminator is not overwritten, so there's no need to subtract another character before assigning the read character to the buffer:

// check against 1 so we don't overwrite the final NUL
if (nameLen > 1)
{
  *name++ = ch;
  --nameLen;
}
else if (valueLen > 1)
{
  *value++ = ch;
  --valueLen;
}

It should check against 0 instead of 1.

Example (pseudo-code):

name[2], value[2] WebServer::readPOSTparam(name, 2, value, 2);

This will decrease both nameLen and valueLen to 1 in the beginning of WebServer::readPOSTparam() so that the final check "nameLen > 1" and "valueLen > 1" will fail and the read character isn't stored in name/value.

What version of the product are you using? On what operating system?

1.4.1

Comment #1

Posted on Nov 3, 2010 by Helpful Lion

(No comment was entered for this change.)

Comment #2

Posted on Jan 9, 2012 by Helpful Lion

Fix being checked into GitHub version

Comment #3

Posted on Jan 9, 2012 by Swift Cat

OK, I've create a pull request for this as well as for issue 11.

Status: Fixed

Labels:
Type-Defect Priority-High