Only allow alphanumeric option arguments, and limit length to 32

2005-07-17  Christian Persch  <chpe@cvs.gnome.org>

	* src/bookmarks/ephy-bookmarks.c: (get_option),
	(ephy_bookmarks_get_smart_bookmark_width):

	Only allow alphanumeric option arguments, and limit length to 32
	characters at most. Use g_ascii_strtoull.

1 files changed, 9 insertions, 2 deletions

diff --git a/src/bookmarks/ephy-bookmarks.c b/src/bookmarks/ephy-bookmarks.c
index 25caad17f..e934cad9f 100644
--- a/src/bookmarks/ephy-bookmarks.c
+++ b/src/bookmarks/ephy-bookmarks.c
@@ -1286,7 +1286,7 @@ get_option (char *start,
 	    const char *name,
 	    char **optionsend)
 {
-	char *end;
+	char *end, *p;
 
 	*optionsend = start;
 
@@ -1305,6 +1305,13 @@ get_option (char *start,
 	end = strstr (start, ",");
 	if (end == NULL || end >= *optionsend) end = *optionsend - 1;
 
+	/* limit option length and sanity-check it */
+	if (end - start > 32) return NULL;
+	for (p = start; p < end; ++p)
+	{
+		if (!g_ascii_isalnum (*p)) return NULL;
+	}
+
 	return g_strndup (start, end - start);
 }
 
@@ -1382,7 +1389,7 @@ ephy_bookmarks_get_smart_bookmark_width (EphyNode *bookmark)
 	number = get_option (option, "width=", &end);
 	if (number == NULL) return 0;
 
-	width = atoi (number);
+	width = (guint) g_ascii_strtoull (number, NULL, 10);
 	g_free (number);
 
 	return CLAMP (width, 1, 64);