Author: Lars Hjemli <hjemli@gmail.com>
Restrict deep nesting of configfiles There is no point in restricting the number of included config- files, but there is a point in restricting the nestinglevel of configfiles: to avoid recursive inclusions. This is easily achieved by decrementing the static nesting-variable upon exit from cgit_read_config(). Also fix some whitespace breakage. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
parsing.c | 10 ++++++----
diff --git a/parsing.c b/parsing.c index 8e15e5aea9f32a0421c35ec0af944046c624d2ea..36b0f0c93399f78c8fb3336efafda20cc1b417f2 100644 --- a/parsing.c +++ b/parsing.c @@ -70,13 +70,15 @@ char line[256]; const char *value; FILE *f; - /* cancel the reading of yet another configfile after 16 invocations */ - if (nesting++ > 16) + /* cancel deeply nested include-commands */ + if (nesting > 8) return -1; if (!(f = fopen(filename, "r"))) return -1; + nesting++; while((len = read_config_line(f, line, &value, sizeof(line))) > 0) (*fn)(line, value); + nesting--; fclose(f); return 0; } @@ -108,7 +110,7 @@ if (!txt) return 0; t = txt = xstrdup(txt); - + while((c=*t) != '\0') { if (c=='=') { *t = '\0'; @@ -213,7 +215,7 @@ if (!data || type != OBJ_TAG) { free(data); return 0; } - + ret = xmalloc(sizeof(*ret)); ret->tagger = NULL; ret->tagger_email = NULL;