From: Fabian Keil <fk@fabiankeil.de>
Date: Tue, 3 May 2016 13:21:42 +0000 (+0000)
Subject: Limit the names of client tags to 50 characters
X-Git-Tag: v_3_0_25~51
X-Git-Url: http://www.privoxy.org/gitweb/%22https:/faq/@default-cgi@/user-manual/static/@proxy-info-url@?a=commitdiff_plain;h=cdce878b344dabb6c0b348f4c0a8eb9c5b86dd3c;p=privoxy.git

Limit the names of client tags to 50 characters
---

diff --git a/client-tags.h b/client-tags.h
index ac6ef0d8..328346ed 100644
--- a/client-tags.h
+++ b/client-tags.h
@@ -1,9 +1,9 @@
 #ifndef CLIENT_TAGS_H_INCLUDED
 #define CLIENT_TAGS_H_INCLUDED
-#define CLIENT_TAGS_H_VERSION "$Id:$"
+#define CLIENT_TAGS_H_VERSION "$Id: client-tags.h,v 1.1 2016/03/17 10:42:27 fabiankeil Exp $"
 /*********************************************************************
  *
- * File        :  $Source: $
+ * File        :  $Source: /cvsroot/ijbswa/current/client-tags.h,v $
  *
  * Purpose     :  Declares functions for client-specific tags.
  *
@@ -40,4 +40,6 @@ extern jb_err enable_client_specific_tag(struct client_state *csp,
                                          const time_t time_to_live);
 extern int client_has_requested_tag(const char *client_address,
                                     const char *tag);
+
+#define CLIENT_TAG_LENGTH_MAX 50
 #endif
diff --git a/loadcfg.c b/loadcfg.c
index 2426964e..a41bcfbd 100644
--- a/loadcfg.c
+++ b/loadcfg.c
@@ -1,4 +1,4 @@
-const char loadcfg_rcs[] = "$Id: loadcfg.c,v 1.149 2016/03/17 18:20:57 fabiankeil Exp $";
+const char loadcfg_rcs[] = "$Id: loadcfg.c,v 1.150 2016/03/27 16:54:50 fabiankeil Exp $";
 /*********************************************************************
  *
  * File        :  $Source: /cvsroot/ijbswa/current/loadcfg.c,v $
@@ -85,6 +85,9 @@ const char loadcfg_rcs[] = "$Id: loadcfg.c,v 1.149 2016/03/17 18:20:57 fabiankei
 #include "urlmatch.h"
 #include "cgi.h"
 #include "gateway.h"
+#ifdef FEATURE_CLIENT_TAGS
+#include "client-tags.h"
+#endif
 
 const char loadcfg_h_rcs[] = LOADCFG_H_VERSION;
 
@@ -775,6 +778,17 @@ struct configuration_spec * load_config(void)
                      "client-specific-tag '%s' lacks a description.", name);
                }
                *description = '\0';
+               /*
+                * The length is limited because we don't want truncated
+                * HTML caused by the cgi interface using static buffer
+                * sizes.
+                */
+               if (strlen(name) > CLIENT_TAG_LENGTH_MAX)
+               {
+                  log_error(LOG_LEVEL_FATAL,
+                     "client-specific-tag '%s' is longer than %d characters.",
+                     name, CLIENT_TAG_LENGTH_MAX);
+               }
                description++;
                register_tag(config->client_tags, name, description);
             }