From 1272a519dc10c8dfe5096c782b55b7c3b0ce3aac Mon Sep 17 00:00:00 2001
From: Junxiao Shi <git@mail1.yoursunny.com>
Date: Wed, 3 Jan 2018 19:11:11 -0700
Subject: [PATCH 1/2] ArduinoOTA: handle end of packet in readStringUntil

fixes #3912
---
 libraries/ArduinoOTA/ArduinoOTA.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libraries/ArduinoOTA/ArduinoOTA.cpp b/libraries/ArduinoOTA/ArduinoOTA.cpp
index aaf4c5ff53..09c727d4fa 100644
--- a/libraries/ArduinoOTA/ArduinoOTA.cpp
+++ b/libraries/ArduinoOTA/ArduinoOTA.cpp
@@ -159,13 +159,13 @@ int ArduinoOTAClass::parseInt(){
 
 String ArduinoOTAClass::readStringUntil(char end){
   String res = "";
-  char value;
+  int value;
   while(true){
     value = _udp_ota->read();
-    if(value == '\0' || value == end){
+    if(value < 0 || value == '\0' || value == end){
       return res;
     }
-    res += value;
+    res += static_cast<char>(value);
   }
   return res;
 }

From a30ae8c7fd5bb2b2f82e7ed576ca2632a1fe91af Mon Sep 17 00:00:00 2001
From: Junxiao Shi <git@mail1.yoursunny.com>
Date: Wed, 3 Jan 2018 19:22:51 -0700
Subject: [PATCH 2/2] ArduinoOTA: fix buffer overflow in parseInt

fixes #3912
---
 libraries/ArduinoOTA/ArduinoOTA.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libraries/ArduinoOTA/ArduinoOTA.cpp b/libraries/ArduinoOTA/ArduinoOTA.cpp
index 09c727d4fa..3c6acd943d 100644
--- a/libraries/ArduinoOTA/ArduinoOTA.cpp
+++ b/libraries/ArduinoOTA/ArduinoOTA.cpp
@@ -143,10 +143,10 @@ void ArduinoOTAClass::begin() {
 
 int ArduinoOTAClass::parseInt(){
   char data[16];
-  uint8_t index = 0;
+  uint8_t index;
   char value;
   while(_udp_ota->peek() == ' ') _udp_ota->read();
-  while(true){
+  for(index = 0; index < sizeof(data); ++index){
     value = _udp_ota->peek();
     if(value < '0' || value > '9'){
       data[index++] = '\0';