nmattisson/HttpClient

HttpClient buffer too small

Opened this issue · 1 comments

In HttpClient.h, the value of buffer is only 1024. This is pretty small and means that URL's longer than a few hundred characters are truncated. I'd love to see this number increased to say, 8192. Or expose it so the user can select a value that meets their needs.

Additionally to that I do see a potential buffer overflow issue with this code

        while (client.available()) {
            ...
            if (bufferPosition < sizeof(buffer)-1) {
                buffer[bufferPosition] = c;
            } else if ((bufferPosition == sizeof(buffer)-1)) {
                buffer[bufferPosition] = '\0'; // Null-terminate buffer
                client.stop();
                error = true;

                #ifdef LOGGING
                Serial.println("HttpClient>\tError: Response body larger than buffer.");
                #endif
            }
            bufferPosition++;
        }
        buffer[bufferPosition] = '\0'; // Null-terminate buffer

In case of a response greater or equal to sizeof(buffer) the final bufferPosition++ will increment to sizeof(buffer) and the following buffer[bufferPosition] = '\0' will actually end up in the byte following the actual buffer.

There actually should be a break inside the else if() branch to avoid the additional increment (and the zero-termination inside that branch can be omitted due to the same instruction following the loop.