From 9a670be95b20868d6ca257009e1d3df1a4f24881 Mon Sep 17 00:00:00 2001
From: Theo Arends <11044339+arendst@users.noreply.github.com>
Date: Mon, 25 Feb 2019 21:23:18 +0100
Subject: [PATCH] Fix buffer overflow

Fix buffer overflow (#5310)
---
 sonoff/xdrv_04_light.ino | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/sonoff/xdrv_04_light.ino b/sonoff/xdrv_04_light.ino
index f5b1a88bc..0594a5a09 100644
--- a/sonoff/xdrv_04_light.ino
+++ b/sonoff/xdrv_04_light.ino
@@ -1252,7 +1252,11 @@ bool LightColorEntry(char *buffer, uint8_t buffer_length)
     entry_type = 2;                                 // Decimal
   }
   else if (((2 * light_subtype) == buffer_length) || (buffer_length > 3)) {  // Hexadecimal entry
-    for (uint8_t i = 0; i < buffer_length / 2; i++) {
+    uint8_t limit = buffer_length / 2;
+    if (limit > sizeof(light_entry_color)) {        // Fix buffer overflow due to too many parameters
+      limit = sizeof(light_entry_color);
+    }
+    for (uint8_t i = 0; i < limit; i++) {
       strlcpy(scolor, buffer + (i *2), 3);
       light_entry_color[i] = (uint8_t)strtol(scolor, &p, 16);
     }