206 Commits

Author SHA1 Message Date
nilesh.kale
edb3f9daf1 fix(esp_http_client): check http_parser errno after execute to avoid DoS loop 2026-07-13 12:10:15 +05:30
Ashish Sharma
e838566c5f fix(esp_http_server): close UAF/double-free, buffer underflows, and OOB read 2026-07-03 17:19:05 +08:00
Aditya Patwardhan
9d3f510c7f fix(esp_http_server): reject Content-Length above UINT32_MAX
In httpd_parse.c, cb_headers_complete() converted the HTTP parser's
content_length (uint64_t) to the request's content_len (size_t) via an
unsafe cast through (int). On a 32-bit size_t target a Content-Length
above 4 GiB silently truncated, enabling request smuggling where the
server and an upstream proxy disagree on the body length (CWE-681).

Reject any Content-Length above UINT32_MAX with 413 Content Too Large
before any handler runs. UINT32_MAX is the largest body length the
server can represent in size_t content_len on every target, so this is
the maximum the server can support; no configuration knob is needed.

Closes SEC-102
Closes SEC-229
2026-07-02 10:46:36 +05:30
Benedek Brandschott
b33745d104 fix(esp_http_server): report truncation when header value length matches buffer size
httpd_req_get_hdr_value_str() detected truncation with `val_size < full_size`, where full_size is the strlcpy() return value. strlcpy() returns strlen() of the source (the terminating null is not counted), so truncation actually occurs when strlen(src) >= val_size. At strlen(src) == val_size the value is copied as val_size - 1 chars + NUL (i.e. truncated) yet ESP_OK was returned, so the caller never learned the value was cut.

Use `val_size <= full_size` and correct the misleading comment about strlcpy()'s return value.

Same truncation-reporting class fixed for httpd_cookie_key_value in PR #16202; httpd_req_get_hdr_value_str was missed. No memory-safety impact: strlcpy() null-terminates if val_size > 0.
2026-07-01 10:20:19 +08:00
Mahavir Jain
cb33ab16b3 Merge branch 'contrib/github_pr_18684' into 'master'
feat(httpd): avoid useless string copy by introducing httpd_req_get_url_query_str_ptr() (GitHub PR)

Closes IDFGH-17758

See merge request espressif/esp-idf!49682
2026-06-30 18:15:48 +05:30
Ashish Sharma
8190ca035e fix(ws): enforce RFC 6455 §4.2.1 handshake requirements 2026-06-22 14:05:34 +08:00
Ashish Sharma
a0fa99bab3 test(http_server): add mock TCP client for black-box WS testing 2026-06-22 14:05:34 +08:00
Ashish Sharma
594cc4a5ad test(httpd): cover URL query and header pointer accessors 2026-06-16 18:00:03 +08:00
Ashish Sharma
c5dba210fb feat(httpd): add httpd_req_get_hdr_value_str_ptr() to avoid value copy 2026-06-16 17:59:54 +08:00
Ashish Sharma
4fa92fb4bb refactor(httpd): extract shared header field-value lookup helper 2026-06-16 17:59:40 +08:00
Ashish Sharma
9f84a7c3e3 fix(httpd): validate buf_len in httpd_req_get_url_query_str_ptr() 2026-06-16 17:59:26 +08:00
Tomas Rohlinek
99d4c753e2 fix(network/http_server): fix clang-tidy warnings for missing close
Cherry-picked from 68b37333049383659d6ea73fa11a1d942994535a
2026-06-03 00:00:43 +02:00
0xFEEDC0DE64
3c64eea401 feat(httpd): avoid useless string copy by introducing httpd_req_get_url_query_str_ptr() 2026-06-02 16:54:23 +02:00
Guillaume Souchere
d670774f5c feat(esp_common): implement composable error code registration via link-time arrays
Refactor the esp_err_to_name() system to decouple esp_common from
higher-level components. Instead of a monolithic generated table,
each component registers its error codes into a dedicated linker
section (.esp_err_msg_table) via idf_define_esp_err_codes() in its
CMakeLists.txt.

New files:
- tools/err_codes_extract.py: extract ESP_ERR_* defines from headers to CSV
- tools/err_codes_to_c.py: generate C source placing entries into linker section
- tools/err_codes_to_rst.py: generate RST documentation from error codes
- tools/cmake/err_codes.cmake: CMake module providing idf_define_esp_err_codes()
- components/esp_common/include/esp_err_codes.h: esp_err_msg_t typedef
- components/esp_common/src/esp_err_to_name_new.c: new lookup using link-time array
- tools/test_apps/build_system/err_codes_check/: CI test app

Changes:
- Remove all optional component dependencies from esp_common/CMakeLists.txt
- Add .esp_err_msg_table section to all 5 linker scripts
- Register error codes in 18 components via idf_define_esp_err_codes()
- Add new scripts to .gitlab/ci/rules.yml build_check patterns
- use new scripts to generate doc and add CI validation
- Update esp_err.rst to add description of composable code registration
2026-05-28 09:53:32 +02:00
Ashish Sharma
3282de557e fix(esp_http_server): take ctrl_sock_semaphore on shutdown and async wake
httpd_stop() and httpd_req_async_handler_complete() both pushed
messages onto the control mbox via cs_send_to_ctrl_sock() without
reserving a slot in ctrl_sock_semaphore. Once the silent-drop fix
made the semaphore unconditional, the bypass became a real bug:
when the mbox is saturated by pending httpd_queue_work() items the
unguarded sendto() can return ENOBUFS, and even when it succeeds it
leaves the semaphore overstating free slots until the consumer
drains the message — a window during which a concurrent
httpd_queue_work() can take a slot but still find the mbox full.

Acquire the semaphore (portMAX_DELAY) before both sends and give it
back on send failure so the take/give invariant is preserved. The
httpd task is the consumer in both paths, so blocking is bounded
and deadlock-free. Reword the stale "no-op give on full" comment in
httpd_process_ctrl_msg() to reflect that only the recv-error path
relies on the cap behavior now.
2026-05-26 17:21:24 +08:00
Ashish Sharma
c911c781ae fix(esp_http_server): prevent silent message drop in httpd_queue_work
Closes https://github.com/espressif/esp-idf/issues/18563
2026-05-26 17:21:23 +08:00
Ashish Sharma
0fb8ad002a fix(esp_http_server): fixes websocket recv error handling
Closes https://github.com/espressif/esp-idf/issues/18483
2026-05-06 14:26:31 +08:00
Ashish Sharma
3c2f81c6a8 feat(esp_http_server): adds check for crlf in response creation 2026-04-08 10:59:56 +08:00
Ashish Sharma
7e2e09c15c feat(esp_http_server): Adds support to bind an interface to server
Closes https://github.com/espressif/esp-idf/issues/17859
2026-03-24 17:38:01 +08:00
Ashish Sharma
b64c70acda fix: fixes memory leak with subprotocols 2026-03-23 18:37:21 +08:00
Ashish Sharma
9fc0ca13b3 fix: fixes websocket server possible null dereference 2026-03-23 18:37:21 +08:00
Peter Backeris
5dbab1d395 fix(esp_http_server): Dispatch PONG frames to WebSocket handler
PONG frames (opcode 0xA) were never dispatched to the user's WebSocket
handler despite an existing comment stating they should be. The dispatch
condition `ra->ws_type < HTTPD_WS_TYPE_CLOSE` excluded PONG (0xA)
since CLOSE is 0x8.

This caused a critical secondary bug: when the server sends PING frames
and the client responds with PONG, httpd_ws_recv_frame() is never
called for the PONG, leaving the remaining frame bytes (second_byte
plus 4-byte mask_key) unconsumed in the TCP buffer. On the next
WebSocket read, these orphaned bytes are misinterpreted as a new frame
header, causing either "WS frame is not properly masked" errors or
EAGAIN timeouts with garbage length values, effectively destroying
the connection.

Add `ra->ws_type == HTTPD_WS_TYPE_PONG` to the dispatch condition so
PONG frames reach the user handler, which calls httpd_ws_recv_frame()
to properly consume the frame bytes from the socket.

Closes https://github.com/espressif/esp-idf/issues/18227
2026-03-13 17:42:10 +08:00
Ashish Sharma
56d2fd6757 fix(esp_http_server): remove http server unused psa migration 2026-03-02 14:48:41 +08:00
Ashish Sharma
7aa56f8d68 fix(esp_http_server): fix ws server subprotocol match 2026-03-02 14:47:27 +08:00
Ashish Sharma
5028b6230f feat(http_server): improve websocket server handling
1. Adds post handshake callback
2. Removes requirement to handle HTTP_GET message in websocket handler

Closes https://github.com/espressif/esp-idf/issues/18215
2026-02-27 09:59:05 +08:00
Mahavir Jain
2f68594185 Merge branch 'contrib/github_pr_15622' into 'master'
Add support for partial websocket frame payload reads (GitHub PR)

Closes IDFGH-14913

See merge request espressif/esp-idf!44044
2026-01-30 18:22:06 +05:30
Mahavir Jain
b2507c3a82 Merge branch 'fix/stop_receive_on_ws_socket_close' into 'master'
fix: stop reading ws data when peer closes the connection

Closes IDFGH-16735

See merge request espressif/esp-idf!45078
2026-01-22 11:29:06 +05:30
Ashish Sharma
1a0da0c8b5 fix: stop reading ws data when peer closes the connection
Closes https://github.com/espressif/esp-idf/issues/17822
2026-01-19 13:29:41 +08:00
Ashish Sharma
ba25e86b82 fix: fixes potential ws server deadlock with blocking work queue
Closes https://github.com/espressif/esp-idf/issues/17591
2026-01-14 11:17:33 +08:00
nilesh.kale
93fcdda9f4 feat: add demo to receive websocket frame in chunks
This commit added demo to receive websocket single frame in chunks
using newly added API httpd_ws_recv_frame_part() with optimized memory.

closes https://github.com/espressif/esp-idf/pull/15622
2026-01-07 15:25:19 +05:30
mrsobakin
67339c5f4a feat(websocket): Support partial frame payload reads 2026-01-07 15:12:41 +05:30
Mahavir Jain
354e9ed64a feat(esp_http_server): Make httpd_handle_err API as public
This makes sense because httpd_register_err_handler API is
already public. So the above API complements this API.

Closes https://github.com/espressif/esp-idf/issues/17755
2025-12-31 10:23:07 +05:30
Ashish Sharma
fdd5ef561d feat: migrates esp_http_client and esp_http_server to PSA APIs 2025-12-30 09:31:49 +05:30
C.S.M
e3eaee53e2 Merge branch 'ci/esp32s31_build_ena' into 'master'
ci(esp32s31): Add ci build test for esp32s31

See merge request espressif/esp-idf!44045
2025-12-12 14:59:42 +08:00
Mahavir Jain
92c76fc280 Merge branch 'contrib/github_pr_17799' into 'master'
feat(esp_http_server): Make HTTP(S)_SERVER_EVENT events optional (GitHub PR)

Closes IDFGH-16707

See merge request espressif/esp-idf!43637
2025-12-11 18:10:52 +05:30
C.S.M
f405e51784 ci(esp32s31): Add ci build test for esp32s31 2025-12-11 15:17:15 +08:00
hrushikesh.bhosale
bdf438f0aa fix(http_server): Removed the build failure due to unused variables
There were build failure due the unused variable last_error when
ESP_HTTPS_SERVER_EVENTS and HTTPD_ENABLE_EVENTS are disabled
2025-12-11 12:33:03 +05:30
Ashish Sharma
69ea28c886 feat: add Kconfig option for mbedTLS 4.x 2025-12-01 14:05:05 +08:00
Jimmy Wennlund
bd85dad2cf feat(esp_http_server): Make HTTP(S)_SERVER_EVENT events optional
Make it possible to disable http(s) server events. This improves
performance of the server, as http server creates events on every signle
read or write to the socket.
2025-11-22 21:30:58 +01:00
Ashish Sharma
acf89924c8 feat(esp_http): migrate esp_http to PSA API 2025-10-26 10:13:14 +08:00
hrushikesh.bhosale
cfc056018c fix(esp_http_server): Fix async requests on same socket blocking issue
1. In async requests, if the two or more requests are made on same
socket then it used to block the second request.
2. The main thread is used to block on select call. And there done
no FD_SET for particular fd.

Closes https://github.com/espressif/esp-idf/issues/16998
2025-09-16 15:02:05 +05:30
Joonline
9e7074dd35 fix(http_server): Corrected initialization value for lru_counter at http session creation
Closes https://github.com/espressif/esp-idf/pull/17470
2025-09-12 15:31:27 +08:00
Mahavir Jain
b789445a67 Merge branch 'contrib/github_pr_17501' into 'master'
fix(esp_http_server): fix memory leak in httpd_req_async_handler_begin (GitHub PR)

Closes IDFGH-16361

See merge request espressif/esp-idf!41748
2025-09-10 13:15:36 +05:30
Salvatore Mesoraca
fd33d02563 fix(esp_http_server): fix memory leak in httpd_req_async_handler_begin
Free scratch memory when response headers allocation fails
2025-08-29 02:11:13 +02:00
Alexey Lapshin
28ced4efad fix(config): actualize newlib Kconfig options 2025-08-28 12:25:09 +08:00
Marek Fiala
9d35d63651 feat(cmake): Update minimum cmake version to 3.22 (whole repository) 2025-08-19 14:44:32 +02:00
Marius Vikhammer
4065fb20f3 Merge branch 'feature/esp_test_utils_component' into 'master'
change(test_utils): moved test_utils out of unit-test-app project

See merge request espressif/esp-idf!40678
2025-08-01 11:04:37 +08:00
Aditya Patwardhan
a783974d00 Merge branch 'feat/support_authentication_feature_for_ws' into 'master'
Added pre handshake callback for websocket

Closes IDF-13605

See merge request espressif/esp-idf!40706
2025-07-31 15:04:07 +05:30
hrushikesh.bhosale
a40ceffb19 feat(esp_http_server): Added pre handshake callback for websocket
1. If the user wants authenticate the request, then user needs to do
this before upgrading the protocol to websocket.
2. To achieve this, added pre_handshake_callack, which will execute
before handshake, i.e. before switching protocol.
2025-07-31 11:06:18 +05:30
Ashish Sharma
6b02906822 fix(security): improve memory allocation handling in multiple components 2025-07-28 10:05:50 +08:00