WaspBG96, insufficient buffer in gprsConnection(...) #46
Description
Currently the WaspBG96::gprsConnection function has a buffer for the commands sent to the BG96 module of 40 bytes:
uint8_t WaspBG96::gprsConnection(char* apn, char* gprsband, char* network, uint8_t operator_type)
{
uint8_t answer;
uint8_t status;
char command_buffer[40];
But the AT command:
// AT+QICSGP=<contextID>[,<context_t ype>,<APN>[,<username>,<passwor d>)[,<authentication>]]]
// "AT+QICSGP=1,1,\"%s\",\"%s\",\"%s\",1\r"
answer = sendCommand(command_buffer, sBG96_OK, sBG96_ERROR_CODE, sBG96_ERROR, 15000);
Can easily overflow the 40 byte size if the APN, username or password parameters are non trivial (10 character length each, for example).
Leads to overwriting stack memory and possible unexpected errors (in my case, overwriting the operator_type variable memory position). The main problem is it's silent nature, without errors.
Possible fix could be increasing this buffer, although some sort of size check, preferably using snprintf_P and checking the string length of the returned values