Welcome to mirror list, hosted at ThFree Co, Russian Federation.

git.kernel.org/pub/scm/git/git.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDerrick Stolee <derrickstolee@github.com>2022-10-12 15:52:34 +0300
committerJunio C Hamano <gitster@pobox.com>2022-10-12 19:13:24 +0300
commit20c1e2a68bfcb85dd919c92a82c129cee215c23a (patch)
treea479e17003c043b6994cb134beda6f10786006f9 /bundle-uri.c
parent738e5245fa423fc43495e2e17e053365dc6b2fc0 (diff)
bundle-uri: limit recursion depth for bundle lists
The next change will start allowing us to parse bundle lists that are downloaded from a provided bundle URI. Those lists might point to other lists, which could proceed to an arbitrary depth (and even create cycles). Restructure fetch_bundle_uri() to have an internal version that has a recursion depth. Compare that to a new max_bundle_uri_depth constant that is twice as high as we expect this depth to be for any legitimate use of bundle list linking. We can consider making max_bundle_uri_depth a configurable value if there is demonstrated value in the future. Signed-off-by: Derrick Stolee <derrickstolee@github.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'bundle-uri.c')
-rw-r--r--bundle-uri.c21
1 files changed, 20 insertions, 1 deletions
diff --git a/bundle-uri.c b/bundle-uri.c
index 3d44ec2b1e..8a7c11c639 100644
--- a/bundle-uri.c
+++ b/bundle-uri.c
@@ -334,11 +334,25 @@ static int unbundle_from_file(struct repository *r, const char *file)
return result;
}
-int fetch_bundle_uri(struct repository *r, const char *uri)
+/**
+ * This limits the recursion on fetch_bundle_uri_internal() when following
+ * bundle lists.
+ */
+static int max_bundle_uri_depth = 4;
+
+static int fetch_bundle_uri_internal(struct repository *r,
+ const char *uri,
+ int depth)
{
int result = 0;
char *filename;
+ if (depth >= max_bundle_uri_depth) {
+ warning(_("exceeded bundle URI recursion limit (%d)"),
+ max_bundle_uri_depth);
+ return -1;
+ }
+
if (!(filename = find_temp_filename())) {
result = -1;
goto cleanup;
@@ -366,6 +380,11 @@ cleanup:
return result;
}
+int fetch_bundle_uri(struct repository *r, const char *uri)
+{
+ return fetch_bundle_uri_internal(r, uri, 0);
+}
+
/**
* General API for {transport,connect}.c etc.
*/