From 462e449cd6d8083c8f8d10b5c8026136b1a51d34 Mon Sep 17 00:00:00 2001
From: Andy Green <andy@warmcat.com>
Date: Thu, 2 Nov 2017 08:10:41 +0800
Subject: [PATCH] lws_hdr_copy: protect against garbage

---
 lib/server/parsers.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/lib/server/parsers.c b/lib/server/parsers.c
index 71091287..2ae188c8 100644
--- a/lib/server/parsers.c
+++ b/lib/server/parsers.c
@@ -570,11 +570,15 @@ LWS_VISIBLE int lws_hdr_copy(struct lws *wsi, char *dst, int len,
 		return 0;
 
 	do {
-		strcpy(dst,
-		       &wsi->u.hdr.ah->data[wsi->u.hdr.ah->frags[n].offset]);
+		if (wsi->u.hdr.ah->frags[n].len >= len)
+			return -1;
+		strncpy(dst, &wsi->u.hdr.ah->data[wsi->u.hdr.ah->frags[n].offset],
+		        wsi->u.hdr.ah->frags[n].len);
 		dst += wsi->u.hdr.ah->frags[n].len;
+		len -= wsi->u.hdr.ah->frags[n].len;
 		n = wsi->u.hdr.ah->frags[n].nfrag;
 	} while (n);
+	*dst = '\0';
 
 	return toklen;
 }