| author | Lars Hjemli <hjemli@gmail.com> | 2007-05-15 21:28:40 (UTC) |
|---|---|---|
| committer | Lars Hjemli <hjemli@gmail.com> | 2007-05-15 21:32:25 (UTC) |
| commit | 47a81c77fdd017227632c4df9a0b7b135b8a738d (patch) (unidiff) | |
| tree | 5ffdd5f4c1af112d50e6bec01de722299ca2e7d1 /parsing.c | |
| parent | ad3b39d3b8443e142a6bfee34d527c99cd5f280d (diff) | |
| download | cgit-47a81c77fdd017227632c4df9a0b7b135b8a738d.zip cgit-47a81c77fdd017227632c4df9a0b7b135b8a738d.tar.gz cgit-47a81c77fdd017227632c4df9a0b7b135b8a738d.tar.bz2 | |
Restrict deep nesting of configfiles
There is no point in restricting the number of included config-
files, but there is a point in restricting the nestinglevel
of configfiles: to avoid recursive inclusions. This is easily
achieved by decrementing the static nesting-variable upon exit
from cgit_read_config().
Also fix some whitespace breakage.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| -rw-r--r-- | parsing.c | 10 |
1 files changed, 6 insertions, 4 deletions
| @@ -67,19 +67,21 @@ int cgit_read_config(const char *filename, configfn fn) | |||
| 67 | static int nesting; | 67 | static int nesting; |
| 68 | int len; | 68 | int len; |
| 69 | char line[256]; | 69 | char line[256]; |
| 70 | const char *value; | 70 | const char *value; |
| 71 | FILE *f; | 71 | FILE *f; |
| 72 | 72 | ||
| 73 | /* cancel the reading of yet another configfile after 16 invocations */ | 73 | /* cancel deeply nested include-commands */ |
| 74 | if (nesting++ > 16) | 74 | if (nesting > 8) |
| 75 | return -1; | 75 | return -1; |
| 76 | if (!(f = fopen(filename, "r"))) | 76 | if (!(f = fopen(filename, "r"))) |
| 77 | return -1; | 77 | return -1; |
| 78 | nesting++; | ||
| 78 | while((len = read_config_line(f, line, &value, sizeof(line))) > 0) | 79 | while((len = read_config_line(f, line, &value, sizeof(line))) > 0) |
| 79 | (*fn)(line, value); | 80 | (*fn)(line, value); |
| 81 | nesting--; | ||
| 80 | fclose(f); | 82 | fclose(f); |
| 81 | return 0; | 83 | return 0; |
| 82 | } | 84 | } |
| 83 | 85 | ||
| 84 | char *convert_query_hexchar(char *txt) | 86 | char *convert_query_hexchar(char *txt) |
| 85 | { | 87 | { |
| @@ -105,13 +107,13 @@ int cgit_parse_query(char *txt, configfn fn) | |||
| 105 | char *t, *value = NULL, c; | 107 | char *t, *value = NULL, c; |
| 106 | 108 | ||
| 107 | if (!txt) | 109 | if (!txt) |
| 108 | return 0; | 110 | return 0; |
| 109 | 111 | ||
| 110 | t = txt = xstrdup(txt); | 112 | t = txt = xstrdup(txt); |
| 111 | 113 | ||
| 112 | while((c=*t) != '\0') { | 114 | while((c=*t) != '\0') { |
| 113 | if (c=='=') { | 115 | if (c=='=') { |
| 114 | *t = '\0'; | 116 | *t = '\0'; |
| 115 | value = t+1; | 117 | value = t+1; |
| 116 | } else if (c=='+') { | 118 | } else if (c=='+') { |
| 117 | *t = ' '; | 119 | *t = ' '; |
| @@ -210,13 +212,13 @@ struct taginfo *cgit_parse_tag(struct tag *tag) | |||
| 210 | 212 | ||
| 211 | data = read_sha1_file(tag->object.sha1, &type, &size); | 213 | data = read_sha1_file(tag->object.sha1, &type, &size); |
| 212 | if (!data || type != OBJ_TAG) { | 214 | if (!data || type != OBJ_TAG) { |
| 213 | free(data); | 215 | free(data); |
| 214 | return 0; | 216 | return 0; |
| 215 | } | 217 | } |
| 216 | 218 | ||
| 217 | ret = xmalloc(sizeof(*ret)); | 219 | ret = xmalloc(sizeof(*ret)); |
| 218 | ret->tagger = NULL; | 220 | ret->tagger = NULL; |
| 219 | ret->tagger_email = NULL; | 221 | ret->tagger_email = NULL; |
| 220 | ret->tagger_date = 0; | 222 | ret->tagger_date = 0; |
| 221 | ret->msg = NULL; | 223 | ret->msg = NULL; |
| 222 | 224 | ||