From: Derrick Stolee <derrickstolee@xxxxxxxxxx>
The next change will start allowing us to parse bundle lists that are
downloaded from a provided bundle URI. Those lists might point to other
lists, which could proceed to an arbitrary depth (and even create
cycles). Restructure fetch_bundle_uri() to have an internal version that
has a recursion depth. Compare that to a new max_bundle_uri_depth
constant that is twice as high as we expect this depth to be for any
legitimate use of bundle list linking.
We can consider making max_bundle_uri_depth a configurable value if
there is demonstrated value in the future.
Signed-off-by: Derrick Stolee <derrickstolee@xxxxxxxxxx>
---
bundle-uri.c | 21 ++++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/bundle-uri.c b/bundle-uri.c
index 92354aa3bbd..b8ca6cd9493 100644
--- a/bundle-uri.c
+++ b/bundle-uri.c
@@ -336,11 +336,25 @@ static int unbundle_from_file(struct repository *r, const char *file)
return result;
}
-int fetch_bundle_uri(struct repository *r, const char *uri)
+/**
+ * This limits the recursion on fetch_bundle_uri_internal() when following
+ * bundle lists.
+ */
+static int max_bundle_uri_depth = 4;
+
+static int fetch_bundle_uri_internal(struct repository *r,
+ const char *uri,
+ int depth)
{
int result = 0;
char *filename;
+ if (depth >= max_bundle_uri_depth) {
+ warning(_("exceeded bundle URI recursion limit (%d)"),
+ max_bundle_uri_depth);
+ return -1;
+ }
+
if (!(filename = find_temp_filename())) {
result = -1;
goto cleanup;
@@ -368,6 +382,11 @@ cleanup:
return result;
}
+int fetch_bundle_uri(struct repository *r, const char *uri)
+{
+ return fetch_bundle_uri_internal(r, uri, 0);
+}
+
/**
* General API for {transport,connect}.c etc.
*/
--
gitgitgadget
