From 68f4c49998ccbce7528f22a4e5bba44e21819c3b Mon Sep 17 00:00:00 2001 From: valkuc Date: Tue, 29 Nov 2016 20:32:08 +0300 Subject: [PATCH 1/9] Added userData to allow user to store context variable. cgiData cannot be used for this purpose in templates, new userData can - it's dedicated for this. --- core/httpd.c | 1 + include/httpd.h | 1 + 2 files changed, 2 insertions(+) diff --git a/core/httpd.c b/core/httpd.c index bb5b5f5b..d48e4983 100644 --- a/core/httpd.c +++ b/core/httpd.c @@ -536,6 +536,7 @@ static void ICACHE_FLASH_ATTR httpdProcessRequest(HttpdConnData *conn) { if (match) { httpd_printf("Is url index %d\n", i); conn->cgiData=NULL; + conn->userData=NULL; conn->cgi=builtInUrls[i].cgiCb; conn->cgiArg=builtInUrls[i].cgiArg; break; diff --git a/include/httpd.h b/include/httpd.h index 73745ac7..aea02103 100644 --- a/include/httpd.h +++ b/include/httpd.h @@ -50,6 +50,7 @@ struct HttpdConnData { int remote_port; // Remote TCP port uint8 remote_ip[4]; // IP address of client uint8 slot; // Slot ID + void *userData; // Variable for storing any user data }; //A struct describing the POST data sent inside the http connection. This is used by the CGI functions From cd876003b3d057ff06a3e8cc2f70252ccd2f3ffe Mon Sep 17 00:00:00 2001 From: Chen YewMing Date: Sun, 1 Jan 2017 18:32:35 +0800 Subject: [PATCH 2/9] Ignore vim swap files --- .gitignore | 3 ++- Makefile | 6 ++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 5e14a6fa..0d1e171c 100644 --- a/.gitignore +++ b/.gitignore @@ -7,4 +7,5 @@ espfs/espfstest/*.o espfs/espfstest/espfstest *.DS_Store html_compressed/ -libwebpages-espfs.a \ No newline at end of file +libwebpages-espfs.a +*.swp diff --git a/Makefile b/Makefile index 59a6db62..8a2e4993 100644 --- a/Makefile +++ b/Makefile @@ -180,6 +180,8 @@ checkdirs: $(BUILD_DIR) $(BUILD_DIR): $(Q) mkdir -p $@ +#ignore vim swap files +FIND_OPTIONS = -not -iname '*.swp' webpages.espfs: $(HTMLDIR) espfs/mkespfsimage/mkespfsimage ifeq ("$(COMPRESS_W_YUI)","yes") @@ -191,9 +193,9 @@ ifeq ("$(COMPRESS_W_YUI)","yes") $(Q) awk "BEGIN {printf \"YUI compression ratio was: %.2f%%\\n\", (`du -b -s html_compressed/ | sed 's/\([0-9]*\).*/\1/'`/`du -b -s ../html/ | sed 's/\([0-9]*\).*/\1/'`)*100}" # mkespfsimage will compress html, css, svg and js files with gzip by default if enabled # override with -g cmdline parameter - $(Q) cd html_compressed; find . | $(THISDIR)/espfs/mkespfsimage/mkespfsimage > $(THISDIR)/webpages.espfs; cd ..; + $(Q) cd html_compressed; find . $(FIND_OPTIONS) | $(THISDIR)/espfs/mkespfsimage/mkespfsimage > $(THISDIR)/webpages.espfs; cd ..; else - $(Q) cd ../html; find . | $(THISDIR)/espfs/mkespfsimage/mkespfsimage > $(THISDIR)/webpages.espfs; cd .. + $(Q) cd ../html; find . $(FIND_OPTIONS) | $(THISDIR)/espfs/mkespfsimage/mkespfsimage > $(THISDIR)/webpages.espfs; cd .. endif libwebpages-espfs.a: webpages.espfs From 941f4b1dcef7dea70a3354edf61261cb19c11607 Mon Sep 17 00:00:00 2001 From: Chen YewMing Date: Mon, 2 Jan 2017 00:18:16 +0800 Subject: [PATCH 3/9] Fix possible memory leak --- core/httpd.c | 11 ++++++----- espfs/espfs.c | 1 + 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/core/httpd.c b/core/httpd.c index bb5b5f5b..9a4ee65b 100644 --- a/core/httpd.c +++ b/core/httpd.c @@ -683,15 +683,16 @@ void ICACHE_FLASH_ATTR httpdRecvCb(ConnTypePtr rconn, char *remIp, int remPort, int x, r; char *p, *e; httpdPlatLock(); - char *sendBuff=malloc(HTTPD_MAX_SENDBUFF_LEN); - if (sendBuff==NULL) { - printf("Malloc sendBuff failed!\n"); + + HttpdConnData *conn=httpdFindConnData(rconn, remIp, remPort); + if (conn==NULL) { httpdPlatUnlock(); return; } - HttpdConnData *conn=httpdFindConnData(rconn, remIp, remPort); - if (conn==NULL) { + char *sendBuff=malloc(HTTPD_MAX_SENDBUFF_LEN); + if (sendBuff==NULL) { + printf("Malloc sendBuff failed!\n"); httpdPlatUnlock(); return; } diff --git a/espfs/espfs.c b/espfs/espfs.c index d5270d2a..e179cb95 100644 --- a/espfs/espfs.c +++ b/espfs/espfs.c @@ -183,6 +183,7 @@ EspFsFile ICACHE_FLASH_ATTR *espFsOpen(char *fileName) { #endif } else { httpd_printf("Invalid compression: %d\n", h.compression); + free(r); return NULL; } return r; From 693d0da9d7d6dd5bb0d27aa64bb2706fcb08f6ea Mon Sep 17 00:00:00 2001 From: valkuc Date: Fri, 17 Feb 2017 01:55:02 +0300 Subject: [PATCH 4/9] Fix for https://github.com/Spritetm/libesphttpd/issues/26 Caused by buffer overflow. --- core/httpd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/httpd.c b/core/httpd.c index d48e4983..bdf63f17 100644 --- a/core/httpd.c +++ b/core/httpd.c @@ -715,7 +715,7 @@ void ICACHE_FLASH_ATTR httpdRecvCb(ConnTypePtr rconn, char *remIp, int remPort, } } //ToDo: return http error code 431 (request header too long) if this happens - if (conn->priv->headPos!=HTTPD_MAX_HEAD_LEN) conn->priv->head[conn->priv->headPos++]=data[x]; + if (conn->priv->headPospriv->head[conn->priv->headPos++]=data[x]; conn->priv->head[conn->priv->headPos]=0; //Scan for /r/n/r/n. Receiving this indicate the headers end. if (data[x]=='\n' && (char *)strstr(conn->priv->head, "\r\n\r\n")!=NULL) { From c610c1c8356172eb5df6a3d94aa56399f267218d Mon Sep 17 00:00:00 2001 From: Peter Korsgaard Date: Mon, 17 Jul 2017 11:14:35 +0200 Subject: [PATCH 5/9] espmissingincludes.h: adjust prototypes for SDK 2.x compatibility SDK 2.x provides prototypes for some of the functions listed here, but with slightly different argument types, leading to build errors: In file included from ./include/esp8266.h:33:0, from espfs/espfs.c:23: ./include/espmissingincludes.h:17:6: error: conflicting types for 'ets_install_putc1' void ets_install_putc1(void *routine); ^ In file included from ./include/esp8266.h:27:0, from espfs/espfs.c:23: /opt/esp-open-sdk/sdk/include/osapi.h:34:6: note: previous declaration of 'ets_install_putc1' was here void ets_install_putc1(void (*p)(char c)); ^ In file included from ./include/esp8266.h:33:0, from espfs/espfs.c:23: ./include/espmissingincludes.h:18:6: error: conflicting types for 'ets_isr_attach' void ets_isr_attach(int intr, void *handler, void *arg); ^ In file included from ./include/esp8266.h:24:0, from espfs/espfs.c:23: /opt/esp-open-sdk/sdk/include/ets_sys.h:67:6: note: previous declaration of 'ets_isr_attach' was here void ets_isr_attach(int i, ets_isr_t func, void *arg); ^ In file included from ./include/esp8266.h:33:0, from espfs/espfs.c:23: ./include/espmissingincludes.h:28:8: error: conflicting types for 'ets_strlen' size_t ets_strlen(const char *s); ^ In file included from ./include/esp8266.h:27:0, from espfs/espfs.c:23: /opt/esp-open-sdk/sdk/include/osapi.h:47:5: note: previous declaration of 'ets_strlen' was here int ets_strlen(const char *s); ^ In file included from ./include/esp8266.h:33:0, from espfs/espfs.c:23: ./include/espmissingincludes.h:29:5: error: conflicting types for 'ets_strncmp' int ets_strncmp(const char *s1, const char *s2, int len); ^ In file included from ./include/esp8266.h:27:0, from espfs/espfs.c:23: /opt/esp-open-sdk/sdk/include/osapi.h:48:5: note: previous declaration of 'ets_strncmp' was here int ets_strncmp(const char *s1, const char *s2, unsigned int n); ^ In file included from ./include/esp8266.h:33:0, from espfs/espfs.c:23: ./include/espmissingincludes.h:32:6: error: conflicting types for 'ets_timer_arm_new' void ets_timer_arm_new(os_timer_t *a, int b, int c, int isMstimer); ^ In file included from ./include/esp8266.h:27:0, from espfs/espfs.c:23: /opt/esp-open-sdk/sdk/include/osapi.h:65:6: note: previous declaration of 'ets_timer_arm_new' was here void ets_timer_arm_new(os_timer_t *ptimer, uint32_t time, bool repeat_flag, bool ms_flag); ^ In file included from ./include/esp8266.h:33:0, from espfs/espfs.c:23: ./include/espmissingincludes.h:40:6: error: conflicting types for 'uart_div_modify' void uart_div_modify(int no, unsigned int freq); ^ In file included from ./include/esp8266.h:28:0, from espfs/espfs.c:23: /opt/esp-open-sdk/sdk/include/user_interface.h:646:6: note: previous declaration of 'uart_div_modify' was here void uart_div_modify(uint8 uart_no, uint32 DivLatchValue); ^ In file included from ./include/esp8266.h:33:0, from espfs/espfs.c:23: ./include/espmissingincludes.h:45:6: error: conflicting types for 'ets_delay_us' void ets_delay_us(int ms); ^ In file included from ./include/esp8266.h:27:0, from espfs/espfs.c:23: /opt/esp-open-sdk/sdk/include/osapi.h:33:6: note: previous declaration of 'ets_delay_us' was here void ets_delay_us(uint16_t us); ^ In file included from ./include/esp8266.h:33:0, from espfs/espfs.c:23: ./include/espmissingincludes.h:57:7: error: conflicting types for 'pvPortMalloc' void *pvPortMalloc(size_t xWantedSize, const char *file, int line); ^ In file included from ./include/esp8266.h:26:0, from espfs/espfs.c:23: /home/peko/source/esp8266/esp-open-sdk/sdk//include/mem.h:38:7: note: previous declaration of 'pvPortMalloc' was here void *pvPortMalloc (size_t sz, const char *, unsigned); ^ In file included from ./include/esp8266.h:33:0, from espfs/espfs.c:23: ./include/espmissingincludes.h:58:7: error: conflicting types for 'pvPortZalloc' void *pvPortZalloc(size_t, const char *file, int line); ^ In file included from ./include/esp8266.h:26:0, from espfs/espfs.c:23: /opt/esp-open-sdk/sdk/include/mem.h:40:7: note: previous declaration of 'pvPortZalloc' was here void *pvPortZalloc (size_t sz, const char *, unsigned); ^ In file included from ./include/esp8266.h:33:0, from espfs/espfs.c:23: ./include/espmissingincludes.h:59:6: error: conflicting types for 'vPortFree' void vPortFree(void *ptr, const char *file, int line); ^ In file included from ./include/esp8266.h:26:0, from espfs/espfs.c:23: /opt/esp-open-sdk/sdk/include/mem.h:39:6: note: previous declaration of 'vPortFree' was here void vPortFree (void *p, const char *, unsigned); ^ Adjust the prototypes here to match the SDK to fix these issues. Signed-off-by: Peter Korsgaard --- include/espmissingincludes.h | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/include/espmissingincludes.h b/include/espmissingincludes.h index 3126c95c..6ade6346 100644 --- a/include/espmissingincludes.h +++ b/include/espmissingincludes.h @@ -9,13 +9,14 @@ int strcasecmp(const char *a, const char *b); #ifndef FREERTOS #include #include + //Missing function prototypes in include folders. Gcc will warn on these if we don't define 'em anywhere. //MOST OF THESE ARE GUESSED! but they seem to swork and shut up the compiler. typedef struct espconn espconn; int atoi(const char *nptr); -void ets_install_putc1(void *routine); -void ets_isr_attach(int intr, void *handler, void *arg); +void ets_install_putc1(void (*routine)(char c)); +void ets_isr_attach(int intr, void (*handler)(void *), void *arg); void ets_isr_mask(unsigned intr); void ets_isr_unmask(unsigned intr); int ets_memcmp(const void *s1, const void *s2, size_t n); @@ -25,11 +26,11 @@ int ets_sprintf(char *str, const char *format, ...) __attribute__ ((format (pri int ets_str2macaddr(void *, void *); int ets_strcmp(const char *s1, const char *s2); char *ets_strcpy(char *dest, const char *src); -size_t ets_strlen(const char *s); -int ets_strncmp(const char *s1, const char *s2, int len); +int ets_strlen(const char *s); +int ets_strncmp(const char *s1, const char *s2, unsigned int len); char *ets_strncpy(char *dest, const char *src, size_t n); char *ets_strstr(const char *haystack, const char *needle); -void ets_timer_arm_new(os_timer_t *a, int b, int c, int isMstimer); +void ets_timer_arm_new(os_timer_t *a, uint32_t b, bool repeat, bool isMstimer); void ets_timer_disarm(os_timer_t *a); void ets_timer_setfn(os_timer_t *t, ETSTimerFunc *fn, void *parg); void ets_update_cpu_frequency(int freqmhz); @@ -37,12 +38,12 @@ void *os_memmove(void *dest, const void *src, size_t n); int os_printf(const char *format, ...) __attribute__ ((format (printf, 1, 2))); int os_snprintf(char *str, size_t size, const char *format, ...) __attribute__ ((format (printf, 3, 4))); int os_printf_plus(const char *format, ...) __attribute__ ((format (printf, 1, 2))); -void uart_div_modify(int no, unsigned int freq); +void uart_div_modify(uint8 no, uint32 freq); uint8 wifi_get_opmode(void); uint32 system_get_time(); int rand(void); void ets_bzero(void *s, size_t n); -void ets_delay_us(int ms); +void ets_delay_us(uint16_t ms); //Hack: this is defined in SDK 1.4.0 and undefined in 1.3.0. It's only used for this, the symbol itself //has no meaning here. @@ -54,11 +55,11 @@ void vPortFree(void *ptr); void *vPortMalloc(size_t xWantedSize); void pvPortFree(void *ptr); #else -void *pvPortMalloc(size_t xWantedSize, const char *file, int line); -void *pvPortZalloc(size_t, const char *file, int line); -void vPortFree(void *ptr, const char *file, int line); -void *vPortMalloc(size_t xWantedSize, const char *file, int line); -void pvPortFree(void *ptr, const char *file, int line); +void *pvPortMalloc(size_t xWantedSize, const char *file, unsigned line); +void *pvPortZalloc(size_t, const char *file, unsigned line); +void vPortFree(void *ptr, const char *file, unsigned line); +void *vPortMalloc(size_t xWantedSize, const char *file, unsigned line); +void pvPortFree(void *ptr, const char *file, unsigned line); #endif //Standard PIN_FUNC_SELECT gives a warning. Replace by a non-warning one. From da28d38d1411ee9ca8fe6a7a2bc8004be9a5c4a5 Mon Sep 17 00:00:00 2001 From: Jeroen Domburg Date: Thu, 27 Jul 2017 21:46:27 +0800 Subject: [PATCH 6/9] Missed commit from valkuc pr --- core/httpd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/httpd.c b/core/httpd.c index 9a4ee65b..4d0b63c6 100644 --- a/core/httpd.c +++ b/core/httpd.c @@ -715,7 +715,7 @@ void ICACHE_FLASH_ATTR httpdRecvCb(ConnTypePtr rconn, char *remIp, int remPort, } } //ToDo: return http error code 431 (request header too long) if this happens - if (conn->priv->headPos!=HTTPD_MAX_HEAD_LEN) conn->priv->head[conn->priv->headPos++]=data[x]; + if (conn->priv->headPospriv->head[conn->priv->headPos++]=data[x]; conn->priv->head[conn->priv->headPos]=0; //Scan for /r/n/r/n. Receiving this indicate the headers end. if (data[x]=='\n' && (char *)strstr(conn->priv->head, "\r\n\r\n")!=NULL) { From b7bb4a625bf4a2c7e7eb699caa244ca7989fd079 Mon Sep 17 00:00:00 2001 From: Jeroen Domburg Date: Thu, 27 Jul 2017 22:13:47 +0800 Subject: [PATCH 7/9] Changes for sdk 2.0.0 and up --- include/esp8266.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/esp8266.h b/include/esp8266.h index 7b685e45..b30a1d47 100644 --- a/include/esp8266.h +++ b/include/esp8266.h @@ -7,6 +7,7 @@ #include #include #include +#include #ifdef FREERTOS #include @@ -25,7 +26,6 @@ #include #include #include -#include #include #endif From 7acd0c965ccada5f76363c0d337fdf187f323b2d Mon Sep 17 00:00:00 2001 From: valkuc Date: Tue, 29 Nov 2016 20:32:08 +0300 Subject: [PATCH 8/9] Added userData to allow user to store context variable. cgiData cannot be used for this purpose in templates, new userData can - it's dedicated for this. --- core/httpd.c | 1 + include/httpd.h | 1 + 2 files changed, 2 insertions(+) diff --git a/core/httpd.c b/core/httpd.c index 4d0b63c6..d878eaf1 100644 --- a/core/httpd.c +++ b/core/httpd.c @@ -536,6 +536,7 @@ static void ICACHE_FLASH_ATTR httpdProcessRequest(HttpdConnData *conn) { if (match) { httpd_printf("Is url index %d\n", i); conn->cgiData=NULL; + conn->userData=NULL; conn->cgi=builtInUrls[i].cgiCb; conn->cgiArg=builtInUrls[i].cgiArg; break; diff --git a/include/httpd.h b/include/httpd.h index 73745ac7..aea02103 100644 --- a/include/httpd.h +++ b/include/httpd.h @@ -50,6 +50,7 @@ struct HttpdConnData { int remote_port; // Remote TCP port uint8 remote_ip[4]; // IP address of client uint8 slot; // Slot ID + void *userData; // Variable for storing any user data }; //A struct describing the POST data sent inside the http connection. This is used by the CGI functions From 13f012e0f8676abf60c3e074dcba992a6108b81a Mon Sep 17 00:00:00 2001 From: valkuc Date: Wed, 11 Oct 2017 13:52:31 +0300 Subject: [PATCH 9/9] Fix security issue when url starts from multiple slashes. --- espfs/espfs.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/espfs/espfs.c b/espfs/espfs.c index e179cb95..919373ef 100644 --- a/espfs/espfs.c +++ b/espfs/espfs.c @@ -135,8 +135,9 @@ EspFsFile ICACHE_FLASH_ATTR *espFsOpen(char *fileName) { char namebuf[256]; EspFsHeader h; EspFsFile *r; - //Strip initial slashes - while(fileName[0]=='/') fileName++; + //Strip first initial slash + //We should not strip any next slashes otherwise there is potential security risk when mapped authentication handler will not invoke (ex. ///security.html) + if(fileName[0]=='/') fileName++; //Go find that file! while(1) { hpos=p;