r2918 rjw - /trunk/netsurf/desktop/browser.c - netsurf-commits

Tuesday, 5 September 2006

Author: rjw
Date: Tue Sep  5 18:59:29 2006
New Revision: 2918

URL: http://svn.semichrome.net?rev=2918&view=rev
Log:
Limit maximum frame nesting level.

Modified:
    trunk/netsurf/desktop/browser.c

Modified: trunk/netsurf/desktop/browser.c
URL:
http://svn.semichrome.net/trunk/netsurf/desktop/browser.c?rev=2918&r1...
==============================================================================

--- trunk/netsurf/desktop/browser.c (original)
+++ trunk/netsurf/desktop/browser.c Tue Sep  5 18:59:29 2006
@@ -50,6 +50,9 @@
 
 /** maximum frame resize margin */
 #define FRAME_RESIZE 6
+
+/** maximum frame depth */
+#define FRAME_DEPTH 8
 
 /** browser window which is being redrawn. Valid only during redraw. */
 struct browser_window *current_redraw_browser;
@@ -746,10 +749,20 @@
 	char *hash;
 	url_func_result res;
 	char url_buf[256];
+	int depth = 0;
+	struct browser_window *cur;
 
 	LOG(("bw %p, url %s", bw, url));
 	assert(bw);
 	assert(url);
+	
+	/* don't allow massively nested framesets */
+	for (cur = bw; cur->parent; cur = cur->parent)
+		depth++;
+	if (depth > FRAME_DEPTH) {
+	  	LOG(("frame depth too high."));
+		return;
+	}
 
 	res = url_normalize(url, &url2);
 	if (res != URL_FUNC_OK) {



    

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

r2918 rjw - /trunk/netsurf/desktop/browser.c