about summary refs log tree commit diff
diff options
context:
space:
mode:
authorLars Hjemli <hjemli@gmail.com>2007-05-15 23:28:40 +0200
committerLars Hjemli <hjemli@gmail.com>2007-05-15 23:32:25 +0200
commit47a81c77fdd017227632c4df9a0b7b135b8a738d (patch)
tree5ffdd5f4c1af112d50e6bec01de722299ca2e7d1
parentInclude cgit.conf in Makefile (diff)
downloadcgit-pink-47a81c77fdd017227632c4df9a0b7b135b8a738d.tar.gz
cgit-pink-47a81c77fdd017227632c4df9a0b7b135b8a738d.zip
Restrict deep nesting of configfiles
There is no point in restricting the number of included config-
files, but there is a point in restricting the nestinglevel
of configfiles: to avoid recursive inclusions. This is easily
achieved by decrementing the static nesting-variable upon exit
from cgit_read_config().

Also fix some whitespace breakage.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
-rw-r--r--parsing.c10
1 files changed, 6 insertions, 4 deletions
diff --git a/parsing.c b/parsing.c
index 8e15e5a..36b0f0c 100644
--- a/parsing.c
+++ b/parsing.c
@@ -70,13 +70,15 @@ int cgit_read_config(const char *filename, configfn fn)
 	const char *value;
 	FILE *f;
 
-	/* cancel the reading of yet another configfile after 16 invocations */
-	if (nesting++ > 16)
+	/* cancel deeply nested include-commands */
+	if (nesting > 8)
 		return -1;
 	if (!(f = fopen(filename, "r")))
 		return -1;
+	nesting++;
 	while((len = read_config_line(f, line, &value, sizeof(line))) > 0)
 		(*fn)(line, value);
+	nesting--;
 	fclose(f);
 	return 0;
 }
@@ -108,7 +110,7 @@ int cgit_parse_query(char *txt, configfn fn)
 		return 0;
 
 	t = txt = xstrdup(txt);
- 
+
 	while((c=*t) != '\0') {
 		if (c=='=') {
 			*t = '\0';
@@ -213,7 +215,7 @@ struct taginfo *cgit_parse_tag(struct tag *tag)
 		free(data);
 		return 0;
 	}
-	
+
 	ret = xmalloc(sizeof(*ret));
 	ret->tagger = NULL;
 	ret->tagger_email = NULL;