[Patch] setDateTime and Captive portal can set invalid date

new

« Prev
1
Next »

gb0101010101
Junior Member

Posts: 74

[Patch] setDateTime and Captive portal can set invalid date Apr 2, 2019 11:16:41 GMT -8 SDL likes this

Quote

Post by gb0101010101 on Apr 2, 2019 11:16:41 GMT -8

The rtcDateTime class has no checking that the entered date is valid using string date or int date time values. The aRest setDateTime function just check if date and time strings are provided which could be anything. Combine the two and you get buffer overflow when bad values are used and if buffer does not overflow then you get ridiculous date/time being set. Same goes for Captive portal.

I have added RtcDateTime.isValid() to test validity and updated aREST setDateTime & Captive Portal to use it. See:

github.com/gb0101010101/SDL_ESP8266_WeatherPlus/commit/fb02d3907f50735e7a0d981877f11607362a59cc

github.com/gb0101010101/SDL_ESP8266_WeatherPlus/commit/418b086831a3073eeabe0b4d4ab1813a7baf175a

SDL Global Moderator Posts: 5,655 Raspberry Pi: Yes Other Device: PC, arduino, beagleBone	[Patch] setDateTime and Captive portal can set invalid date Apr 2, 2019 12:11:49 GMT -8 Quote Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by SDL on Apr 2, 2019 12:11:49 GMT -8 Now this is a really good fix and catch. We tell our software people that they should always check for valid data from the user, but we missed this one. BP

SwitchDoc Labs Product Support

[Patch] setDateTime and Captive portal can set invalid date

Post by gb0101010101 on Apr 2, 2019 11:16:41 GMT -8

Post by SDL on Apr 2, 2019 12:11:49 GMT -8

Quick Reply