From ed895ce02d398dc0a1c87bf7a39965da6c8b82ff Mon Sep 17 00:00:00 2001
From: Stian Thorgersen <stianst@gmail.com>
Date: Fri, 17 Oct 2014 14:50:58 +0200
Subject: [PATCH] KEYCLOAK-699 Set maximum size of qr-code

---
 .../keycloak/services/resources/QRCodeResource.java  | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/services/src/main/java/org/keycloak/services/resources/QRCodeResource.java b/services/src/main/java/org/keycloak/services/resources/QRCodeResource.java
index 6cc66ee424..c846df23c0 100755
--- a/services/src/main/java/org/keycloak/services/resources/QRCodeResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/QRCodeResource.java
@@ -43,14 +43,22 @@ public class QRCodeResource {
 
         if (size != null) {
             String[] s = size.split("x");
-            width = Integer.parseInt(s[0]);
-            height = Integer.parseInt(s[1]);
+            try {
+                width = Integer.parseInt(s[0]);
+                height = Integer.parseInt(s[1]);
+            } catch (Throwable t) {
+                return Response.status(Response.Status.BAD_REQUEST).build();
+            }
         }
 
         if (contents == null) {
             return Response.status(Response.Status.BAD_REQUEST).build();
         }
 
+        if (width > 1000 || height > 1000 || contents.length() > 1000) {
+            return Response.status(Response.Status.BAD_REQUEST).build();
+        }
+
         QRCodeWriter writer = new QRCodeWriter();
         final BitMatrix bitMatrix = writer.encode(contents, BarcodeFormat.QR_CODE, width, height);