Files
esp-idf/components/esp_http_server
Benedek Brandschott b33745d104 fix(esp_http_server): report truncation when header value length matches buffer size
httpd_req_get_hdr_value_str() detected truncation with `val_size < full_size`, where full_size is the strlcpy() return value. strlcpy() returns strlen() of the source (the terminating null is not counted), so truncation actually occurs when strlen(src) >= val_size. At strlen(src) == val_size the value is copied as val_size - 1 chars + NUL (i.e. truncated) yet ESP_OK was returned, so the caller never learned the value was cut.

Use `val_size <= full_size` and correct the misleading comment about strlcpy()'s return value.

Same truncation-reporting class fixed for httpd_cookie_key_value in PR #16202; httpd_req_get_hdr_value_str was missed. No memory-safety impact: strlcpy() null-terminates if val_size > 0.
2026-07-01 10:20:19 +08:00
..