[web]fix change password

modules/HTTP_Server/http_server.c

@@ -1468,17 +1468,17 @@ int HTTP_ChangeUserPwd(char *bufIn, char *bufOut, uint16_t lenBufIn, uint16_t *l
     char value[20];
     char login[20];
     char password[20];
-    char tmp_password[33];
+    char tmp[75];
     uint8_t valueLen, valueLen2, user_id;
     char WebLogin[MAX_WEB_LOGIN_LEN];
 
     (void)lenBufIn;
 
-    memset(login, 0, 20);
-    memset(password, 0, 20);
-    memset(tmp_password, 0, 33);
-    memset(tempStr, 0, 50);
-    memset(value, 0, 20);
+    memset(login, 0, sizeof(login));
+    memset(password, 0, sizeof(password));
+    memset(tempStr, 0, sizeof(tempStr));
+    memset(value, 0, sizeof(value));
+    memset(tmp, 0, sizeof(tmp));
 
     ClearParamString(bufIn);
 
@@ -1487,8 +1487,9 @@ int HTTP_ChangeUserPwd(char *bufIn, char *bufOut, uint16_t lenBufIn, uint16_t *l
     strcpy(bufOut, HTTP_200_OK);
 
     if (GetParamValue(tempStr, "username=", login, &valueLen) &&
-        GetParamValue(tempStr, "oldpass=", password, &valueLen))
+        GetParamValue(tempStr, "oldpass=", tmp, &valueLen))
     {
+    	  url_decode(password, sizeof(password), tmp);
           for (user_id = 0; user_id < MAX_WEB_USERS; user_id++)
           {
         	  memset(value, 0, 20);
@@ -1499,10 +1500,11 @@ int HTTP_ChangeUserPwd(char *bufIn, char *bufOut, uint16_t lenBufIn, uint16_t *l
 			 if ((strncmp(WebLogin, login, MAX_WEB_LOGIN_LEN) == 0) &&
 				 (memcmp(password, value, 11) == 0))
 			 {
+				 memset(tmp, 0, sizeof(tmp));
 				 memset(password, 0, 20);
-				 if (GetParamValue(tempStr, "newpass=", tmp_password, &valueLen))
+				 if (GetParamValue(tempStr, "newpass=", tmp, &valueLen))
 				 {
-					 url_decode(password, sizeof(password), tmp_password);
+					 url_decode(password, sizeof(password), tmp);
 					 valueLen = strlen(password);
 					 memcpy(sSettings.sAuth[user_id].password, password, 11);
 

modules/HTTP_Server/my_ssl_server.c

@@ -1464,15 +1464,17 @@ int HTTP_ChangeUserPwd(char *bufIn, char *bufOut, uint16_t lenBufIn, uint16_t *l
     char value[20];
     char login[20];
     char password[20];
+    char tmp[75];
     uint8_t valueLen, valueLen2, user_id;
     char WebLogin[MAX_WEB_LOGIN_LEN];
 
     (void)lenBufIn;
 
-    memset(login, 0, 20);
-    memset(password, 0, 20);
-    memset(tempStr, 0, 50);
-    memset(value, 0, 20);
+    memset(login, 0, sizeof(login));
+    memset(password, 0, sizeof(password));
+    memset(tempStr, 0, sizeof(tempStr));
+    memset(value, 0, sizeof(value));
+    memset(tmp, 0, sizeof(tmp));
 
     ClearParamString(bufIn);
 
@@ -1481,8 +1483,9 @@ int HTTP_ChangeUserPwd(char *bufIn, char *bufOut, uint16_t lenBufIn, uint16_t *l
     strcpy(bufOut, HTTP_200_OK);
 
     if (GetParamValue(tempStr, "username=", login, &valueLen) &&
-        GetParamValue(tempStr, "oldpass=", password, &valueLen))
+        GetParamValue(tempStr, "oldpass=", tmp, &valueLen))
     {
+    	  url_decode(password, sizeof(password), tmp);
           for (user_id = 0; user_id < MAX_WEB_USERS; user_id++)
           {
         	  memset(value, 0, 20);
@@ -1493,10 +1496,12 @@ int HTTP_ChangeUserPwd(char *bufIn, char *bufOut, uint16_t lenBufIn, uint16_t *l
 			 if ((strncmp(WebLogin, login, MAX_WEB_LOGIN_LEN) == 0) &&
 				 (memcmp(password, value, 11) == 0))
 			 {
+				 memset(tmp, 0, sizeof(tmp));
 				 memset(password, 0, 20);
-				 if (GetParamValue(tempStr, "newpass=", password, &valueLen))
+				 if (GetParamValue(tempStr, "newpass=", tmp, &valueLen))
 				 {
-
+					 url_decode(password, sizeof(password), tmp);
+					 valueLen = strlen(password);
 					 memcpy(sSettings.sAuth[user_id].password, password, 11);
 
 					 HTTP_SaveSettings();