From 8880d01298ccf89558b95b948984647959d862ae Mon Sep 17 00:00:00 2001

From: Markus Armbruster <armbru@redhat.com>

Date: Tue, 8 Sep 2015 18:06:25 +0200

Subject: [PATCH 7/7] util/uri: Add overflow check to rfc3986_parse_port

Message-id: <1441735585-23432-8-git-send-email-armbru@redhat.com>

Patchwork-id: 67705

O-Subject: [RHEL-7.2 qemu-kvm PATCH 7/7] util/uri: Add overflow check to rfc3986_parse_port

Bugzilla: 1218919

RH-Acked-by: Laszlo Ersek <lersek@redhat.com>

RH-Acked-by: Fam Zheng <famz@redhat.com>

RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>

From: Max Reitz <mreitz@redhat.com>

And while at it, replace tabs by eight spaces in this function.

Signed-off-by: Max Reitz <mreitz@redhat.com>

Message-Id: <1424887718-10800-2-git-send-email-mreitz@redhat.com>

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

(cherry picked from commit 2b21233061696feed434317a70e0a8b74f956ec8)

Signed-off-by: Markus Armbruster <armbru@redhat.com>

Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>

---

 util/uri.c | 24 ++++++++++++++----------

 1 file changed, 14 insertions(+), 10 deletions(-)

diff --git a/util/uri.c b/util/uri.c

index 1cfd78b..550b984 100644

--- a/util/uri.c

+++ b/util/uri.c

@@ -320,19 +320,23 @@ static int

 rfc3986_parse_port(URI *uri, const char **str)

 {

     const char *cur = *str;

+    int port = 0;

     if (ISA_DIGIT(cur)) {

-	if (uri != NULL)

-	    uri->port = 0;

-	while (ISA_DIGIT(cur)) {

-	    if (uri != NULL)

-		uri->port = uri->port * 10 + (*cur - '0');

-	    cur++;

-	}

-	*str = cur;

-	return(0);

+        while (ISA_DIGIT(cur)) {

+            port = port * 10 + (*cur - '0');

+            if (port > 65535) {

+                return 1;

+            }

+            cur++;

+        }

+        if (uri) {

+            uri->port = port;

+        }

+        *str = cur;

+        return 0;

     }

-    return(1);

+    return 1;

 }

 /**

-- 

1.8.3.1