add check for magic header of bin before update is started.

see: #1250

Author: Links2004

libraries/ESP8266httpUpdate/src/ESP8266httpUpdate.cpp

@@ -124,6 +124,12 @@ String ESP8266HTTPUpdate::getLastErrorString(void) {
             return String("Forbidden (403)");
         case HTTP_UE_SERVER_WRONG_HTTP_CODE:
             return String("Wrong HTTP code");
+        case HTTP_UE_SERVER_FAULTY_MD5:
+            return String("Faulty MD5");
+        case HTTP_UE_BIN_VERIFY_HEADER_FAILED:
+            return String("Verify bin header failed");
+        case HTTP_UE_BIN_FOR_WRONG_FLASH:
+            return String("bin for wrong flash size");
     }
 
     return String();
@@ -232,6 +238,33 @@ t_httpUpdate_return ESP8266HTTPUpdate::handleUpdate(HTTPClient * http, const cha
                         DEBUG_HTTP_UPDATE("[httpUpdate] runUpdate flash...\n");
                     }
 
+                    uint8_t buf[4];
+                    if(tcp->peekBytes(&buf[0], 4) != 4) {
+                        DEBUG_HTTP_UPDATE("[httpUpdate] peekBytes magic header failed\n");
+                        lastError = HTTP_UE_BIN_VERIFY_HEADER_FAILED;
+                        http->end();
+                        return HTTP_UPDATE_FAILED;
+                    }
+
+                    // check for valid first magic byte
+                    if(buf[0] != 0xE9) {
+                        DEBUG_HTTP_UPDATE("[httpUpdate] magic header not starts with 0xE9\n");
+                        lastError = HTTP_UE_BIN_VERIFY_HEADER_FAILED;
+                        http->end();
+                        return HTTP_UPDATE_FAILED;
+
+                    }
+
+                    uint32_t bin_flash_size = ESP.magicFlashChipSize((buf[3] & 0xf0) >> 4);
+
+                    // check if new bin fits to SPI flash
+                    if(bin_flash_size > ESP.getFlashChipRealSize()) {
+                        DEBUG_HTTP_UPDATE("[httpUpdate] magic header, new bin not fits SPI Flash\n");
+                        lastError = HTTP_UE_BIN_FOR_WRONG_FLASH;
+                        http->end();
+                        return HTTP_UPDATE_FAILED;
+                    }
+
                     if(runUpdate(*tcp, len, http->header("x-MD5"), command)) {
                         ret = HTTP_UPDATE_OK;
                         DEBUG_HTTP_UPDATE("[httpUpdate] Update ok\n");

libraries/ESP8266httpUpdate/src/ESP8266httpUpdate.h

@@ -39,12 +39,14 @@
 #endif
 
 /// note we use HTTP client errors too so we start at 100
-#define HTTP_UE_TOO_LESS_SPACE          (-100)
-#define HTTP_UE_SERVER_NOT_REPORT_SIZE  (-101)
-#define HTTP_UE_SERVER_FILE_NOT_FOUND   (-102)
-#define HTTP_UE_SERVER_FORBIDDEN        (-103)
-#define HTTP_UE_SERVER_WRONG_HTTP_CODE  (-104)
-#define HTTP_UE_SERVER_FAULTY_MD5       (-105)
+#define HTTP_UE_TOO_LESS_SPACE              (-100)
+#define HTTP_UE_SERVER_NOT_REPORT_SIZE      (-101)
+#define HTTP_UE_SERVER_FILE_NOT_FOUND       (-102)
+#define HTTP_UE_SERVER_FORBIDDEN            (-103)
+#define HTTP_UE_SERVER_WRONG_HTTP_CODE      (-104)
+#define HTTP_UE_SERVER_FAULTY_MD5           (-105)
+#define HTTP_UE_BIN_VERIFY_HEADER_FAILED    (-106)
+#define HTTP_UE_BIN_FOR_WRONG_FLASH         (-107)
 
 typedef enum {
     HTTP_UPDATE_FAILED,