Overview

File CVE-2018-19199.patch of Package uriparser.9488

Index: uriparser-uriparser-0.8.5/src/UriQuery.c
===================================================================
--- uriparser-uriparser-0.8.5.orig/src/UriQuery.c
+++ uriparser-uriparser-0.8.5/src/UriQuery.c
@@ -66,6 +66,8 @@
 # include "UriCommon.h"
 #endif
 
+#include <limits.h>
+
 
 
 static int URI_FUNC(ComposeQueryEngine)(URI_CHAR * dest,
@@ -201,9 +203,15 @@ int URI_FUNC(ComposeQueryEngine)(URI_CHA
 		const URI_CHAR * const value = queryList->value;
 		const int worstCase = (normalizeBreaks == URI_TRUE ? 6 : 3);
 		const int keyLen = (key == NULL) ? 0 : (int)URI_STRLEN(key);
-		const int keyRequiredChars = worstCase * keyLen;
+		int keyRequiredChars;
 		const int valueLen = (value == NULL) ? 0 : (int)URI_STRLEN(value);
-		const int valueRequiredChars = worstCase * valueLen;
+		int valueRequiredChars;
+		
+		if ((keyLen >= INT_MAX / worstCase) || (valueLen >= INT_MAX / worstCase)) {
+			return URI_ERROR_OUTPUT_TOO_LARGE;
+		}
+		keyRequiredChars = worstCase * keyLen;
+		valueRequiredChars = worstCase * valueLen;
 
 		if (dest == NULL) {
 			if (firstItem == URI_TRUE) {
openSUSE Build Service is sponsored by
Places