github/esphome
2
0
Fork 0
mirror of https://github.com/esphome/esphome.git synced 2026-06-24 16:04:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

[api] Fix heap-buffer-overflow in protobuf message dump for StringRef (#14721)

Browse Source
This commit is contained in:
J. Nick Koston
2026-03-12 07:16:53 -10:00
committed by Jesse Hills
parent 23c7e0f803
commit 14c3e2d9d9
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
esphome/components/api/api_pb2_dump.cpp
View File

@@ -13,7 +13,7 @@ namespace esphome::api {
static inline void append_quoted_string(DumpBuffer &out, const StringRef &ref) {
out.append("'");
if (!ref.empty()) {
out.append(ref.c_str());
out.append(ref.c_str(), ref.size());
}
out.append("'");
}

4
script/api_protobuf/api_protobuf.py
View File

@@ -642,7 +642,7 @@ class StringType(TypeInfo):
# For SOURCE_BOTH, check if StringRef is set (sending) or use string (received)
return (
f"if (!this->{self.field_name}_ref_.empty()) {{"
f' out.append("\'").append(this->{self.field_name}_ref_.c_str()).append("\'");'
f' out.append("\'").append(this->{self.field_name}_ref_.c_str(), this->{self.field_name}_ref_.size()).append("\'");'
f"}} else {{"
f' out.append("\'").append(this->{self.field_name}).append("\'");'
f"}}"
@@ -2705,7 +2705,7 @@ namespace esphome::api {
static inline void append_quoted_string(DumpBuffer &out, const StringRef &ref) {
out.append("'");
if (!ref.empty()) {
out.append(ref.c_str());
out.append(ref.c_str(), ref.size());
}
out.append("'");
}