romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-06-03 09:54:17 +03:00
Code Issues Projects Releases Packages Wiki Activity

tool_parsecfg: detect and error on recursive --config use

Browse source 
The config file parser now has a maximum level of inclusions allowed (5)
to detect and prevent recursive inclusions of itself leading to badness.

Bonus: clean up return code handling from the config parser.

Test 774 verifies
Closes #19168
This commit is contained in:
Daniel Stenberg 2025-10-20 22:46:56 +02:00
parent b4f57c8045
commit 9e198618de
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
10 changed files with 72 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/tool_getparam.h
View file

@ -335,7 +335,6 @@ struct LongShort {
typedef enum {
PARAM_OK = 0,
PARAM_OPTION_AMBIGUOUS,
PARAM_OPTION_UNKNOWN,
PARAM_REQUIRES_PARAMETER,
PARAM_BAD_USE,
@ -358,6 +357,7 @@ typedef enum {
PARAM_EXPAND_ERROR, /* --expand problem */
PARAM_BLANK_STRING,
PARAM_VAR_SYNTAX, /* --variable syntax error */
PARAM_RECURSION,
PARAM_LAST
} ParameterError;
@ -368,7 +368,8 @@ const struct LongShort *findshortopt(char letter);
ParameterError getparameter(const char *flag, const char *nextarg,
bool *usedarg,
struct OperationConfig *config);
struct OperationConfig *config,
int max_recursive);
#ifdef UNITTESTS
void parse_cert_parameter(const char *cert_parameter,