| author | Lars Hjemli <hjemli@gmail.com> | 2007-05-15 21:28:40 (UTC) |
|---|---|---|
| committer | Lars Hjemli <hjemli@gmail.com> | 2007-05-15 21:32:25 (UTC) |
| commit | 47a81c77fdd017227632c4df9a0b7b135b8a738d (patch) (unidiff) | |
| tree | 5ffdd5f4c1af112d50e6bec01de722299ca2e7d1 | |
| parent | ad3b39d3b8443e142a6bfee34d527c99cd5f280d (diff) | |
| download | cgit-47a81c77fdd017227632c4df9a0b7b135b8a738d.zip cgit-47a81c77fdd017227632c4df9a0b7b135b8a738d.tar.gz cgit-47a81c77fdd017227632c4df9a0b7b135b8a738d.tar.bz2 | |
Restrict deep nesting of configfiles
There is no point in restricting the number of included config-
files, but there is a point in restricting the nestinglevel
of configfiles: to avoid recursive inclusions. This is easily
achieved by decrementing the static nesting-variable upon exit
from cgit_read_config().
Also fix some whitespace breakage.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| -rw-r--r-- | parsing.c | 6 |
1 files changed, 4 insertions, 2 deletions
| @@ -70,13 +70,15 @@ int cgit_read_config(const char *filename, configfn fn) | |||
| 70 | const char *value; | 70 | const char *value; |
| 71 | FILE *f; | 71 | FILE *f; |
| 72 | 72 | ||
| 73 | /* cancel the reading of yet another configfile after 16 invocations */ | 73 | /* cancel deeply nested include-commands */ |
| 74 | if (nesting++ > 16) | 74 | if (nesting > 8) |
| 75 | return -1; | 75 | return -1; |
| 76 | if (!(f = fopen(filename, "r"))) | 76 | if (!(f = fopen(filename, "r"))) |
| 77 | return -1; | 77 | return -1; |
| 78 | nesting++; | ||
| 78 | while((len = read_config_line(f, line, &value, sizeof(line))) > 0) | 79 | while((len = read_config_line(f, line, &value, sizeof(line))) > 0) |
| 79 | (*fn)(line, value); | 80 | (*fn)(line, value); |
| 81 | nesting--; | ||
| 80 | fclose(f); | 82 | fclose(f); |
| 81 | return 0; | 83 | return 0; |
| 82 | } | 84 | } |