From ef4a55cbe80411545e6fa502dd33164ef401b104 Mon Sep 17 00:00:00 2001
From: Noah Laptop <noah@koontzs.com>
Date: Wed, 13 Mar 2019 13:24:55 -0700
Subject: [PATCH] Switched hostname storage from stack to heap since hostnames
 are much smaller than max 256 bytes, need to add free memory error detection
 before stack overflows (8000 bytes?)

Signed-off-by: Noah Laptop <noah@koontzs.com>
---
 src/SSLClient.h  |  6 +++---
 src/SSLSession.h | 21 +++++++++++++++------
 2 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/src/SSLClient.h b/src/SSLClient.h
index 83d8446..1ae0b9f 100644
--- a/src/SSLClient.h
+++ b/src/SSLClient.h
@@ -143,7 +143,7 @@ SSLSession& SSLClient<C, SessionCache>::getSession(const char* host, const IPAdd
     if (temp_index == -1) {
         temp_index = m_index;
         // reset the session so we don't try to send one sites session to another
-        m_sessions[temp_index] = SSLSession();
+        m_sessions[temp_index].clear_parameters();
     }
     // increment m_index so the session cache is a circular buffer
     if (temp_index == m_index && ++m_index >= SessionCache) m_index = 0;
@@ -160,7 +160,7 @@ void SSLClient<C, SessionCache>::removeSession(const char* host, const IPAddress
     if (temp_index != -1) {
         m_info(" Deleted session ", func_name);
         m_info(temp_index, func_name);
-        m_sessions[temp_index] = SSLSession();
+        m_sessions[temp_index].clear_parameters();
     }
 }
 
@@ -173,7 +173,7 @@ int SSLClient<C, SessionCache>::m_getSessionIndex(const char* host, const IPAddr
         if (m_sessions[i].is_valid_session() 
             && (
                 // and the hostname matches, or
-                (host != NULL && strcmp(host, m_sessions[i].get_hostname()) == 0)
+                (host != NULL && m_sessions[i].get_hostname().equals(host))
                 // there is no hostname and the IP address matches    
                 || (host == NULL && addr == m_sessions[i].get_ip())
             )) {
diff --git a/src/SSLSession.h b/src/SSLSession.h
index 042091f..b881084 100644
--- a/src/SSLSession.h
+++ b/src/SSLSession.h
@@ -52,7 +52,7 @@ class SSLSession : public br_ssl_session_parameters {
 public:
     explicit SSLSession()
         : m_valid_session(false)
-        , m_hostname{}
+        , m_hostname()
         , m_ip(INADDR_NONE) {}
 
     /**
@@ -60,22 +60,31 @@ public:
      */
     void set_parameters(const IPAddress& ip, const char* hostname = NULL) {
         // copy the hostname
-        if (hostname != NULL) strncpy(m_hostname, hostname, sizeof m_hostname - 1);
+        if (hostname != NULL) m_hostname = hostname;
         // or if there's no hostname, clear the string
-        else m_hostname[0] = '\0';
+        else m_hostname = "";
         // and the IP address
         m_ip = ip;
         // check if both values are valid, and if so set valid to true
         if (m_ip != INADDR_NONE && session_id_len > 0
-            && (hostname == NULL || strlen(m_hostname) > 0)) m_valid_session = true;
+            && (hostname == NULL || m_hostname)) m_valid_session = true;
     }
 
+    void clear_parameters() {
+        // clear the hostname , ip, and valid session flags
+        m_hostname = "";
+        m_ip = INADDR_NONE;
+        m_valid_session = false;
+    }
+
+    SSLSession& operator=(const SSLSession&) = delete;
+
     br_ssl_session_parameters* to_br_session() { return (br_ssl_session_parameters *)this; }
 
     /**
      * \pre must check isValidSession
      */
-    const char* get_hostname() const { return m_hostname; }
+    const String& get_hostname() const { return m_hostname; }
 
     /**
      * \pre must check isValidSession
@@ -86,7 +95,7 @@ public:
 private:
     bool m_valid_session;
     // aparently a hostname has a max length of 256 chars. Go figure.
-    char m_hostname[256];
+    String m_hostname;
     // store the IP Address we connected to
     IPAddress m_ip;
 };