diff --git a/services/src/main/java/org/keycloak/services/resources/QRCodeResource.java b/services/src/main/java/org/keycloak/services/resources/QRCodeResource.java
index 6cc66ee..c846df2 100755
--- a/services/src/main/java/org/keycloak/services/resources/QRCodeResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/QRCodeResource.java
@@ -43,14 +43,22 @@ public class QRCodeResource {
if (size != null) {
String[] s = size.split("x");
- width = Integer.parseInt(s[0]);
- height = Integer.parseInt(s[1]);
+ try {
+ width = Integer.parseInt(s[0]);
+ height = Integer.parseInt(s[1]);
+ } catch (Throwable t) {
+ return Response.status(Response.Status.BAD_REQUEST).build();
+ }
}
if (contents == null) {
return Response.status(Response.Status.BAD_REQUEST).build();
}
+ if (width > 1000 || height > 1000 || contents.length() > 1000) {
+ return Response.status(Response.Status.BAD_REQUEST).build();
+ }
+
QRCodeWriter writer = new QRCodeWriter();
final BitMatrix bitMatrix = writer.encode(contents, BarcodeFormat.QR_CODE, width, height);
