|
Post by gb0101010101 on Apr 2, 2019 11:16:41 GMT -8
The rtcDateTime class has no checking that the entered date is valid using string date or int date time values. The aRest setDateTime function just check if date and time strings are provided which could be anything. Combine the two and you get buffer overflow when bad values are used and if buffer does not overflow then you get ridiculous date/time being set. Same goes for Captive portal.
I have added RtcDateTime.isValid() to test validity and updated aREST setDateTime & Captive Portal to use it. See:
|
|
|
Post by SDL on Apr 2, 2019 12:11:49 GMT -8
Now this is a really good fix and catch. We tell our software people that they should always check for valid data from the user, but we missed this one.
BP
|
|