From c999186f5e8e01f7e254d40b93526e9b57378169 Mon Sep 17 00:00:00 2001 From: Christian Persch Date: Sun, 17 Jul 2005 16:25:27 +0000 Subject: Only allow alphanumeric option arguments, and limit length to 32 2005-07-17 Christian Persch * src/bookmarks/ephy-bookmarks.c: (get_option), (ephy_bookmarks_get_smart_bookmark_width): Only allow alphanumeric option arguments, and limit length to 32 characters at most. Use g_ascii_strtoull. --- src/bookmarks/ephy-bookmarks.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'src/bookmarks') diff --git a/src/bookmarks/ephy-bookmarks.c b/src/bookmarks/ephy-bookmarks.c index 25caad17f..e934cad9f 100644 --- a/src/bookmarks/ephy-bookmarks.c +++ b/src/bookmarks/ephy-bookmarks.c @@ -1286,7 +1286,7 @@ get_option (char *start, const char *name, char **optionsend) { - char *end; + char *end, *p; *optionsend = start; @@ -1305,6 +1305,13 @@ get_option (char *start, end = strstr (start, ","); if (end == NULL || end >= *optionsend) end = *optionsend - 1; + /* limit option length and sanity-check it */ + if (end - start > 32) return NULL; + for (p = start; p < end; ++p) + { + if (!g_ascii_isalnum (*p)) return NULL; + } + return g_strndup (start, end - start); } @@ -1382,7 +1389,7 @@ ephy_bookmarks_get_smart_bookmark_width (EphyNode *bookmark) number = get_option (option, "width=", &end); if (number == NULL) return 0; - width = atoi (number); + width = (guint) g_ascii_strtoull (number, NULL, 10); g_free (number); return CLAMP (width, 1, 64); -- cgit v1.2.3