mirrors/cgit
0
0
Fork 0
mirror of https://git.zx2c4.com/cgit synced 2024-11-22 16:38:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Restrict deep nesting of configfiles

Browse Source 
There is no point in restricting the number of included config-
files, but there is a point in restricting the nestinglevel
of configfiles: to avoid recursive inclusions. This is easily
achieved by decrementing the static nesting-variable upon exit
from cgit_read_config().

Also fix some whitespace breakage.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This commit is contained in:
Lars Hjemli 2007-05-15 23:28:40 +02:00
parent ad3b39d3b8
commit 47a81c77fd
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
parsing.c
View File

@ -70,13 +70,15 @@ int cgit_read_config(const char *filename, configfn fn)
const char *value; const char *value;
FILE *f; FILE *f;
/* cancel the reading of yet another configfile after 16 invocations */ /* cancel deeply nested include-commands */
if (nesting++ > 16) if (nesting > 8)
return -1; return -1;
if (!(f = fopen(filename, "r"))) if (!(f = fopen(filename, "r")))
return -1; return -1;
nesting++;
while((len = read_config_line(f, line, &value, sizeof(line))) > 0) while((len = read_config_line(f, line, &value, sizeof(line))) > 0)
(*fn)(line, value); (*fn)(line, value);
nesting--;
fclose(f); fclose(f);
return 0; return 0;
} }
@ -108,7 +110,7 @@ int cgit_parse_query(char *txt, configfn fn)
return 0; return 0;
t = txt = xstrdup(txt); t = txt = xstrdup(txt);
while((c=*t) != '\0') { while((c=*t) != '\0') {
if (c=='=') { if (c=='=') {
*t = '\0'; *t = '\0';
@ -213,7 +215,7 @@ struct taginfo *cgit_parse_tag(struct tag *tag)
free(data); free(data);
return 0; return 0;
} }
ret = xmalloc(sizeof(*ret)); ret = xmalloc(sizeof(*ret));
ret->tagger = NULL; ret->tagger = NULL;
ret->tagger_email = NULL; ret->tagger_email = NULL;