From d5176ab8aad3cf9afaeb8e98afdbdc52a5ab81b4 Mon Sep 17 00:00:00 2001 From: mikee47 Date: Sun, 25 Aug 2024 20:31:27 +0100 Subject: [PATCH] Revise `bodyToStringParser` to use MemoryDataStream Better dynamic memory reallocation and avoids conversion to MemoryDataStream at end anyway Still has the weakness that the decode is unbounded so bad actors can kill system with large POST --- .../Network/src/Network/Http/HttpBodyParser.cpp | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/Sming/Components/Network/src/Network/Http/HttpBodyParser.cpp b/Sming/Components/Network/src/Network/Http/HttpBodyParser.cpp index e5cd17aa1d..27923700a4 100644 --- a/Sming/Components/Network/src/Network/Http/HttpBodyParser.cpp +++ b/Sming/Components/Network/src/Network/Http/HttpBodyParser.cpp @@ -16,6 +16,7 @@ #include "HttpBodyParser.h" #include +#include /* * Content is received in chunks which we need to reassemble into name=value pairs. @@ -103,11 +104,11 @@ size_t formUrlParser(HttpRequest& request, const char* at, int length) size_t bodyToStringParser(HttpRequest& request, const char* at, int length) { - auto data = static_cast(request.args); + auto data = static_cast(request.args); if(length == PARSE_DATASTART) { delete data; - data = new String(); + data = new MemoryDataStream(); request.args = data; return 0; } @@ -118,15 +119,10 @@ size_t bodyToStringParser(HttpRequest& request, const char* at, int length) } if(length == PARSE_DATAEND || length < 0) { - request.setBody(std::move(*data)); - delete data; + request.setBody(data); request.args = nullptr; return 0; } - if(!data->concat(at, length)) { - return 0; - } - - return length; + return data->write(at, length); }