Skip to content

Return 401 on incorrect OTA password instead of misleading success message #5222

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Copilot wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Return 401 on incorrect OTA password instead of misleading success message #5222

Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
ce9a8fb
Initial plan
Copilot Dec 23, 2025
e9a366e
Add OTA password validation feedback for security settings
Copilot Dec 23, 2025
92a43ff
Code review and security check completed
Copilot Dec 23, 2025
b7485e2
Address PR feedback: invert flag logic to otaPassCorrect, simplify er…
Copilot Dec 23, 2025
38b159d
Return 401 immediately on incorrect password instead of using global …
Copilot Dec 23, 2025
3e5646d
Only return 401 when OTA settings are actually being changed
Copilot Dec 27, 2025
5760385
Check password validation before any operations to prevent partial saves
Copilot Dec 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 30 additions & 13 deletions wled00/set.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -580,19 +580,7 @@ void handleSettingsSet(AsyncWebServerRequest *request, byte subPage)
doReboot = true; // may reboot immediately on dual-core system (race condition) which is desireable in this case
}

if (request->hasArg(F("PIN"))) {
const char *pin = request->arg(F("PIN")).c_str();
unsigned pinLen = strlen(pin);
if (pinLen == 4 || pinLen == 0) {
unsigned numZeros = 0;
for (unsigned i = 0; i < pinLen; i++) numZeros += (pin[i] == '0');
if (numZeros < pinLen || pinLen == 0) { // ignore 0000 input (placeholder)
strlcpy(settingsPIN, pin, 5);
}
settingsPIN[4] = 0;
}
}

// Check OTA password validation FIRST before processing any other changes
bool pwdCorrect = !otaLock; //always allow access if ota not locked
if (request->hasArg(F("OP")))
{
Expand All @@ -607,6 +595,35 @@ void handleSettingsSet(AsyncWebServerRequest *request, byte subPage)
}
}

// Check if any OTA-related settings are being changed
bool otaSettingsChanged = (request->hasArg(F("NO")) != otaLock) ||
(request->hasArg(F("OW")) != wifiLock) ||
#ifndef WLED_DISABLE_OTA
(request->hasArg(F("AO")) != aOtaEnabled) ||
#endif
(request->hasArg(F("SU")) != otaSameSubnet);

// If OTA is locked and password is incorrect AND user tried to change OTA settings, return error immediately
// This must be checked BEFORE any other operations to avoid partial saves
if (otaLock && !pwdCorrect && otaSettingsChanged) {
serveMessage(request, 401, F("Error"), F("Password incorrect"), 254);
return;
}

// Now process other settings changes
if (request->hasArg(F("PIN"))) {
const char *pin = request->arg(F("PIN")).c_str();
unsigned pinLen = strlen(pin);
if (pinLen == 4 || pinLen == 0) {
unsigned numZeros = 0;
for (unsigned i = 0; i < pinLen; i++) numZeros += (pin[i] == '0');
if (numZeros < pinLen || pinLen == 0) { // ignore 0000 input (placeholder)
strlcpy(settingsPIN, pin, 5);
}
settingsPIN[4] = 0;
}
}

if (pwdCorrect) //allow changes if correct pwd or no ota active
{
otaLock = request->hasArg(F("NO"));
Expand Down