body for error message is created incorrectly in connectionDidFinishLoading

[jdberry]

The body passed into the error message in the code > 400 case of connectionDidFinishLoading is calculated incorrectly: it uses stringWithUTF8String, which assumes a null-terminated string. Unfortunately, the NSData receivedData is not null-terminated, and so this can fail, in obvious or and/or dangerous ways. Instead of using stringWithUTF8String, you should used the NSString initWithData initializer, as below...

    NSString *body = [receivedData length] ? [[NSString alloc] initWithData:receivedData encoding:NSUTF8StringEncoding] : @"";

There are a couple of other similar improper uses of stringWithUTF8String in the code, but they seem to be behind debug checks.