Merge pull request #4781 from nelhage/multiline-loop config: convert unbounded recursion into a loop
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83
diff --git a/src/config_parse.c b/src/config_parse.c
index eed6cf3..d40d47f 100644
--- a/src/config_parse.c
+++ b/src/config_parse.c
@@ -317,48 +317,43 @@ static int parse_multiline_variable(git_config_parser *reader, git_buf *value, i
{
char *line = NULL, *proc_line = NULL;
int quote_count;
- bool multiline;
+ bool multiline = true;
- /* Check that the next line exists */
- git_parse_advance_line(&reader->ctx);
- line = git__strndup(reader->ctx.line, reader->ctx.line_len);
- if (line == NULL)
- return -1;
+ while (multiline) {
+ /* Check that the next line exists */
+ git_parse_advance_line(&reader->ctx);
+ line = git__strndup(reader->ctx.line, reader->ctx.line_len);
+ if (line == NULL)
+ return -1;
- /* We've reached the end of the file, there is no continuation.
- * (this is not an error).
- */
- if (line[0] == '\0') {
- git__free(line);
- return 0;
- }
-
- quote_count = strip_comments(line, !!in_quotes);
+ /* We've reached the end of the file, there is no continuation.
+ * (this is not an error).
+ */
+ if (line[0] == '\0') {
+ git__free(line);
+ return 0;
+ }
- /* If it was just a comment, pretend it didn't exist */
- if (line[0] == '\0') {
- git__free(line);
- return parse_multiline_variable(reader, value, quote_count);
- /* TODO: unbounded recursion. This **could** be exploitable */
- }
+ quote_count = strip_comments(line, !!in_quotes);
- if (unescape_line(&proc_line, &multiline, line, in_quotes) < 0) {
- git__free(line);
- return -1;
- }
- /* add this line to the multiline var */
+ /* If it was just a comment, pretend it didn't exist */
+ if (line[0] == '\0') {
+ in_quotes = quote_count;
+ continue;
+ }
- git_buf_puts(value, proc_line);
- git__free(line);
- git__free(proc_line);
+ if (unescape_line(&proc_line, &multiline, line, in_quotes) < 0) {
+ git__free(line);
+ return -1;
+ }
+ /* add this line to the multiline var */
- /*
- * If we need to continue reading the next line, let's just
- * keep putting stuff in the buffer
- */
- if (multiline)
- return parse_multiline_variable(reader, value, quote_count);
+ git_buf_puts(value, proc_line);
+ git__free(line);
+ git__free(proc_line);
+ in_quotes = quote_count;
+ }
return 0;
}