You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When calling the JSON handler with a scalar (number) the parsing fails and the handler returns a "HTTP/1.1 400 Bad Request" response instead of parsing the JSON correctly.
The curl command: curl -v -X POST -H 'Content-Type: application/json' -d '5' http://192.168.4.1/json2
Cause AsyncCallbackJsonWebHandler class in AsyncJson.cpp will deserialize the body by using deserializeJson function of ArduinoJson. That function expects a null terminated string or the length of the data in the buffer as a third parameter. Instead, the caller passes a non null terminated buffer without a length parameter.
Reference
Proposed fix has been described here: me-no-dev#807
P.S. I will attempt a PR for the fix.
Discussion here: #182
With the fix described above, the issue is resolved.
Worth to note that there could be other unexpected behavior to this issue, including security issues, depending on the content that follows the buffer. This is however a re-producible case.
Stack Trace
curl result:
curl -v -X POST -H "Content-Type: application/json" -d "5" http://192.168.4.1/json2
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying xxx
* Connected to xxx port 80
> POST /json2 HTTP/1.1
> Host: xxxx
> User-Agent: curl/8.9.1
> Accept: */*
> Content-Type: application/json
> Content-Length: 1
>
* upload completely sent off: 1 bytes
< HTTP/1.1 400 Bad Request
< connection: close
< accept-ranges: none
< content-length: 0
<
* shutting down connection #
Nothing appears in ESP32 serial output because the handler blocks the response from getting to the main code.
With the fix described in original issue 807 applied:
curl result:
C:\Users\arik>curl -v -X POST -H "Content-Type: application/json" -d "5" http://192.168.4.1/json2
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying xxxxx
* Connected to xxxx port 80
> POST /json2 HTTP/1.1
> Host: xxxx
> User-Agent: curl/8.9.1
> Accept: */*
> Content-Type: application/json
> Content-Length: 1
>
* upload completely sent off: 1 bytes
< HTTP/1.1 200 OK
< connection: close
< accept-ranges: none
< content-length: 3
< content-type: text/plain
<
int* shutting down connection #0
ESP32 serial
12:01:59.418 > . Json:
12:04:39.267 > 5
12:04:39.267 > Got an int
Platform
ESP32
IDE / Tooling
PlatformIO
What happened?
When calling the JSON handler with a scalar (number) the parsing fails and the handler returns a "HTTP/1.1 400 Bad Request" response instead of parsing the JSON correctly.
The curl command:
curl -v -X POST -H 'Content-Type: application/json' -d '5' http://192.168.4.1/json2
Cause
AsyncCallbackJsonWebHandler
class in AsyncJson.cpp will deserialize the body by usingdeserializeJson
function of ArduinoJson. That function expects a null terminated string or the length of the data in the buffer as a third parameter. Instead, the caller passes a non null terminated buffer without a length parameter.Reference
Proposed fix has been described here: me-no-dev#807
P.S. I will attempt a PR for the fix.
Discussion here: #182
With the fix described above, the issue is resolved.
Worth to note that there could be other unexpected behavior to this issue, including security issues, depending on the content that follows the buffer. This is however a re-producible case.
Stack Trace
curl result:
Nothing appears in ESP32 serial output because the handler blocks the response from getting to the main code.
With the fix described in original issue 807 applied:
curl result:
ESP32 serial
Minimal Reproductible Example (MRE)
I confirm that:
The text was updated successfully, but these errors were encountered: