From 8880d01298ccf89558b95b948984647959d862ae Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Tue, 8 Sep 2015 18:06:25 +0200 Subject: [PATCH 7/7] util/uri: Add overflow check to rfc3986_parse_port Message-id: <1441735585-23432-8-git-send-email-armbru@redhat.com> Patchwork-id: 67705 O-Subject: [RHEL-7.2 qemu-kvm PATCH 7/7] util/uri: Add overflow check to rfc3986_parse_port Bugzilla: 1218919 RH-Acked-by: Laszlo Ersek RH-Acked-by: Fam Zheng RH-Acked-by: Dr. David Alan Gilbert From: Max Reitz And while at it, replace tabs by eight spaces in this function. Signed-off-by: Max Reitz Message-Id: <1424887718-10800-2-git-send-email-mreitz@redhat.com> Signed-off-by: Paolo Bonzini (cherry picked from commit 2b21233061696feed434317a70e0a8b74f956ec8) Signed-off-by: Markus Armbruster Signed-off-by: Miroslav Rezanina --- util/uri.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/util/uri.c b/util/uri.c index 1cfd78b..550b984 100644 --- a/util/uri.c +++ b/util/uri.c @@ -320,19 +320,23 @@ static int rfc3986_parse_port(URI *uri, const char **str) { const char *cur = *str; + int port = 0; if (ISA_DIGIT(cur)) { - if (uri != NULL) - uri->port = 0; - while (ISA_DIGIT(cur)) { - if (uri != NULL) - uri->port = uri->port * 10 + (*cur - '0'); - cur++; - } - *str = cur; - return(0); + while (ISA_DIGIT(cur)) { + port = port * 10 + (*cur - '0'); + if (port > 65535) { + return 1; + } + cur++; + } + if (uri) { + uri->port = port; + } + *str = cur; + return 0; } - return(1); + return 1; } /** -- 1.8.3.1