espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-10-02 10:00:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'fix/http_client_coverity_warnings' into 'master'

Browse Source 
fix(esp_http_client): address coverity generated warnings

Closes IDF-13867, IDF-13881, and IDF-13886

See merge request espressif/esp-idf!41411
This commit is contained in:
Aditya Patwardhan
2025-08-25 17:02:07 +05:30
parent 4dd2694760 ed201f4f77
commit 646377c622
4 changed files with 61 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

98
components/esp_http_client/esp_http_client.c
View File

@@ -1942,59 +1942,59 @@ esp_err_t esp_http_client_add_auth(esp_http_client_handle_t client)
}
char *auth_header = client->auth_header;
if (auth_header) {
http_utils_trim_whitespace(&auth_header);
ESP_LOGD(TAG, "UNAUTHORIZED: %s", auth_header);
client->redirect_counter++;
#ifdef CONFIG_ESP_HTTP_CLIENT_ENABLE_DIGEST_AUTH
if (http_utils_str_starts_with(auth_header, "Digest") == 0) {
ESP_LOGD(TAG, "type = Digest");
client->connection_info.auth_type = HTTP_AUTH_TYPE_DIGEST;
} else {
#endif
#ifdef CONFIG_ESP_HTTP_CLIENT_ENABLE_BASIC_AUTH
if (http_utils_str_starts_with(auth_header, "Basic") == 0) {
ESP_LOGD(TAG, "type = Basic");
client->connection_info.auth_type = HTTP_AUTH_TYPE_BASIC;
} else {
#endif
client->connection_info.auth_type = HTTP_AUTH_TYPE_NONE;
ESP_LOGE(TAG, "This authentication method is not supported: %s", auth_header);
return ESP_ERR_NOT_SUPPORTED;
#ifdef CONFIG_ESP_HTTP_CLIENT_ENABLE_BASIC_AUTH
}
#endif
#ifdef CONFIG_ESP_HTTP_CLIENT_ENABLE_DIGEST_AUTH
}
#endif
_clear_auth_data(client);
client->auth_data->method = strdup(HTTP_METHOD_MAPPING[client->connection_info.method]);
client->auth_data->nc = 1;
HTTP_RET_ON_ERR_DBG(http_utils_get_string_between(auth_header, "realm=\"", "\"", &client->auth_data->realm), TAG, "Unable to extract substring between specified strings");
HTTP_RET_ON_ERR_DBG(http_utils_get_string_between(auth_header, "algorithm=", ",", &client->auth_data->algorithm), TAG, "Unable to extract substring between specified strings");
if (client->auth_data->algorithm == NULL) {
HTTP_RET_ON_ERR_DBG(http_utils_get_string_after(auth_header, "algorithm=", &client->auth_data->algorithm), TAG, "Unable to extract substring after specified string");
}
if (client->auth_data->algorithm == NULL) {
client->auth_data->algorithm = strdup("MD5");
}
HTTP_RET_ON_ERR_DBG(http_utils_get_string_between(auth_header, "qop=\"", "\"", &client->auth_data->qop), TAG, "Unable to extract substring between specified strings");
HTTP_RET_ON_ERR_DBG(http_utils_get_string_between(auth_header, "nonce=\"", "\"", &client->auth_data->nonce), TAG, "Unable to extract substring between specified strings");
HTTP_RET_ON_ERR_DBG(http_utils_get_string_between(auth_header, "opaque=\"", "\"", &client->auth_data->opaque), TAG, "Unable to extract substring between specified strings");
client->process_again = 1;
return ESP_OK;
} else {
if (!auth_header) {
client->connection_info.auth_type = HTTP_AUTH_TYPE_NONE;
ESP_LOGW(TAG, "This request requires authentication, but does not provide header information for that");
return ESP_ERR_NOT_SUPPORTED;
}
http_utils_trim_whitespace(&auth_header);
ESP_LOGD(TAG, "UNAUTHORIZED: %s", auth_header);
client->redirect_counter++;
// Check for supported authentication types
#if CONFIG_ESP_HTTP_CLIENT_ENABLE_DIGEST_AUTH
if (http_utils_str_starts_with(auth_header, "Digest") == 0) {
ESP_LOGD(TAG, "type = Digest");
client->connection_info.auth_type = HTTP_AUTH_TYPE_DIGEST;
} else
#endif
#if CONFIG_ESP_HTTP_CLIENT_ENABLE_BASIC_AUTH
if (http_utils_str_starts_with(auth_header, "Basic") == 0) {
ESP_LOGD(TAG, "type = Basic");
client->connection_info.auth_type = HTTP_AUTH_TYPE_BASIC;
} else
#endif
{
client->connection_info.auth_type = HTTP_AUTH_TYPE_NONE;
ESP_LOGE(TAG, "This authentication method is not supported: %s", auth_header);
return ESP_ERR_NOT_SUPPORTED;
}
#if CONFIG_ESP_HTTP_CLIENT_ENABLE_DIGEST_AUTH || CONFIG_ESP_HTTP_CLIENT_ENABLE_BASIC_AUTH
_clear_auth_data(client);
client->auth_data->method = strdup(HTTP_METHOD_MAPPING[client->connection_info.method]);
client->auth_data->nc = 1;
HTTP_RET_ON_ERR_DBG(http_utils_get_string_between(auth_header, "realm=\"", "\"", &client->auth_data->realm), TAG, "Unable to extract substring between specified strings");
HTTP_RET_ON_ERR_DBG(http_utils_get_string_between(auth_header, "algorithm=", ",", &client->auth_data->algorithm), TAG, "Unable to extract substring between specified strings");
if (client->auth_data->algorithm == NULL) {
HTTP_RET_ON_ERR_DBG(http_utils_get_string_after(auth_header, "algorithm=", &client->auth_data->algorithm), TAG, "Unable to extract substring after specified string");
}
if (client->auth_data->algorithm == NULL) {
client->auth_data->algorithm = strdup("MD5");
}
HTTP_RET_ON_ERR_DBG(http_utils_get_string_between(auth_header, "qop=\"", "\"", &client->auth_data->qop), TAG, "Unable to extract substring between specified strings");
HTTP_RET_ON_ERR_DBG(http_utils_get_string_between(auth_header, "nonce=\"", "\"", &client->auth_data->nonce), TAG, "Unable to extract substring between specified strings");
HTTP_RET_ON_ERR_DBG(http_utils_get_string_between(auth_header, "opaque=\"", "\"", &client->auth_data->opaque), TAG, "Unable to extract substring between specified strings");
client->process_again = 1;
return ESP_OK;
#endif // CONFIG_ESP_HTTP_CLIENT_ENABLE_DIGEST_AUTH || CONFIG_ESP_HTTP_CLIENT_ENABLE_BASIC_AUTH
}
int esp_http_client_read_response(esp_http_client_handle_t client, char *buffer, int len)

4
components/esp_http_client/lib/http_auth.c
View File

@@ -41,7 +41,7 @@ static int md5_printf(char *md, const char *fmt, ...)
unsigned char digest[MD5_MAX_LEN];
int len, i;
md5_context_t md5_ctx;
va_list ap;
va_list ap = {0};
va_start(ap, fmt);
len = vasprintf((char **)&buf, fmt, ap);
if (buf == NULL) {
@@ -76,7 +76,7 @@ static int sha256_sprintf(char *sha, const char *fmt, ...)
unsigned char *buf;
unsigned char digest[SHA256_LEN];
int len, i;
va_list ap;
va_list ap = {0};
va_start(ap, fmt);
len = vasprintf((char **)&buf, fmt, ap);
if (buf == NULL) {

12
components/esp_http_client/lib/http_header.c
View File

@@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@@ -88,8 +88,12 @@ static esp_err_t http_header_new_item(http_header_handle_t header, const char *k
STAILQ_INSERT_TAIL(header, item, next);
return ret;
_header_new_item_exit:
free(item->key);
free(item->value);
if (item->key) {
free(item->key);
}
if (item->value) {
free(item->value);
}
free(item);
return ret;
}
@@ -150,7 +154,7 @@ esp_err_t http_header_delete(http_header_handle_t header, const char *key)
int http_header_set_format(http_header_handle_t header, const char *key, const char *format, ...)
{
va_list argptr;
va_list argptr = {0};
int len = 0;
char *buf = NULL;
va_start(argptr, format);

4
components/esp_tee/src/esp_tee.c
View File

@@ -40,7 +40,7 @@ uint32_t IRAM_ATTR esp_tee_service_call(int argc, ...)
init_mutex();
uint32_t val = UINT32_MAX;
va_list ap;
va_list ap = {0};
va_start(ap, argc);
if (xTaskGetSchedulerState() == taskSCHEDULER_RUNNING) {
@@ -59,7 +59,7 @@ uint32_t IRAM_ATTR esp_tee_service_call(int argc, ...)
uint32_t IRAM_ATTR esp_tee_service_call_with_noniram_intr_disabled(int argc, ...)
{
uint32_t val = UINT32_MAX;
va_list ap;
va_list ap = {0};
va_start(ap, argc);
/* NOTE: Disabling the scheduler and non-IRAM residing interrupts */