diff --git a/lynx-2.8.7-alloca.patch b/lynx-2.8.7-alloca.patch
new file mode 100644
index 0000000..2fd26f2
--- /dev/null
+++ b/lynx-2.8.7-alloca.patch
@@ -0,0 +1,112 @@
+ WWW/Library/Implementation/HTParse.c |   47 +++++++++++++++++++++++-----------
+ src/LYGlobalDefs.h                   |    1 +
+ src/LYMain.c                         |    1 +
+ 3 files changed, 34 insertions(+), 15 deletions(-)
+
+diff --git a/WWW/Library/Implementation/HTParse.c b/WWW/Library/Implementation/HTParse.c
+index c9bfbbf..b265e22 100644
+--- a/WWW/Library/Implementation/HTParse.c
++++ b/WWW/Library/Implementation/HTParse.c
+@@ -12,6 +12,7 @@
+ #include <LYLeaks.h>
+ #include <LYStrings.h>
+ #include <LYCharUtils.h>
++#include <LYGlobalDefs.h>
+ 
+ #ifdef HAVE_ALLOCA_H
+ #include <alloca.h>
+@@ -255,7 +256,8 @@ char *HTParse(const char *aName,
+     char *result = NULL;
+     char *tail = NULL;		/* a pointer to the end of the 'result' string */
+     char *return_value = NULL;
+-    unsigned len, len1, len2;
++    size_t len, len1, len2;
++    size_t need;
+     char *name = NULL;
+     char *rel = NULL;
+     char *p, *q;
+@@ -290,9 +292,17 @@ char *HTParse(const char *aName,
+     len2 = strlen(relatedName) + 1;
+     len = len1 + len2 + 8;	/* Lots of space: more than enough */
+ 
+-    result = tail = (char *) LYalloca(len * 2 + len1 + len2);
++    need = (len * 2 + len1 + len2);
++    if (need > (size_t) max_uri_size ||
++	(int) need < (int) len1 ||
++	(int) need < (int) len2)
++	return StrAllocCopy(return_value, "");
++
++    result = tail = (char *) LYalloca(need);
+     if (result == NULL) {
+ 	outofmem(__FILE__, "HTParse");
++
++	assert(result != NULL);
+     }
+     *result = '\0';
+     name = result + len;
+@@ -674,21 +684,28 @@ const char *HTParseAnchor(const char *aName)
+ 	 * keeping in mind scan() peculiarities on schemes:
+ 	 */
+ 	struct struct_parts given;
++	size_t need = ((unsigned) ((p - aName) + (int) strlen(p) + 1));
++	char *name;
+ 
+-	char *name = (char *) LYalloca((unsigned) ((p - aName)
+-						   + (int) strlen(p) + 1));
++	if (need > (size_t) max_uri_size) {
++	    p += strlen(p);
++	} else {
++	    name = (char *) LYalloca(need);
+ 
+-	if (name == NULL) {
+-	    outofmem(__FILE__, "HTParseAnchor");
+-	}
+-	strcpy(name, aName);
+-	scan(name, &given);
+-	LYalloca_free(name);
+-
+-	p++;			/*next to '#' */
+-	if (given.anchor == NULL) {
+-	    for (; *p; p++)	/*scroll to end '\0' */
+-		;
++	    if (name == NULL) {
++		outofmem(__FILE__, "HTParseAnchor");
++
++		assert(name != NULL);
++	    }
++	    strcpy(name, aName);
++	    scan(name, &given);
++	    LYalloca_free(name);
++
++	    p++;		/*next to '#' */
++	    if (given.anchor == NULL) {
++		for (; *p; p++)	/*scroll to end '\0' */
++		    ;
++	    }
+ 	}
+     }
+     return p;
+diff --git a/src/LYGlobalDefs.h b/src/LYGlobalDefs.h
+index d0c5ab1..cc3e1e8 100644
+--- a/src/LYGlobalDefs.h
++++ b/src/LYGlobalDefs.h
+@@ -305,6 +305,7 @@ extern "C" {
+     extern int max_cookies_buffer;
+     extern int max_cookies_domain;
+     extern int max_cookies_global;
++    extern int max_uri_size;
+ #ifdef USE_SESSIONS
+     extern short session_limit;	/* maximal entries saved/restored
+ 				   in session file */
+diff --git a/src/LYMain.c b/src/LYMain.c
+index 126a30f..0ccebe5 100644
+--- a/src/LYMain.c
++++ b/src/LYMain.c
+@@ -494,6 +494,7 @@ int lynx_temp_subspace = 0;	/* > 0 if we made temp-directory */
+ int max_cookies_domain = 50;
+ int max_cookies_global = 500;
+ int max_cookies_buffer = 4096;
++int max_uri_size = 8192;
+ int nlinks = 0;			/* number of links in memory */
+ int outgoing_mail_charset = -1;	/* translate mail to this charset */
+ 
diff --git a/lynx.spec b/lynx.spec
index 996d098..a089a28 100644
--- a/lynx.spec
+++ b/lynx.spec
@@ -1,7 +1,7 @@
 Summary: A text-based Web browser
 Name: lynx
 Version: 2.8.7
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: GPLv2
 Group: Applications/Internet
 Source: http://lynx.isc.org/lynx%{version}/lynx%{version}.tar.bz2
@@ -33,6 +33,9 @@ Patch5: lynx-2.8.7-locale.patch
 # bz #425879
 Patch6: lynx-2.8.7-ipv6arg.patch
 
+# bz #605286
+Patch7: lynx-2.8.7-alloca.patch
+
 Provides: webclient
 Provides: text-www-browser
 BuildRequires: gettext
@@ -62,6 +65,7 @@ exits quickly and swiftly displays web pages.
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1
 
 perl -pi -e "s,^HELPFILE:.*,HELPFILE:file://localhost/usr/share/doc/lynx-%{version}/lynx_help/lynx_help_main.html,g" lynx.cfg
 perl -pi -e "s,^DEFAULT_INDEX_FILE:.*,DEFAULT_INDEX_FILE:http://www.google.com/,g" lynx.cfg
@@ -149,6 +153,9 @@ rm -rf $RPM_BUILD_ROOT
 %config(noreplace,missingok) %{_sysconfdir}/lynx-site.cfg
 
 %changelog
+* Wed Jul 07 2010 Kamil Dudka <kdudka@redhat.com> - 2.8.7-5
+- upstream patch that limits length of parsed URIs (#605286)
+
 * Thu Apr 08 2010 Kamil Dudka <kdudka@redhat.com> - 2.8.7-4
 - allow IPv6 addresses without http:// prefix (#425879)