[libxml2] Allow port numbers up to INT_MAX



commit b46016b8705b041c0678dd45e445dc73674b75d0
Author: Nick Wellnhofer <wellnhofer aevum de>
Date:   Sat Oct 17 18:03:09 2020 +0200

    Allow port numbers up to INT_MAX
    
    Also return an error on overflow.

 uri.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)
---
diff --git a/uri.c b/uri.c
index 91c4619cc..7e9a9f440 100644
--- a/uri.c
+++ b/uri.c
@@ -11,6 +11,7 @@
 #define IN_LIBXML
 #include "libxml.h"
 
+#include <limits.h>
 #include <string.h>
 
 #include <libxml/xmlmemory.h>
@@ -329,9 +330,14 @@ xmlParse3986Port(xmlURIPtr uri, const char **str)
 
     if (ISA_DIGIT(cur)) {
        while (ISA_DIGIT(cur)) {
-           port = port * 10 + (*cur - '0');
-            if (port > 99999999)
-                port = 99999999;
+            int digit = *cur - '0';
+
+            if (port > INT_MAX / 10)
+                return(1);
+            port *= 10;
+            if (port > INT_MAX - digit)
+                return(1);
+           port += digit;
 
            cur++;
        }


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]