Commit a03113e8 by Nelson Elhage

config: convert unbounded recursion into a loop

parent 8856337b
...@@ -317,8 +317,9 @@ static int parse_multiline_variable(git_config_parser *reader, git_buf *value, i ...@@ -317,8 +317,9 @@ static int parse_multiline_variable(git_config_parser *reader, git_buf *value, i
{ {
char *line = NULL, *proc_line = NULL; char *line = NULL, *proc_line = NULL;
int quote_count; int quote_count;
bool multiline; bool multiline = true;
while (multiline) {
/* Check that the next line exists */ /* Check that the next line exists */
git_parse_advance_line(&reader->ctx); git_parse_advance_line(&reader->ctx);
line = git__strndup(reader->ctx.line, reader->ctx.line_len); line = git__strndup(reader->ctx.line, reader->ctx.line_len);
...@@ -337,9 +338,8 @@ static int parse_multiline_variable(git_config_parser *reader, git_buf *value, i ...@@ -337,9 +338,8 @@ static int parse_multiline_variable(git_config_parser *reader, git_buf *value, i
/* If it was just a comment, pretend it didn't exist */ /* If it was just a comment, pretend it didn't exist */
if (line[0] == '\0') { if (line[0] == '\0') {
git__free(line); in_quotes = quote_count;
return parse_multiline_variable(reader, value, quote_count); continue;
/* TODO: unbounded recursion. This **could** be exploitable */
} }
if (unescape_line(&proc_line, &multiline, line, in_quotes) < 0) { if (unescape_line(&proc_line, &multiline, line, in_quotes) < 0) {
...@@ -352,13 +352,8 @@ static int parse_multiline_variable(git_config_parser *reader, git_buf *value, i ...@@ -352,13 +352,8 @@ static int parse_multiline_variable(git_config_parser *reader, git_buf *value, i
git__free(line); git__free(line);
git__free(proc_line); git__free(proc_line);
/* in_quotes = quote_count;
* If we need to continue reading the next line, let's just }
* keep putting stuff in the buffer
*/
if (multiline)
return parse_multiline_variable(reader, value, quote_count);
return 0; return 0;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment