Skip to content

Commit 39c3161

Browse files
dash0820dash0820
committed
Fixes for zero length packet bug, buffer overflow in parseInt(), added end() method (#757)
* ArduinoOTA would stop receiving any packets if the port received a zero-length UDP packet, commonly sent by network scanners like nmap. Fixed to flush() after every call to parsePacket(), even if read length is 0. Additionally, added length checking to fix a potential buffer overflow in parseInt(). Finally, added an end() method that stops the OTA listener and releases resources. * Only end MDNS in end() if mdns mode is enabled.
1 parent c8aab17 commit 39c3161

File tree

2 files changed

+21
-3
lines changed

2 files changed

+21
-3
lines changed

Diff for: libraries/ArduinoOTA/src/ArduinoOTA.cpp

+15-3
Original file line numberDiff line numberDiff line change
@@ -122,11 +122,11 @@ void ArduinoOTAClass::begin() {
122122
}
123123

124124
int ArduinoOTAClass::parseInt(){
125-
char data[16];
125+
char data[INT_BUFFER_SIZE];
126126
uint8_t index = 0;
127127
char value;
128128
while(_udp_ota.peek() == ' ') _udp_ota.read();
129-
while(true){
129+
while(index < INT_BUFFER_SIZE - 1){
130130
value = _udp_ota.peek();
131131
if(value < '0' || value > '9'){
132132
data[index++] = '\0';
@@ -347,15 +347,27 @@ void ArduinoOTAClass::_runUpdate() {
347347
}
348348
}
349349

350+
void ArduinoOTAClass::end() {
351+
_initialized = false;
352+
_udp_ota.stop();
353+
if(_mdnsEnabled){
354+
MDNS.end();
355+
}
356+
_state = OTA_IDLE;
357+
#ifdef OTA_DEBUG
358+
OTA_DEBUG.println("OTA server stopped.");
359+
#endif
360+
}
361+
350362
void ArduinoOTAClass::handle() {
351363
if (_state == OTA_RUNUPDATE) {
352364
_runUpdate();
353365
_state = OTA_IDLE;
354366
}
355367
if(_udp_ota.parsePacket()){
356368
_onRx();
357-
_udp_ota.flush();
358369
}
370+
_udp_ota.flush(); // always flush, even zero length packets must be flushed.
359371
}
360372

361373
int ArduinoOTAClass::getCommand() {

Diff for: libraries/ArduinoOTA/src/ArduinoOTA.h

+6
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,9 @@
55
#include <functional>
66
#include "Update.h"
77

8+
#define INT_BUFFER_SIZE 16
9+
10+
811
typedef enum {
912
OTA_IDLE,
1013
OTA_WAITAUTH,
@@ -63,6 +66,9 @@ class ArduinoOTAClass
6366
//Starts the ArduinoOTA service
6467
void begin();
6568

69+
//Ends the ArduinoOTA service
70+
void end();
71+
6672
//Call this in loop() to run the service
6773
void handle();
6874

0 commit comments

Comments
 (0)