From 9a1741f466a695752027c74e8196f0683ba5a49b Mon Sep 17 00:00:00 2001
From: Brendan Dahl <brendan.dahl@gmail.com>
Date: Mon, 6 Feb 2012 21:04:53 -0800
Subject: [PATCH] Protect against a malicious setDatabase. Remove unneeded save
 data.

---
 extensions/firefox/components/PdfStreamConverter.js | 5 ++++-
 web/viewer.js                                       | 4 +---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/extensions/firefox/components/PdfStreamConverter.js b/extensions/firefox/components/PdfStreamConverter.js
index 54cc6890d..78a1f5a46 100644
--- a/extensions/firefox/components/PdfStreamConverter.js
+++ b/extensions/firefox/components/PdfStreamConverter.js
@@ -48,6 +48,9 @@ ChromeActions.prototype = {
   setDatabase: function(data) {
     if (this.inPrivateBrowswing)
       return;
+    // Protect against something sending tons of data to setDatabase.
+    if (data.length > 4096)
+      return;
     application.prefs.setValue(EXT_PREFIX + '.database', data);
   },
   getDatabase: function() {
@@ -142,7 +145,7 @@ PdfStreamConverter.prototype = {
     // Setup a global listener waiting for the next DOM to be created and verfiy
     // that its the one we want by its URL. When the correct DOM is found create
     // an event listener on that window for the pdf.js events that require
-    // chrome priviledges.
+    // chrome priviledges. Code snippet from John Galt.
     let window = aRequest.loadGroup.groupObserver
                   .QueryInterface(Ci.nsIWebProgress)
                   .DOMWindow;
diff --git a/web/viewer.js b/web/viewer.js
index 3aca926e9..5a1a1df03 100644
--- a/web/viewer.js
+++ b/web/viewer.js
@@ -109,7 +109,7 @@ var Settings = (function SettingsClosure() {
     var database = null;
     var index;
     if (isFirefoxExtension)
-      database = FirefoxCom.request('getDatabase', null);
+      database = FirefoxCom.request('getDatabase', null) || '{}';
     else if (isLocalStorageEnabled)
       database = localStorage.getItem('database') || '{}';
     else
@@ -131,8 +131,6 @@ var Settings = (function SettingsClosure() {
       index = database.files.push({fingerprint: fingerprint}) - 1;
     this.file = database.files[index];
     this.database = database;
-    if (isLocalStorageEnabled)
-      localStorage.setItem('database', JSON.stringify(database));
   }
 
   Settings.prototype = {