0 Replies Latest reply on Oct 29, 2015 5:34 PM by userc_2727

    unsafe strstr usage in ota_server daemon

      Hi,

      The buffer returned by wiced_packet_get_data is not NULL terminated.

      So it should not use strstr for the request_string, it should use strnstr

      instead.

       

      A similar fix is already made for http server in new SDK,

      Just want to point out the ota_server daemon needs fix as well.

       

      BTW, in ota_server.c

      I don't understand the purpose of below code snip, can someone explain it?

      temp = request_string[ server->request.header_size ];

      request_string[ server->request.header_size ] ='\0';

      request_string[ server->request.header_size ] = temp;