alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2025-12-25 21:03:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
esp-idf/components/esp_http_client/lib
History
Mahavir Jain 66995965e7 fix(esp_http_client): prevent out-of-bounds read in Digest auth 
Fixed vulnerability where malicious HTTP servers could trigger OOB reads
by sending empty or very short algorithm fields in WWW-Authenticate headers.

Changes:
- Replace unsafe memcmp() with strcasecmp() for algorithm comparison
- Add algorithm NULL validation at function entry point
- Fix duplicate md5-sess check, add missing SHA-256 check
2025-11-21 16:36:02 +05:30
..
include
feat(esp_http): migrate esp_http to PSA API
2025-10-26 10:13:14 +08:00
http_auth.c
fix(esp_http_client): prevent out-of-bounds read in Digest auth
2025-11-21 16:36:02 +05:30
http_crypto_mbedtls.c
feat(esp_http): migrate esp_http to PSA API
2025-10-26 10:13:14 +08:00
http_crypto_psa.c
feat(esp_http): migrate esp_http to PSA API
2025-10-26 10:13:14 +08:00
http_header.c
fix(esp_http_client): address coverity generated warnings
2025-08-22 19:13:24 +05:30
http_utils.c
fix(esp_http_client): fix possible double memory free
2025-08-05 09:48:22 +08:00