espressif/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2026-04-27 19:13:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
fix/dangerjs-permissions
esp-idf/components/esp_local_ctrl
T
History
Mahavir Jain d31ef7be16 fix(esp_local_ctrl): validate payload_case matches msg_type in command dispatcher 
The command dispatcher routed handlers based solely on msg_type without
verifying that the protobuf payload_case field matched. A crafted message
with mismatched msg_type and payload_case could cause type confusion,
leading to an out-of-bounds read or NULL pointer dereference.

Add expected_payload_case to the command table and validate it in the
dispatcher before invoking any handler.

Please note that this issue was applicable for authenticated clients
only (with security1/2 scheme) and hence the impact is on lower side.
2026-02-11 13:30:59 +05:30
..
include
feat: remove some deprecated APIs from 6.0 release
2025-08-20 14:20:37 +05:30
proto
feat(cmake): Update minimum cmake version to 3.22 (whole repository)
2025-08-19 14:44:32 +02:00
proto-c
python
src
fix(esp_local_ctrl): validate payload_case matches msg_type in command dispatcher
2026-02-11 13:30:59 +05:30
CMakeLists.txt
fix(esp_local_ctrl): Fixed esp_netif dependency in esp_local_ctrl component
2025-05-07 15:09:44 +05:30