diff options
| author | Lars Hjemli <hjemli@gmail.com> | 2007-05-15 23:28:40 +0200 |
|---|---|---|
| committer | Lars Hjemli <hjemli@gmail.com> | 2007-05-15 23:32:25 +0200 |
| commit | 47a81c77fdd017227632c4df9a0b7b135b8a738d (patch) | |
| tree | 5ffdd5f4c1af112d50e6bec01de722299ca2e7d1 | |
| parent | Include cgit.conf in Makefile (diff) | |
| download | cgit-pink-47a81c77fdd017227632c4df9a0b7b135b8a738d.tar.gz cgit-pink-47a81c77fdd017227632c4df9a0b7b135b8a738d.zip | |
Restrict deep nesting of configfiles
There is no point in restricting the number of included config- files, but there is a point in restricting the nestinglevel of configfiles: to avoid recursive inclusions. This is easily achieved by decrementing the static nesting-variable upon exit from cgit_read_config(). Also fix some whitespace breakage. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| -rw-r--r-- | parsing.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/parsing.c b/parsing.c index 8e15e5a..36b0f0c 100644 --- a/parsing.c +++ b/parsing.c @@ -70,13 +70,15 @@ int cgit_read_config(const char *filename, configfn fn) const char *value; FILE *f; - /* cancel the reading of yet another configfile after 16 invocations */ - if (nesting++ > 16) + /* cancel deeply nested include-commands */ + if (nesting > 8) return -1; if (!(f = fopen(filename, "r"))) return -1; + nesting++; while((len = read_config_line(f, line, &value, sizeof(line))) > 0) (*fn)(line, value); + nesting--; fclose(f); return 0; } @@ -108,7 +110,7 @@ int cgit_parse_query(char *txt, configfn fn) return 0; t = txt = xstrdup(txt); - + while((c=*t) != '\0') { if (c=='=') { *t = '\0'; @@ -213,7 +215,7 @@ struct taginfo *cgit_parse_tag(struct tag *tag) free(data); return 0; } - + ret = xmalloc(sizeof(*ret)); ret->tagger = NULL; ret->tagger_email = NULL; |