File CVE-2018-19199.patch of Package uriparser.9488
Index: uriparser-uriparser-0.8.5/src/UriQuery.c
===================================================================
--- uriparser-uriparser-0.8.5.orig/src/UriQuery.c
+++ uriparser-uriparser-0.8.5/src/UriQuery.c
@@ -66,6 +66,8 @@
# include "UriCommon.h"
#endif
+#include <limits.h>
+
static int URI_FUNC(ComposeQueryEngine)(URI_CHAR * dest,
@@ -201,9 +203,15 @@ int URI_FUNC(ComposeQueryEngine)(URI_CHA
const URI_CHAR * const value = queryList->value;
const int worstCase = (normalizeBreaks == URI_TRUE ? 6 : 3);
const int keyLen = (key == NULL) ? 0 : (int)URI_STRLEN(key);
- const int keyRequiredChars = worstCase * keyLen;
+ int keyRequiredChars;
const int valueLen = (value == NULL) ? 0 : (int)URI_STRLEN(value);
- const int valueRequiredChars = worstCase * valueLen;
+ int valueRequiredChars;
+
+ if ((keyLen >= INT_MAX / worstCase) || (valueLen >= INT_MAX / worstCase)) {
+ return URI_ERROR_OUTPUT_TOO_LARGE;
+ }
+ keyRequiredChars = worstCase * keyLen;
+ valueRequiredChars = worstCase * valueLen;
if (dest == NULL) {
if (firstItem == URI_TRUE) {