From 052a077a35422f1690365707f19733946573de4d Mon Sep 17 00:00:00 2001 From: Erik Olof Gunnar Andersson Date: Thu, 10 Oct 2024 20:15:55 +0200 Subject: [PATCH] Protect against a empty or tiny / invalid file --- main/http_server/http_server.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/main/http_server/http_server.c b/main/http_server/http_server.c index 2c5afb9a..12b72485 100644 --- a/main/http_server/http_server.c +++ b/main/http_server/http_server.c @@ -499,6 +499,12 @@ esp_err_t POST_WWW_update(httpd_req_t * req) return ESP_OK; } + // Don't attempt to write anything way too small to the partition + if (remaining < 32768) { + httpd_resp_send_err(req, HTTPD_400_BAD_REQUEST, "File provided is too small, likely corrupt or invalid"); + return ESP_OK; + } + // Erase the entire www partition before writing ESP_ERROR_CHECK(esp_partition_erase_range(www_partition, 0, www_partition->size));