From 4393037c23a46ab05387a210af79ad09a4d24476 Mon Sep 17 00:00:00 2001 From: Thorsten von Eicken Date: Sat, 1 Aug 2015 21:25:47 -0700 Subject: [PATCH] fix crash with empty flash upload request --- user/cgiflash.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user/cgiflash.c b/user/cgiflash.c index f09beb2..2c5dbd4 100644 --- a/user/cgiflash.c +++ b/user/cgiflash.c @@ -88,6 +88,8 @@ int ICACHE_FLASH_ATTR cgiUploadFirmware(HttpdConnData *connData) { // check overall size //os_printf("FW: %d (max %d)\n", connData->post->len, FIRMWARE_SIZE); if (connData->post->len > FIRMWARE_SIZE) err = "Firmware image too large"; + if (connData->post->buff == NULL || connData->requestType != HTTPD_METHOD_POST || + connData->post->len < 1024) err = "Invalid request"; // check that data starts with an appropriate header if (err == NULL && offset == 0) err = check_header(connData->post->buff);