From b8a494fb76933a233ca10ee446ebf81c87891715 Mon Sep 17 00:00:00 2001
From: Koen Zandberg <koen@bergzand.net>
Date: Wed, 18 Jul 2018 14:44:29 +0200
Subject: [PATCH] sock_util: Prevent overflow in sock_urlsplit

This adds a length check to verify if the host-port part of the URL fits
in the supplied buffer
---
 sys/net/sock/sock_util.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/sys/net/sock/sock_util.c b/sys/net/sock/sock_util.c
index 3d5fb0b656..fbb8c0449d 100644
--- a/sys/net/sock/sock_util.c
+++ b/sys/net/sock/sock_util.c
@@ -126,7 +126,13 @@ int sock_urlsplit(const char *url, char *hostport, char *urlpath)
 
     char *pathstart = _find_pathstart(hoststart);
 
-    memcpy(hostport, hoststart, pathstart - hoststart);
+    size_t hostlen = pathstart - hoststart;
+    /* hostlen must be smaller SOCK_HOSTPORT_MAXLEN to have space for the null
+     * terminator */
+    if (hostlen > SOCK_HOSTPORT_MAXLEN - 1) {
+        return -EOVERFLOW;
+    }
+    memcpy(hostport, hoststart, hostlen);
 
     size_t pathlen = strlen(pathstart);
     if (pathlen) {