Restrict deep nesting of configfiles There is no point in restricting the number of included config- files, but there is a point in restricting the nestinglevel of configfiles: to avoid recursive inclusions. This is easily achieved by decrementing the static nesting-variable upon exit from cgit_read_config(). Also fix some whitespace breakage. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Lars Hjemli hjemli@gmail.com
Tue, 15 May 2007 23:28:40 +0200
1 files changed,
6 insertions(+),
4 deletions(-)
jump to
M
parsing.c
→
parsing.c
@@ -70,13 +70,15 @@ char line[256];
const char *value; FILE *f; - /* cancel the reading of yet another configfile after 16 invocations */ - if (nesting++ > 16) + /* cancel deeply nested include-commands */ + if (nesting > 8) return -1; if (!(f = fopen(filename, "r"))) return -1; + nesting++; while((len = read_config_line(f, line, &value, sizeof(line))) > 0) (*fn)(line, value); + nesting--; fclose(f); return 0; }@@ -108,7 +110,7 @@ if (!txt)
return 0; t = txt = xstrdup(txt); - + while((c=*t) != '\0') { if (c=='=') { *t = '\0';@@ -213,7 +215,7 @@ if (!data || type != OBJ_TAG) {
free(data); return 0; } - + ret = xmalloc(sizeof(*ret)); ret->tagger = NULL; ret->tagger_email = NULL;