From b09f4dd2cceb9ad6fa91c018a6ebd89f79802a3e Mon Sep 17 00:00:00 2001
From: Anna Larch <anna@nextcloud.com>
Date: Wed, 6 Jul 2022 19:16:38 +0200
Subject: Check calendar URI length before creation

Signed-off-by: Anna Larch <anna@nextcloud.com>
---
 apps/dav/lib/CalDAV/CalDavBackend.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/apps/dav/lib/CalDAV/CalDavBackend.php b/apps/dav/lib/CalDAV/CalDavBackend.php
index 7bd0768a2d3..5ce8a0562ce 100644
--- a/apps/dav/lib/CalDAV/CalDavBackend.php
+++ b/apps/dav/lib/CalDAV/CalDavBackend.php
@@ -63,6 +63,7 @@ use OCA\DAV\Events\CalendarUpdatedEvent;
 use OCA\DAV\Events\SubscriptionCreatedEvent;
 use OCA\DAV\Events\SubscriptionDeletedEvent;
 use OCA\DAV\Events\SubscriptionUpdatedEvent;
+use OCP\Calendar\Exceptions\CalendarException;
 use OCP\DB\Exception;
 use OCP\DB\QueryBuilder\IQueryBuilder;
 use OCP\EventDispatcher\IEventDispatcher;
@@ -809,8 +810,14 @@ class CalDavBackend extends AbstractBackend implements SyncSupport, Subscription
 	 * @param string $calendarUri
 	 * @param array $properties
 	 * @return int
+	 *
+	 * @throws CalendarException
 	 */
 	public function createCalendar($principalUri, $calendarUri, array $properties) {
+		if (strlen($calendarUri) > 255) {
+			throw new CalendarException('URI too long. Calendar not created');
+		}
+
 		$values = [
 			'principaluri' => $this->convertPrincipal($principalUri, true),
 			'uri' => $calendarUri,
-- 
cgit v1.2.3


From ab113291d6fa95fdc1968b28257313ec749bfae2 Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Fri, 26 Aug 2022 13:58:18 +0200
Subject: Check address book URI length before creation

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 apps/dav/lib/CardDAV/CardDavBackend.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/apps/dav/lib/CardDAV/CardDavBackend.php b/apps/dav/lib/CardDAV/CardDavBackend.php
index 1c1754ff752..ebbf44376f5 100644
--- a/apps/dav/lib/CardDAV/CardDavBackend.php
+++ b/apps/dav/lib/CardDAV/CardDavBackend.php
@@ -416,6 +416,10 @@ class CardDavBackend implements BackendInterface, SyncSupport {
 	 * @throws BadRequest
 	 */
 	public function createAddressBook($principalUri, $url, array $properties) {
+		if (strlen($url) > 255) {
+			throw new BadRequest('URI too long. Address book not created');
+		}
+
 		$values = [
 			'displayname' => null,
 			'description' => null,
-- 
cgit v1.2.3