Hi,
I am just looking at the changes in MQX 4.1.0, and I happened to notice a minor bug in the HTTP server.
I don't think this will break anything, but it looks like the behavior is not as intended.
This is from httpsrv_task.c, line 824:
static void httpsrv_ses_free(HTTPSRV_SESSION_STRUCT *session)
{
if (session)
{
if (session->request.path)
{
_mem_free(session->request.path);
}
if(session->request.auth.user_id)
{
_mem_free(session->request.auth.user_id);
}
if(session->buffer.data)
{
_mem_free(session->buffer.data);
}
_mem_zero(session, sizeof(session));
_mem_free(session);
}
}
It looks like the intention is to zero out the HTTPSRV_SESSION_STRUCT before freeing it, but using sizeof(session) is only going to zero the size of a pointer.
Since you are going to the trouble of zeroing the session structure immediately before freeing it the session struct must contain information that you consider sensitive, so this is probably a security problem.
Chris
HI Chris:
Thank you for reporting this, it is always helpfully to receive customer's feedback.
Daniel