Fields in Config tab must be length limited to prevent spilling the information into values of other members of the struct or other variables. For example, entering Controller User value longer then 24 characters will result in it being overwritten by the password entry following it. My concrete problem arose due to username longer then 24 characters, fixed by increasing length https://github.com/ESP8266nu/ESPEasy/bl ... y.ino#L278
One way of fixing this could be with snprintf http://www.esp8266.com/viewtopic.php?f=8&t=4345#p24894
On user interface side this could be fixed with HTML attribute maxlength="10" for example here https://github.com/ESP8266nu/ESPEasy/bl ... r.ino#L429
It would be advised to check if this presents a vulnerability when entering Device password in a prompt that is shown upon visiting the device ip..
Bug: Buffer overflow in Config
Moderators: grovkillen, Stuntteam, TD-er
Who is online
Users browsing this forum: Google [Bot] and 136 guests