From a919f1389174b66a45eb79818032f92b458018f3 Mon Sep 17 00:00:00 2001
From: David Korczynski <david@adalogics.com>
Date: Tue, 21 May 2024 07:15:48 -0700
Subject: [PATCH] fix overflow in URL parsing

Signed-off-by: David Korczynski <david@adalogics.com>
---
 http_parser/http_parser.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/http_parser/http_parser.c b/http_parser/http_parser.c
index 9704c55d..2e29aed0 100644
--- a/http_parser/http_parser.c
+++ b/http_parser/http_parser.c
@@ -2001,12 +2001,18 @@ http_parse_host_char(enum http_host_state s, const char ch) {
 }
 
 static int
-http_parse_host(const char * buf, struct http_parser_url *u, int found_at) {
+http_parse_host(const char * buf, size_t raw_buflen, struct http_parser_url *u,
+                int found_at) {
   enum http_host_state s;
 
   const char *p;
   size_t buflen = u->field_data[UF_HOST].off + u->field_data[UF_HOST].len;
 
+  /* Make sure we dont extend beyond the input buffer. */
+  if (buflen > raw_buflen) {
+    return 1;
+  }
+
   u->field_data[UF_HOST].len = 0;
 
   s = found_at ? s_http_userinfo_start : s_http_host_start;
@@ -2147,7 +2153,7 @@ http_parser_parse_url(const char *buf, size_t buflen, int is_connect,
   /* host must be present if there is a schema */
   /* parsing http:///toto will fail */
   if ((u->field_set & ((1 << UF_SCHEMA) | (1 << UF_HOST))) != 0) {
-    if (http_parse_host(buf, u, found_at) != 0) {
+    if (http_parse_host(buf, buflen, u, found_at) != 0) {
       return 1;
     }
   }