Defend against very large localstorage key names and values.

BUG=97209
Review URL: http://codereview.chromium.org/8026001

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@102636 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 7 insertions, 0 deletions

diff --git a/content/renderer/renderer_webstoragearea_impl.cc b/content/renderer/renderer_webstoragearea_impl.cc
index 4e6f2cf..c7ed9a9 100644
--- a/content/renderer/renderer_webstoragearea_impl.cc
+++ b/content/renderer/renderer_webstoragearea_impl.cc
@@ -7,8 +7,10 @@
 #include "content/common/dom_storage_messages.h"
 #include "content/renderer/render_thread.h"
 #include "content/renderer/render_view.h"
+#include "third_party/WebKit/Source/WebKit/chromium/public/WebStorageNamespace.h"
 #include "third_party/WebKit/Source/WebKit/chromium/public/WebURL.h"
 
+using WebKit::WebStorageNamespace;
 using WebKit::WebString;
 using WebKit::WebURL;
 
@@ -46,6 +48,11 @@ WebString RendererWebStorageAreaImpl::getItem(const WebString& key) {
 void RendererWebStorageAreaImpl::setItem(
     const WebString& key, const WebString& value, const WebURL& url,
     WebStorageArea::Result& result, WebString& old_value_webkit) {
+  const size_t kMaxKeyValueLength = WebStorageNamespace::m_localStorageQuota;
+  if (key.length() + value.length() > kMaxKeyValueLength) {
+    result = ResultBlockedByQuota;
+    return;
+  }
   NullableString16 old_value;
   RenderThread::current()->Send(new DOMStorageHostMsg_SetItem(
       storage_area_id_, key, value, url, &result, &old_value));