From 9fc0ca13b3b85b98d32b98cd9dc8ff9d82642b7b Mon Sep 17 00:00:00 2001 From: Ashish Sharma Date: Thu, 19 Mar 2026 14:59:39 +0800 Subject: [PATCH] fix: fixes websocket server possible null dereference --- components/esp_http_server/src/httpd_ws.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/components/esp_http_server/src/httpd_ws.c b/components/esp_http_server/src/httpd_ws.c index a3a879dea0..a765c59e11 100644 --- a/components/esp_http_server/src/httpd_ws.c +++ b/components/esp_http_server/src/httpd_ws.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2020-2025 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2020-2026 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -82,12 +82,15 @@ static bool httpd_ws_get_response_subprotocol(const char *supported_subprotocol, /* Get first subprotocol from comma separated list */ char *rest = NULL; char *s = strtok_r(subprotocol, ", ", &rest); - do { - if (strncmp(s, supported_subprotocol, strlen(supported_subprotocol)) == 0) { + int supported_subprotocol_len = strlen(supported_subprotocol); + while (s != NULL) { + if (strlen(s) == supported_subprotocol_len && + strncmp(s, supported_subprotocol, supported_subprotocol_len) == 0) { ESP_LOGD(TAG, "Requested subprotocol supported: %s", s); return true; } - } while ((s = strtok_r(NULL, ", ", &rest)) != NULL); + s = strtok_r(NULL, ", ", &rest); + } ESP_LOGW(TAG, "Sec-WebSocket-Protocol %s not supported, supported subprotocol is %s", subprotocol, supported_subprotocol);