Fixed vulnerability where malicious HTTP servers could trigger OOB reads
by sending empty or very short algorithm fields in WWW-Authenticate headers.
Changes:
- Replace unsafe memcmp() with strcasecmp() for algorithm comparison
- Add algorithm NULL validation at function entry point
- Fix duplicate md5-sess check, add missing SHA-256 check
This commit updated the client closing condition to avoid spurious
dispatching of event HTTP_EVENT_DISCONNECTED while closing closeed connection.
Closes https://github.com/espressif/esp-idf/issues/16070
Fixed memory leak in esp_http_client_cleanup() where current_header_value
buffer was not being freed when ESP_ERR_HTTP_FETCH_HEADER is returned
during header parsing failures.
Problem:
1. In low-memory scenarios, the dynamic buffer feature can fail due to memory fragmentation.
2. It requires a contiguous 16KB heap chunk, but continuous allocation and deallocation of
the RX buffer can lead to fragmentation.
3. If another component allocates memory between these operations, it can break up the
available 16KB block, causing allocation failure.
Solution:
1. Introduce configurable strategy for using dynamic buffers in TLS connections.
2. For example, convert RX buffers to static after the TLS handshake.
3. Allow users to select the strategy via a new field in the esp_http_client_cfg_t structure.
4. The strategy can be controlled independently for each TLS session.
Prior to v5.4, headers could be deleted from an HTTP client by calling
esp_http_client_set_header("Header", NULL). This pattern is used by
esp_http_client_set_post_field(NULL, 0), which is the only API usage
that will delete the request body in a persistent connection scenario.
In case a request with no content is sent after one with the content
length header set the header of the previous request is sent with the
subsequent one.
For instance, an empty GET request after a PUT request will still
indicate the non-zero content length of the previous request.
This is fixed by clearing the content length header when it shouldn't be
set.
If the TLS server (e.g., openssl) closes connection with encrypted close-notify alert
then `errno` is not explicitly set on the socket by LwIP stack.
For this scenario, we must rely only on `ERR_TCP_TRANSPORT_CONNECTION_CLOSED_BY_FIN`
return value as the connection close case and do the graceful connection closure.
Closes https://github.com/espressif/esp-idf/issues/14724
Added support http REPORT method and tested it using local server.
Added test case for REPOPRT method in esp_http_client_example.c
The URL(httpbin.org) does not support for /report endpoint.
Closes https://github.com/espressif/esp-idf/issues/14147
Event posting to the event loop should not hinder the working of
HTTP Client or HTTP Server. This commit add a config option to set
the timeout for posting the events to the loop.
Closes https://github.com/espressif/esp-idf/issues/13641
This reverts commit 04ac8e43db.
When `http_on_header_event` is called, event_handler is invoked and
then the current header key and header value are freed. In the previous
approach, `http_on_header_event` was called from `http_on_header_value`,
but it lead to an issue where if the value is received in multiple chunks,
then the current header key and value were freed and thus header was not
processed correctly which might result in connection issues. Calling
`http_on_heaher_event` from `http_on_header_field` ensures that the current
header field and value are processed properly
Fixes https://github.com/espressif/esp-idf/issues/13497
Fixes https://github.com/espressif/esp-idf/issues/13097
Only pull in direct dependencies for the test apps, reducing build time
as well making it possible for CI to determine if the test should run or not
when dependencies are changed.
Foundation transport contained TCP properties for both TCP and SSL
transport, so it was enough to set the TCP connection properties
(keepalive, interface binding) to one transport only. After merging
5778a7c7 we have separate TCP properties for these transports and need
to set the same for both.
This commit also fixes unnecessary allocation of 1 more byte for if_name
Closes https://github.com/espressif/esp-protocols/issues/322
Mahavir Jain
nilesh.kale
Ashish Sharma
Richard Allen
hrushikesh.bhosale
wanckl
Lorenzo Consolaro
wuzhenghui
Mathew Harman
Shu Chen
Xu Si Yu
Christopher Durand
Duco Sebel
Serhii Kulyk
fbp2m
Harshit Malpani
laokaiyao
Marius Vikhammer
jim
Shinichi Tanaka
David Čermák
Aditya Patwardhan
Armando