[PATCH v2 8/9] bundle-uri: limit recursion depth for bundle lists
From: Derrick Stolee via GitGitGadget <hidden>
Date: 2022-09-09 14:34:21
Subsystem:
the rest · Maintainer:
Linus Torvalds
From: Derrick Stolee <redacted> The next change will start allowing us to parse bundle lists that are downloaded from a provided bundle URI. Those lists might point to other lists, which could proceed to an arbitrary depth (and even create cycles). Restructure fetch_bundle_uri() to have an internal version that has a recursion depth. Compare that to a new max_bundle_uri_depth constant that is twice as high as we expect this depth to be for any legitimate use of bundle list linking. We can consider making max_bundle_uri_depth a configurable value if there is demonstrated value in the future. Signed-off-by: Derrick Stolee <redacted> --- bundle-uri.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/bundle-uri.c b/bundle-uri.c
index 92354aa3bbd..b8ca6cd9493 100644
--- a/bundle-uri.c
+++ b/bundle-uri.c@@ -336,11 +336,25 @@ static int unbundle_from_file(struct repository *r, const char *file) return result; } -int fetch_bundle_uri(struct repository *r, const char *uri) +/** + * This limits the recursion on fetch_bundle_uri_internal() when following + * bundle lists. + */ +static int max_bundle_uri_depth = 4; + +static int fetch_bundle_uri_internal(struct repository *r, + const char *uri, + int depth) { int result = 0; char *filename; + if (depth >= max_bundle_uri_depth) { + warning(_("exceeded bundle URI recursion limit (%d)"), + max_bundle_uri_depth); + return -1; + } + if (!(filename = find_temp_filename())) { result = -1; goto cleanup;
@@ -368,6 +382,11 @@ cleanup: return result; } +int fetch_bundle_uri(struct repository *r, const char *uri) +{ + return fetch_bundle_uri_internal(r, uri, 0); +} + /** * General API for {transport,connect}.c etc. */
--
gitgitgadget