sock_util: Prevent overflow in sock_urlsplit

This adds a length check to verify if the host-port part of the URL fits in the supplied buffer

sock_util: Prevent overflow in sock_urlsplit
b8a494fb · Koen Zandberg · 3096823a · b8a494fb
Unverified Commit b8a494fb authored 6 years ago by Koen Zandberg
--- a/sys/net/sock/sock_util.c
+++ b/sys/net/sock/sock_util.c
@@ -126,7 +126,13 @@ int sock_urlsplit(const char *url, char *hostport, char *urlpath)
    char *pathstart = _find_pathstart(hoststart);
-    memcpy(hostport, hoststart, pathstart - hoststart);
+    size_t hostlen = pathstart - hoststart;
+    /* hostlen must be smaller SOCK_HOSTPORT_MAXLEN to have space for the null
+     * terminator */
+    if (hostlen > SOCK_HOSTPORT_MAXLEN - 1) {
+        return -EOVERFLOW;
+    }
+    memcpy(hostport, hoststart, hostlen);
    size_t pathlen = strlen(pathstart);
    if (pathlen) {