cryptospore / rpms / qemu-kvm

Forked from rpms/qemu-kvm 2 years ago
Clone

Blame SOURCES/kvm-util-uri-Add-overflow-check-to-rfc3986_parse_port.patch

05bba0
From 8880d01298ccf89558b95b948984647959d862ae Mon Sep 17 00:00:00 2001
05bba0
From: Markus Armbruster <armbru@redhat.com>
05bba0
Date: Tue, 8 Sep 2015 18:06:25 +0200
05bba0
Subject: [PATCH 7/7] util/uri: Add overflow check to rfc3986_parse_port
05bba0
05bba0
Message-id: <1441735585-23432-8-git-send-email-armbru@redhat.com>
05bba0
Patchwork-id: 67705
05bba0
O-Subject: [RHEL-7.2 qemu-kvm PATCH 7/7] util/uri: Add overflow check to rfc3986_parse_port
05bba0
Bugzilla: 1218919
05bba0
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
05bba0
RH-Acked-by: Fam Zheng <famz@redhat.com>
05bba0
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
05bba0
05bba0
From: Max Reitz <mreitz@redhat.com>
05bba0
05bba0
And while at it, replace tabs by eight spaces in this function.
05bba0
05bba0
Signed-off-by: Max Reitz <mreitz@redhat.com>
05bba0
Message-Id: <1424887718-10800-2-git-send-email-mreitz@redhat.com>
05bba0
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
05bba0
(cherry picked from commit 2b21233061696feed434317a70e0a8b74f956ec8)
05bba0
Signed-off-by: Markus Armbruster <armbru@redhat.com>
05bba0
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
05bba0
---
05bba0
 util/uri.c | 24 ++++++++++++++----------
05bba0
 1 file changed, 14 insertions(+), 10 deletions(-)
05bba0
05bba0
diff --git a/util/uri.c b/util/uri.c
05bba0
index 1cfd78b..550b984 100644
05bba0
--- a/util/uri.c
05bba0
+++ b/util/uri.c
05bba0
@@ -320,19 +320,23 @@ static int
05bba0
 rfc3986_parse_port(URI *uri, const char **str)
05bba0
 {
05bba0
     const char *cur = *str;
05bba0
+    int port = 0;
05bba0
 
05bba0
     if (ISA_DIGIT(cur)) {
05bba0
-	if (uri != NULL)
05bba0
-	    uri->port = 0;
05bba0
-	while (ISA_DIGIT(cur)) {
05bba0
-	    if (uri != NULL)
05bba0
-		uri->port = uri->port * 10 + (*cur - '0');
05bba0
-	    cur++;
05bba0
-	}
05bba0
-	*str = cur;
05bba0
-	return(0);
05bba0
+        while (ISA_DIGIT(cur)) {
05bba0
+            port = port * 10 + (*cur - '0');
05bba0
+            if (port > 65535) {
05bba0
+                return 1;
05bba0
+            }
05bba0
+            cur++;
05bba0
+        }
05bba0
+        if (uri) {
05bba0
+            uri->port = port;
05bba0
+        }
05bba0
+        *str = cur;
05bba0
+        return 0;
05bba0
     }
05bba0
-    return(1);
05bba0
+    return 1;
05bba0
 }
05bba0
 
05bba0
 /**
05bba0
-- 
05bba0
1.8.3.1
05bba0