Gitweb links:
...log
http://git.netsurf-browser.org/netsurf.git/shortlog/8cec045cb7b433a0c0fc8000ad6bd09f67aaa0c8
...commit
http://git.netsurf-browser.org/netsurf.git/commit/8cec045cb7b433a0c0fc8000ad6bd09f67aaa0c8
...tree
http://git.netsurf-browser.org/netsurf.git/tree/8cec045cb7b433a0c0fc8000ad6bd09f67aaa0c8
The branch, master has been updated
via 8cec045cb7b433a0c0fc8000ad6bd09f67aaa0c8 (commit)
from 1cf1ec55bc7647e737d7ec41bfe1def721269c02 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commitdiff
http://git.netsurf-browser.org/netsurf.git/commit/?id=8cec045cb7b433a0c0fc8000ad6bd09f67aaa0c8
commit 8cec045cb7b433a0c0fc8000ad6bd09f67aaa0c8
Author: Vincent Sanders <[email protected]>
Commit: Vincent Sanders <[email protected]>
Improve the about scheme query page generation be be bounds safe
diff --git a/content/fetchers/about.c b/content/fetchers/about.c
index b5b5743..0a92221 100644
--- a/content/fetchers/about.c
+++ b/content/fetchers/about.c
@@ -80,9 +80,11 @@ struct about_handlers {
bool hidden; /**< If entry should be hidden in listing */
};
-/** issue fetch callbacks with locking */
-static inline bool fetch_about_send_callback(const fetch_msg *msg,
- struct fetch_about_context *ctx)
+/**
+ * issue fetch callbacks with locking
+ */
+static inline bool
+fetch_about_send_callback(const fetch_msg *msg, struct fetch_about_context
*ctx)
{
ctx->locked = true;
fetch_send_callback(msg, ctx->fetchh);
@@ -108,11 +110,39 @@ fetch_about_send_header(struct fetch_about_context *ctx,
const char *fmt, ...)
msg.data.header_or_data.buf = (const uint8_t *) header;
msg.data.header_or_data.len = strlen(header);
- fetch_about_send_callback(&msg, ctx);
-
- return ctx->aborted;
+ return fetch_about_send_callback(&msg, ctx);
}
+/**
+ * send formatted data on a fetch
+ */
+static nserror ssenddataf(struct fetch_about_context *ctx, const char *fmt,
...)
+{
+ char buffer[1024];
+ fetch_msg msg;
+ va_list ap;
+ int slen;
+
+ va_start(ap, fmt);
+
+ slen = vsnprintf(buffer, sizeof(buffer), fmt, ap);
+
+ va_end(ap);
+
+ if (slen >= (int)sizeof(buffer)) {
+ return NSERROR_NOSPACE;
+ }
+
+ msg.type = FETCH_DATA;
+ msg.data.header_or_data.buf = (const uint8_t *) buffer;
+ msg.data.header_or_data.len = slen;
+
+ if (fetch_about_send_callback(&msg, ctx)) {
+ return NSERROR_INVALID;
+ }
+
+ return NSERROR_OK;
+}
@@ -623,7 +653,37 @@ static bool fetch_about_srverror(struct
fetch_about_context *ctx)
/**
- * generate the description of the login request
+ * generate the description of the privacy query
+ */
+static nserror
+get_privacy_description(struct nsurl *url,
+ const char *reason,
+ char **out_str)
+{
+ nserror res;
+ char *url_s;
+ size_t url_l;
+ char *str = NULL;
+ const char *key = "PrivacyDescription";
+ res = nsurl_get(url, NSURL_SCHEME | NSURL_HOST, &url_s, &url_l);
+ if (res != NSERROR_OK) {
+ return res;
+ }
+
+ str = messages_get_buff(key, url_s, reason);
+
+ if ((str != NULL) && (strcmp(key, str) != 0)) {
+ *out_str = str;
+ } else {
+ *out_str = strdup(reason);
+ }
+ free(url_s);
+
+ return res;
+}
+
+/**
+ * generate the description of the login query
*/
static nserror
get_login_description(struct nsurl *url,
@@ -632,14 +692,14 @@ get_login_description(struct nsurl *url,
const char *password,
char **out_str)
{
+ nserror res;
char *url_s;
size_t url_l;
- nserror res;
char *str = NULL;
int slen;
const char *key;
- res = nsurl_get(url, NSURL_SCHEME | NSURL_HOST, &url_s, &url_l);
+ res = nsurl_get(url, NSURL_HOST, &url_s, &url_l);
if (res != NSERROR_OK) {
return res;
}
@@ -682,8 +742,6 @@ static bool fetch_about_query_auth_handler(struct
fetch_about_context *ctx)
{
nserror res;
fetch_msg msg;
- char buffer[1024];
- int slen;
char *url_s;
size_t url_l;
const char *realm = "";
@@ -723,11 +781,10 @@ static bool fetch_about_query_auth_handler(struct
fetch_about_context *ctx)
if (fetch_about_send_header(ctx, "Content-Type: text/html;
charset=utf-8"))
goto fetch_about_query_auth_handler_aborted;
- msg.type = FETCH_DATA;
- msg.data.header_or_data.buf = (const uint8_t *) buffer;
title = messages_get("LoginTitle");
- slen = snprintf(buffer, sizeof buffer,
+
+ res = ssenddataf(ctx,
"<html>\n<head>\n"
"<title>%s</title>\n"
"<link rel=\"stylesheet\" type=\"text/css\" "
@@ -736,9 +793,17 @@ static bool fetch_about_query_auth_handler(struct
fetch_about_context *ctx)
"<body id =\"authentication\">\n"
"<h1>%s</h1>\n",
title, title);
+ if (res != NSERROR_OK) {
+ goto fetch_about_query_auth_handler_aborted;
+ }
+
- slen += snprintf(buffer + slen, sizeof(buffer) - slen,
- "<form method=\"post\"
enctype=\"multipart/form-data\">");
+ res = ssenddataf(ctx,
+ "<form method=\"post\""
+ " enctype=\"multipart/form-data\">");
+ if (res != NSERROR_OK) {
+ goto fetch_about_query_auth_handler_aborted;
+ }
res = get_login_description(siteurl,
realm,
@@ -746,30 +811,36 @@ static bool fetch_about_query_auth_handler(struct
fetch_about_context *ctx)
password,
&description);
if (res == NSERROR_OK) {
- slen += snprintf(buffer + slen, sizeof(buffer) - slen,
- "<p>%s</p>",
- description);
+ res = ssenddataf(ctx, "<p>%s</p>", description);
free(description);
+ if (res != NSERROR_OK) {
+ goto fetch_about_query_auth_handler_aborted;
+ }
}
-
- slen += snprintf(buffer + slen, sizeof(buffer) - slen,
+ res = ssenddataf(ctx,
"<div>"
"<label for=\"name\">%s:</label>"
"<input type=\"text\" id=\"username\" "
"name=\"username\" value=\"%s\">"
"</div>",
messages_get("Username"), username);
+ if (res != NSERROR_OK) {
+ goto fetch_about_query_auth_handler_aborted;
+ }
- slen += snprintf(buffer + slen, sizeof(buffer) - slen,
+ res = ssenddataf(ctx,
"<div>"
"<label for=\"password\">%s:</label>"
"<input type=\"password\" id=\"password\" "
"name=\"password\" value=\"%s\">"
"</div>",
messages_get("Password"), password);
+ if (res != NSERROR_OK) {
+ goto fetch_about_query_auth_handler_aborted;
+ }
- slen += snprintf(buffer + slen, sizeof(buffer) - slen,
+ res = ssenddataf(ctx,
"<div id=\"buttons\">"
"<input type=\"submit\" id=\"cancel\" name=\"cancel\" "
"value=\"%s\">"
@@ -778,26 +849,33 @@ static bool fetch_about_query_auth_handler(struct
fetch_about_context *ctx)
"</div>",
messages_get("Cancel"),
messages_get("Login"));
+ if (res != NSERROR_OK) {
+ goto fetch_about_query_auth_handler_aborted;
+ }
res = nsurl_get(siteurl, NSURL_COMPLETE, &url_s, &url_l);
if (res != NSERROR_OK) {
url_s = strdup("");
}
- slen += snprintf(buffer + slen, sizeof(buffer) - slen,
+ res = ssenddataf(ctx,
"<input type=\"hidden\" name=\"siteurl\"
value=\"%s\">",
url_s);
free(url_s);
+ if (res != NSERROR_OK) {
+ goto fetch_about_query_auth_handler_aborted;
+ }
- slen += snprintf(buffer + slen, sizeof(buffer) - slen,
+ res = ssenddataf(ctx,
"<input type=\"hidden\" name=\"realm\" value=\"%s\">",
realm);
+ if (res != NSERROR_OK) {
+ goto fetch_about_query_auth_handler_aborted;
+ }
- slen += snprintf(buffer + slen, sizeof(buffer) - slen,
- "</form></body>\n</html>\n");
-
- msg.data.header_or_data.len = slen;
- if (fetch_about_send_callback(&msg, ctx))
+ res = ssenddataf(ctx, "</form></body>\n</html>\n");
+ if (res != NSERROR_OK) {
goto fetch_about_query_auth_handler_aborted;
+ }
msg.type = FETCH_FINISHED;
fetch_about_send_callback(&msg, ctx);
@@ -814,19 +892,18 @@ fetch_about_query_auth_handler_aborted:
}
/**
- * Handler to generate about scheme ssl query page
+ * Handler to generate about scheme privacy query page
*/
-static bool fetch_about_query_ssl_handler(struct fetch_about_context *ctx)
+static bool fetch_about_query_privacy_handler(struct fetch_about_context *ctx)
{
nserror res;
fetch_msg msg;
- char buffer[1024];
- int slen;
char *url_s;
size_t url_l;
const char *reason = "";
const char *title;
struct nsurl *siteurl = NULL;
+ char *description = NULL;
const struct fetch_multipart_data *curmd; /* mutipart data iterator */
/* extract parameters from multipart post data */
@@ -851,14 +928,12 @@ static bool fetch_about_query_ssl_handler(struct
fetch_about_context *ctx)
fetch_set_http_code(ctx->fetchh, 200);
/* content type */
- if (fetch_about_send_header(ctx, "Content-Type: text/html;
charset=utf-8"))
+ if (fetch_about_send_header(ctx, "Content-Type: text/html;
charset=utf-8")) {
goto fetch_about_query_ssl_handler_aborted;
-
- msg.type = FETCH_DATA;
- msg.data.header_or_data.buf = (const uint8_t *) buffer;
+ }
title = messages_get("PrivacyTitle");
- slen = snprintf(buffer, sizeof buffer,
+ res = ssenddataf(ctx,
"<html>\n<head>\n"
"<title>%s</title>\n"
"<link rel=\"stylesheet\" type=\"text/css\" "
@@ -867,16 +942,27 @@ static bool fetch_about_query_ssl_handler(struct
fetch_about_context *ctx)
"<body id =\"privacy\">\n"
"<h1>%s</h1>\n",
title, title);
+ if (res != NSERROR_OK) {
+ goto fetch_about_query_ssl_handler_aborted;
+ }
- slen += snprintf(buffer + slen, sizeof(buffer) - slen,
- "<p>%s</p>",
- reason);
-
- slen += snprintf(buffer + slen, sizeof(buffer) - slen,
- "<form method=\"post\"
enctype=\"multipart/form-data\">");
+ res = get_privacy_description(siteurl, reason, &description);
+ if (res == NSERROR_OK) {
+ res = ssenddataf(ctx, "<p>%s</p>", description);
+ free(description);
+ if (res != NSERROR_OK) {
+ goto fetch_about_query_ssl_handler_aborted;
+ }
+ }
+ res = ssenddataf(ctx,
+ "<form method=\"post\""
+ " enctype=\"multipart/form-data\">");
+ if (res != NSERROR_OK) {
+ goto fetch_about_query_ssl_handler_aborted;
+ }
- slen += snprintf(buffer + slen, sizeof(buffer) - slen,
+ res = ssenddataf(ctx,
"<div>"
"<input type=\"submit\" id=\"back\" name=\"back\" "
"value=\"%s\">"
@@ -885,22 +971,26 @@ static bool fetch_about_query_ssl_handler(struct
fetch_about_context *ctx)
"</div>",
messages_get("Backtosafety"),
messages_get("Proceed"));
+ if (res != NSERROR_OK) {
+ goto fetch_about_query_ssl_handler_aborted;
+ }
res = nsurl_get(siteurl, NSURL_COMPLETE, &url_s, &url_l);
if (res != NSERROR_OK) {
url_s = strdup("");
}
- slen += snprintf(buffer + slen, sizeof(buffer) - slen,
+ res = ssenddataf(ctx,
"<input type=\"hidden\" name=\"siteurl\"
value=\"%s\">",
url_s);
free(url_s);
+ if (res != NSERROR_OK) {
+ goto fetch_about_query_ssl_handler_aborted;
+ }
- slen += snprintf(buffer + slen, sizeof(buffer) - slen,
- "</form></body>\n</html>\n");
-
- msg.data.header_or_data.len = slen;
- if (fetch_about_send_callback(&msg, ctx))
+ res = ssenddataf(ctx, "</form></body>\n</html>\n");
+ if (res != NSERROR_OK) {
goto fetch_about_query_ssl_handler_aborted;
+ }
msg.type = FETCH_FINISHED;
fetch_about_send_callback(&msg, ctx);
@@ -1020,7 +1110,7 @@ struct about_handlers about_handler_list[] = {
"query/ssl",
SLEN("query/ssl"),
NULL,
- fetch_about_query_ssl_handler,
+ fetch_about_query_privacy_handler,
true
}
};
diff --git a/resources/FatMessages b/resources/FatMessages
index 3c6ca48..487fe31 100644
--- a/resources/FatMessages
+++ b/resources/FatMessages
@@ -2784,6 +2784,7 @@ nl.all.Cancel:Annuleer
#
en.all.PrivacyTitle:Privacy error
+en.all.PrivacyDescription:Attackers might be trying to steal your information
from %s (for example, passwords, messages or credit cards) %s
en.all.Proceed:Proceed
en.all.Backtosafety:Back to safety
-----------------------------------------------------------------------
Summary of changes:
content/fetchers/about.c | 196 +++++++++++++++++++++++++++++++++-------------
resources/FatMessages | 1 +
2 files changed, 144 insertions(+), 53 deletions(-)
diff --git a/content/fetchers/about.c b/content/fetchers/about.c
index b5b5743..0a92221 100644
--- a/content/fetchers/about.c
+++ b/content/fetchers/about.c
@@ -80,9 +80,11 @@ struct about_handlers {
bool hidden; /**< If entry should be hidden in listing */
};
-/** issue fetch callbacks with locking */
-static inline bool fetch_about_send_callback(const fetch_msg *msg,
- struct fetch_about_context *ctx)
+/**
+ * issue fetch callbacks with locking
+ */
+static inline bool
+fetch_about_send_callback(const fetch_msg *msg, struct fetch_about_context
*ctx)
{
ctx->locked = true;
fetch_send_callback(msg, ctx->fetchh);
@@ -108,11 +110,39 @@ fetch_about_send_header(struct fetch_about_context *ctx,
const char *fmt, ...)
msg.data.header_or_data.buf = (const uint8_t *) header;
msg.data.header_or_data.len = strlen(header);
- fetch_about_send_callback(&msg, ctx);
-
- return ctx->aborted;
+ return fetch_about_send_callback(&msg, ctx);
}
+/**
+ * send formatted data on a fetch
+ */
+static nserror ssenddataf(struct fetch_about_context *ctx, const char *fmt,
...)
+{
+ char buffer[1024];
+ fetch_msg msg;
+ va_list ap;
+ int slen;
+
+ va_start(ap, fmt);
+
+ slen = vsnprintf(buffer, sizeof(buffer), fmt, ap);
+
+ va_end(ap);
+
+ if (slen >= (int)sizeof(buffer)) {
+ return NSERROR_NOSPACE;
+ }
+
+ msg.type = FETCH_DATA;
+ msg.data.header_or_data.buf = (const uint8_t *) buffer;
+ msg.data.header_or_data.len = slen;
+
+ if (fetch_about_send_callback(&msg, ctx)) {
+ return NSERROR_INVALID;
+ }
+
+ return NSERROR_OK;
+}
@@ -623,7 +653,37 @@ static bool fetch_about_srverror(struct
fetch_about_context *ctx)
/**
- * generate the description of the login request
+ * generate the description of the privacy query
+ */
+static nserror
+get_privacy_description(struct nsurl *url,
+ const char *reason,
+ char **out_str)
+{
+ nserror res;
+ char *url_s;
+ size_t url_l;
+ char *str = NULL;
+ const char *key = "PrivacyDescription";
+ res = nsurl_get(url, NSURL_SCHEME | NSURL_HOST, &url_s, &url_l);
+ if (res != NSERROR_OK) {
+ return res;
+ }
+
+ str = messages_get_buff(key, url_s, reason);
+
+ if ((str != NULL) && (strcmp(key, str) != 0)) {
+ *out_str = str;
+ } else {
+ *out_str = strdup(reason);
+ }
+ free(url_s);
+
+ return res;
+}
+
+/**
+ * generate the description of the login query
*/
static nserror
get_login_description(struct nsurl *url,
@@ -632,14 +692,14 @@ get_login_description(struct nsurl *url,
const char *password,
char **out_str)
{
+ nserror res;
char *url_s;
size_t url_l;
- nserror res;
char *str = NULL;
int slen;
const char *key;
- res = nsurl_get(url, NSURL_SCHEME | NSURL_HOST, &url_s, &url_l);
+ res = nsurl_get(url, NSURL_HOST, &url_s, &url_l);
if (res != NSERROR_OK) {
return res;
}
@@ -682,8 +742,6 @@ static bool fetch_about_query_auth_handler(struct
fetch_about_context *ctx)
{
nserror res;
fetch_msg msg;
- char buffer[1024];
- int slen;
char *url_s;
size_t url_l;
const char *realm = "";
@@ -723,11 +781,10 @@ static bool fetch_about_query_auth_handler(struct
fetch_about_context *ctx)
if (fetch_about_send_header(ctx, "Content-Type: text/html;
charset=utf-8"))
goto fetch_about_query_auth_handler_aborted;
- msg.type = FETCH_DATA;
- msg.data.header_or_data.buf = (const uint8_t *) buffer;
title = messages_get("LoginTitle");
- slen = snprintf(buffer, sizeof buffer,
+
+ res = ssenddataf(ctx,
"<html>\n<head>\n"
"<title>%s</title>\n"
"<link rel=\"stylesheet\" type=\"text/css\" "
@@ -736,9 +793,17 @@ static bool fetch_about_query_auth_handler(struct
fetch_about_context *ctx)
"<body id =\"authentication\">\n"
"<h1>%s</h1>\n",
title, title);
+ if (res != NSERROR_OK) {
+ goto fetch_about_query_auth_handler_aborted;
+ }
+
- slen += snprintf(buffer + slen, sizeof(buffer) - slen,
- "<form method=\"post\"
enctype=\"multipart/form-data\">");
+ res = ssenddataf(ctx,
+ "<form method=\"post\""
+ " enctype=\"multipart/form-data\">");
+ if (res != NSERROR_OK) {
+ goto fetch_about_query_auth_handler_aborted;
+ }
res = get_login_description(siteurl,
realm,
@@ -746,30 +811,36 @@ static bool fetch_about_query_auth_handler(struct
fetch_about_context *ctx)
password,
&description);
if (res == NSERROR_OK) {
- slen += snprintf(buffer + slen, sizeof(buffer) - slen,
- "<p>%s</p>",
- description);
+ res = ssenddataf(ctx, "<p>%s</p>", description);
free(description);
+ if (res != NSERROR_OK) {
+ goto fetch_about_query_auth_handler_aborted;
+ }
}
-
- slen += snprintf(buffer + slen, sizeof(buffer) - slen,
+ res = ssenddataf(ctx,
"<div>"
"<label for=\"name\">%s:</label>"
"<input type=\"text\" id=\"username\" "
"name=\"username\" value=\"%s\">"
"</div>",
messages_get("Username"), username);
+ if (res != NSERROR_OK) {
+ goto fetch_about_query_auth_handler_aborted;
+ }
- slen += snprintf(buffer + slen, sizeof(buffer) - slen,
+ res = ssenddataf(ctx,
"<div>"
"<label for=\"password\">%s:</label>"
"<input type=\"password\" id=\"password\" "
"name=\"password\" value=\"%s\">"
"</div>",
messages_get("Password"), password);
+ if (res != NSERROR_OK) {
+ goto fetch_about_query_auth_handler_aborted;
+ }
- slen += snprintf(buffer + slen, sizeof(buffer) - slen,
+ res = ssenddataf(ctx,
"<div id=\"buttons\">"
"<input type=\"submit\" id=\"cancel\" name=\"cancel\" "
"value=\"%s\">"
@@ -778,26 +849,33 @@ static bool fetch_about_query_auth_handler(struct
fetch_about_context *ctx)
"</div>",
messages_get("Cancel"),
messages_get("Login"));
+ if (res != NSERROR_OK) {
+ goto fetch_about_query_auth_handler_aborted;
+ }
res = nsurl_get(siteurl, NSURL_COMPLETE, &url_s, &url_l);
if (res != NSERROR_OK) {
url_s = strdup("");
}
- slen += snprintf(buffer + slen, sizeof(buffer) - slen,
+ res = ssenddataf(ctx,
"<input type=\"hidden\" name=\"siteurl\"
value=\"%s\">",
url_s);
free(url_s);
+ if (res != NSERROR_OK) {
+ goto fetch_about_query_auth_handler_aborted;
+ }
- slen += snprintf(buffer + slen, sizeof(buffer) - slen,
+ res = ssenddataf(ctx,
"<input type=\"hidden\" name=\"realm\" value=\"%s\">",
realm);
+ if (res != NSERROR_OK) {
+ goto fetch_about_query_auth_handler_aborted;
+ }
- slen += snprintf(buffer + slen, sizeof(buffer) - slen,
- "</form></body>\n</html>\n");
-
- msg.data.header_or_data.len = slen;
- if (fetch_about_send_callback(&msg, ctx))
+ res = ssenddataf(ctx, "</form></body>\n</html>\n");
+ if (res != NSERROR_OK) {
goto fetch_about_query_auth_handler_aborted;
+ }
msg.type = FETCH_FINISHED;
fetch_about_send_callback(&msg, ctx);
@@ -814,19 +892,18 @@ fetch_about_query_auth_handler_aborted:
}
/**
- * Handler to generate about scheme ssl query page
+ * Handler to generate about scheme privacy query page
*/
-static bool fetch_about_query_ssl_handler(struct fetch_about_context *ctx)
+static bool fetch_about_query_privacy_handler(struct fetch_about_context *ctx)
{
nserror res;
fetch_msg msg;
- char buffer[1024];
- int slen;
char *url_s;
size_t url_l;
const char *reason = "";
const char *title;
struct nsurl *siteurl = NULL;
+ char *description = NULL;
const struct fetch_multipart_data *curmd; /* mutipart data iterator */
/* extract parameters from multipart post data */
@@ -851,14 +928,12 @@ static bool fetch_about_query_ssl_handler(struct
fetch_about_context *ctx)
fetch_set_http_code(ctx->fetchh, 200);
/* content type */
- if (fetch_about_send_header(ctx, "Content-Type: text/html;
charset=utf-8"))
+ if (fetch_about_send_header(ctx, "Content-Type: text/html;
charset=utf-8")) {
goto fetch_about_query_ssl_handler_aborted;
-
- msg.type = FETCH_DATA;
- msg.data.header_or_data.buf = (const uint8_t *) buffer;
+ }
title = messages_get("PrivacyTitle");
- slen = snprintf(buffer, sizeof buffer,
+ res = ssenddataf(ctx,
"<html>\n<head>\n"
"<title>%s</title>\n"
"<link rel=\"stylesheet\" type=\"text/css\" "
@@ -867,16 +942,27 @@ static bool fetch_about_query_ssl_handler(struct
fetch_about_context *ctx)
"<body id =\"privacy\">\n"
"<h1>%s</h1>\n",
title, title);
+ if (res != NSERROR_OK) {
+ goto fetch_about_query_ssl_handler_aborted;
+ }
- slen += snprintf(buffer + slen, sizeof(buffer) - slen,
- "<p>%s</p>",
- reason);
-
- slen += snprintf(buffer + slen, sizeof(buffer) - slen,
- "<form method=\"post\"
enctype=\"multipart/form-data\">");
+ res = get_privacy_description(siteurl, reason, &description);
+ if (res == NSERROR_OK) {
+ res = ssenddataf(ctx, "<p>%s</p>", description);
+ free(description);
+ if (res != NSERROR_OK) {
+ goto fetch_about_query_ssl_handler_aborted;
+ }
+ }
+ res = ssenddataf(ctx,
+ "<form method=\"post\""
+ " enctype=\"multipart/form-data\">");
+ if (res != NSERROR_OK) {
+ goto fetch_about_query_ssl_handler_aborted;
+ }
- slen += snprintf(buffer + slen, sizeof(buffer) - slen,
+ res = ssenddataf(ctx,
"<div>"
"<input type=\"submit\" id=\"back\" name=\"back\" "
"value=\"%s\">"
@@ -885,22 +971,26 @@ static bool fetch_about_query_ssl_handler(struct
fetch_about_context *ctx)
"</div>",
messages_get("Backtosafety"),
messages_get("Proceed"));
+ if (res != NSERROR_OK) {
+ goto fetch_about_query_ssl_handler_aborted;
+ }
res = nsurl_get(siteurl, NSURL_COMPLETE, &url_s, &url_l);
if (res != NSERROR_OK) {
url_s = strdup("");
}
- slen += snprintf(buffer + slen, sizeof(buffer) - slen,
+ res = ssenddataf(ctx,
"<input type=\"hidden\" name=\"siteurl\"
value=\"%s\">",
url_s);
free(url_s);
+ if (res != NSERROR_OK) {
+ goto fetch_about_query_ssl_handler_aborted;
+ }
- slen += snprintf(buffer + slen, sizeof(buffer) - slen,
- "</form></body>\n</html>\n");
-
- msg.data.header_or_data.len = slen;
- if (fetch_about_send_callback(&msg, ctx))
+ res = ssenddataf(ctx, "</form></body>\n</html>\n");
+ if (res != NSERROR_OK) {
goto fetch_about_query_ssl_handler_aborted;
+ }
msg.type = FETCH_FINISHED;
fetch_about_send_callback(&msg, ctx);
@@ -1020,7 +1110,7 @@ struct about_handlers about_handler_list[] = {
"query/ssl",
SLEN("query/ssl"),
NULL,
- fetch_about_query_ssl_handler,
+ fetch_about_query_privacy_handler,
true
}
};
diff --git a/resources/FatMessages b/resources/FatMessages
index 3c6ca48..487fe31 100644
--- a/resources/FatMessages
+++ b/resources/FatMessages
@@ -2784,6 +2784,7 @@ nl.all.Cancel:Annuleer
#
en.all.PrivacyTitle:Privacy error
+en.all.PrivacyDescription:Attackers might be trying to steal your information
from %s (for example, passwords, messages or credit cards) %s
en.all.Proceed:Proceed
en.all.Backtosafety:Back to safety
--
NetSurf Browser
_______________________________________________
netsurf-commits mailing list
[email protected]
http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/netsurf-commits-netsurf-browser.org
