summaryrefslogtreecommitdiff
path: root/plugin
diff options
context:
space:
mode:
authorSamuel Lidén Borell <samuel@slbdata.se>2009-06-23 21:06:05 +0200
committerSamuel Lidén Borell <samuel@slbdata.se>2010-01-02 22:30:10 +0100
commit3f74b35447e185f35128b886e536943897c10226 (patch)
tree460d81f4c7dce1336b528ddd47632f9225586854 /plugin
parent6000eef96493e8c1f755eced77b9c2eea65172f8 (diff)
downloadfribid-3f74b35447e185f35128b886e536943897c10226.tar.gz
fribid-3f74b35447e185f35128b886e536943897c10226.tar.bz2
fribid-3f74b35447e185f35128b886e536943897c10226.zip
Don't accept parameters larger than 10 MiB
Diffstat (limited to 'plugin')
-rw-r--r--plugin/npobject.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/plugin/npobject.c b/plugin/npobject.c
index c45d5b7..6d6fea3 100644
--- a/plugin/npobject.c
+++ b/plugin/npobject.c
@@ -215,6 +215,11 @@ static bool objInvoke(NPObject *npobj, NPIdentifier ident,
} else if (!strcmp(name, "SetParam") && (argCount == 2) &&
NPVARIANT_IS_STRING(args[0]) && NPVARIANT_IS_STRING(args[1])) {
// Set parameter
+ if (NPVARIANT_TO_STRING(args[1]).utf8length >= 10*1024*1024) {
+ // Value is larger than 10 MiB
+ return false;
+ }
+
char *param = strndup(NPVARIANT_TO_STRING(args[0]).utf8characters, NPVARIANT_TO_STRING(args[0]).utf8length);
char *value = strndup(NPVARIANT_TO_STRING(args[1]).utf8characters, NPVARIANT_TO_STRING(args[1]).utf8length);