| author | Lars Hjemli <hjemli@gmail.com> | 2007-05-15 21:28:40 (UTC) |
|---|---|---|
| committer | Lars Hjemli <hjemli@gmail.com> | 2007-05-15 21:32:25 (UTC) |
| commit | 47a81c77fdd017227632c4df9a0b7b135b8a738d (patch) (unidiff) | |
| tree | 5ffdd5f4c1af112d50e6bec01de722299ca2e7d1 | |
| parent | ad3b39d3b8443e142a6bfee34d527c99cd5f280d (diff) | |
| download | cgit-47a81c77fdd017227632c4df9a0b7b135b8a738d.zip cgit-47a81c77fdd017227632c4df9a0b7b135b8a738d.tar.gz cgit-47a81c77fdd017227632c4df9a0b7b135b8a738d.tar.bz2 | |
Restrict deep nesting of configfiles
There is no point in restricting the number of included config-
files, but there is a point in restricting the nestinglevel
of configfiles: to avoid recursive inclusions. This is easily
achieved by decrementing the static nesting-variable upon exit
from cgit_read_config().
Also fix some whitespace breakage.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| -rw-r--r-- | parsing.c | 10 |
1 files changed, 6 insertions, 4 deletions
| @@ -61,31 +61,33 @@ int read_config_line(FILE *f, char *line, const char **value, int bufsize) | |||
| 61 | line[i+1] = 0; | 61 | line[i+1] = 0; |
| 62 | return i; | 62 | return i; |
| 63 | } | 63 | } |
| 64 | 64 | ||
| 65 | int cgit_read_config(const char *filename, configfn fn) | 65 | int cgit_read_config(const char *filename, configfn fn) |
| 66 | { | 66 | { |
| 67 | static int nesting; | 67 | static int nesting; |
| 68 | int len; | 68 | int len; |
| 69 | char line[256]; | 69 | char line[256]; |
| 70 | const char *value; | 70 | const char *value; |
| 71 | FILE *f; | 71 | FILE *f; |
| 72 | 72 | ||
| 73 | /* cancel the reading of yet another configfile after 16 invocations */ | 73 | /* cancel deeply nested include-commands */ |
| 74 | if (nesting++ > 16) | 74 | if (nesting > 8) |
| 75 | return -1; | 75 | return -1; |
| 76 | if (!(f = fopen(filename, "r"))) | 76 | if (!(f = fopen(filename, "r"))) |
| 77 | return -1; | 77 | return -1; |
| 78 | nesting++; | ||
| 78 | while((len = read_config_line(f, line, &value, sizeof(line))) > 0) | 79 | while((len = read_config_line(f, line, &value, sizeof(line))) > 0) |
| 79 | (*fn)(line, value); | 80 | (*fn)(line, value); |
| 81 | nesting--; | ||
| 80 | fclose(f); | 82 | fclose(f); |
| 81 | return 0; | 83 | return 0; |
| 82 | } | 84 | } |
| 83 | 85 | ||
| 84 | char *convert_query_hexchar(char *txt) | 86 | char *convert_query_hexchar(char *txt) |
| 85 | { | 87 | { |
| 86 | int d1, d2; | 88 | int d1, d2; |
| 87 | if (strlen(txt) < 3) { | 89 | if (strlen(txt) < 3) { |
| 88 | *txt = '\0'; | 90 | *txt = '\0'; |
| 89 | return txt-1; | 91 | return txt-1; |
| 90 | } | 92 | } |
| 91 | d1 = hextoint(*(txt+1)); | 93 | d1 = hextoint(*(txt+1)); |
| @@ -99,25 +101,25 @@ char *convert_query_hexchar(char *txt) | |||
| 99 | return txt; | 101 | return txt; |
| 100 | } | 102 | } |
| 101 | } | 103 | } |
| 102 | 104 | ||
| 103 | int cgit_parse_query(char *txt, configfn fn) | 105 | int cgit_parse_query(char *txt, configfn fn) |
| 104 | { | 106 | { |
| 105 | char *t, *value = NULL, c; | 107 | char *t, *value = NULL, c; |
| 106 | 108 | ||
| 107 | if (!txt) | 109 | if (!txt) |
| 108 | return 0; | 110 | return 0; |
| 109 | 111 | ||
| 110 | t = txt = xstrdup(txt); | 112 | t = txt = xstrdup(txt); |
| 111 | 113 | ||
| 112 | while((c=*t) != '\0') { | 114 | while((c=*t) != '\0') { |
| 113 | if (c=='=') { | 115 | if (c=='=') { |
| 114 | *t = '\0'; | 116 | *t = '\0'; |
| 115 | value = t+1; | 117 | value = t+1; |
| 116 | } else if (c=='+') { | 118 | } else if (c=='+') { |
| 117 | *t = ' '; | 119 | *t = ' '; |
| 118 | } else if (c=='%') { | 120 | } else if (c=='%') { |
| 119 | t = convert_query_hexchar(t); | 121 | t = convert_query_hexchar(t); |
| 120 | } else if (c=='&') { | 122 | } else if (c=='&') { |
| 121 | *t = '\0'; | 123 | *t = '\0'; |
| 122 | (*fn)(txt, value); | 124 | (*fn)(txt, value); |
| 123 | txt = t+1; | 125 | txt = t+1; |
| @@ -204,25 +206,25 @@ struct taginfo *cgit_parse_tag(struct tag *tag) | |||
| 204 | { | 206 | { |
| 205 | void *data; | 207 | void *data; |
| 206 | enum object_type type; | 208 | enum object_type type; |
| 207 | unsigned long size; | 209 | unsigned long size; |
| 208 | char *p, *t; | 210 | char *p, *t; |
| 209 | struct taginfo *ret; | 211 | struct taginfo *ret; |
| 210 | 212 | ||
| 211 | data = read_sha1_file(tag->object.sha1, &type, &size); | 213 | data = read_sha1_file(tag->object.sha1, &type, &size); |
| 212 | if (!data || type != OBJ_TAG) { | 214 | if (!data || type != OBJ_TAG) { |
| 213 | free(data); | 215 | free(data); |
| 214 | return 0; | 216 | return 0; |
| 215 | } | 217 | } |
| 216 | 218 | ||
| 217 | ret = xmalloc(sizeof(*ret)); | 219 | ret = xmalloc(sizeof(*ret)); |
| 218 | ret->tagger = NULL; | 220 | ret->tagger = NULL; |
| 219 | ret->tagger_email = NULL; | 221 | ret->tagger_email = NULL; |
| 220 | ret->tagger_date = 0; | 222 | ret->tagger_date = 0; |
| 221 | ret->msg = NULL; | 223 | ret->msg = NULL; |
| 222 | 224 | ||
| 223 | p = data; | 225 | p = data; |
| 224 | 226 | ||
| 225 | while (p && *p) { | 227 | while (p && *p) { |
| 226 | if (*p == '\n') | 228 | if (*p == '\n') |
| 227 | break; | 229 | break; |
| 228 | 230 | ||