diff --git a/sys/include/net/sock/util.h b/sys/include/net/sock/util.h
index cb5f808559c0ffcdcf6de654c2337f1eda9fbb6f..1f69a9d1d376dbc83025c656cb8ce50fa33a2ccc 100644
--- a/sys/include/net/sock/util.h
+++ b/sys/include/net/sock/util.h
@@ -53,8 +53,9 @@ int sock_udp_ep_fmt(const sock_udp_ep_t *endpoint, char *addr_str, uint16_t *por
* "host.name:1234" and "/url/path".
*
* @note Caller has to make sure hostport and urlpath can hold the results!
- * Make sure to provide space for SOCK_HOSTPORT_MAXLEN respectively
- * SOCK_URLPATH_MAXLEN bytes.
+ * Make sure to provide space for @ref SOCK_HOSTPORT_MAXLEN respectively
+ * @ref SOCK_URLPATH_MAXLEN bytes.
+ * Scheme part of the URL is limited to @ref SOCK_SCHEME_MAXLEN length.
*
* @param[in] url URL to split
* @param[out] hostport where to write host:port
@@ -98,6 +99,9 @@ bool sock_udp_ep_equal(const sock_udp_ep_t *a, const sock_udp_ep_t *b);
* @name helper definitions
* @{
*/
+#define SOCK_SCHEME_MAXLEN (16U) /**< maximum length of the scheme part
+ for sock_urlsplit. Ensures a hard
+ limit on the string iterator */
#define SOCK_HOSTPORT_MAXLEN (64U) /**< maximum length of host:port part for
sock_urlsplit() */
#define SOCK_URLPATH_MAXLEN (64U) /**< maximum length path for
diff --git a/sys/net/sock/sock_util.c b/sys/net/sock/sock_util.c
index cbf46f1be161b8d8a5addd7c7868ea8da87ebc75..8a779701e7cdbe3f0c1b61bcf61eb2f3e1510537 100644
--- a/sys/net/sock/sock_util.c
+++ b/sys/net/sock/sock_util.c
@@ -85,8 +85,13 @@ int sock_udp_ep_fmt(const sock_udp_ep_t *endpoint, char *addr_str, uint16_t *por
static char* _find_hoststart(const char *url)
{
+ /* Increment SOCK_SCHEME_MAXLEN due to comparison with the colon after the
+ * scheme part
+ */
+ size_t remaining = SOCK_SCHEME_MAXLEN + 1;
char *urlpos = (char*)url;
- while(*urlpos) {
+ while(*urlpos && remaining) {
+ remaining--;
if (*urlpos++ == ':') {
if (strncmp(urlpos, "//", 2) == 0) {
return urlpos + 2;