From 814b07c3a21ca93265a7d54589b3ca077b4068a6 Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Mon, 11 May 2020 12:20:06 +0200
Subject: [PATCH] conf: detect infinite inclusion

Don't allow more than 10 nested inclusions using the include or
confdirs directive to cleanly handle a misconfiguration with a circular
inclusion.
---
 conf.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/conf.c b/conf.c
index bfab31c..2474922 100644
--- a/conf.c
+++ b/conf.c
@@ -46,6 +46,7 @@
 
 #define MAX_LINE_LENGTH 2048
 #define MAX_CONF_DIRS 10
+#define MAX_INCLUDE_LEVEL 10
 
 /* ================================================== */
 /* Forward prototypes */
@@ -291,6 +292,8 @@ static int line_number;
 static const char *processed_file;
 static const char *processed_command;
 
+static int include_level = 0;
+
 /* ================================================== */
 
 static void
@@ -433,6 +436,10 @@ CNF_ReadFile(const char *filename)
   char line[MAX_LINE_LENGTH];
   int i;
 
+  include_level++;
+  if (include_level > MAX_INCLUDE_LEVEL)
+    LOG_FATAL("Maximum include level reached");
+
   in = UTI_OpenFile(NULL, filename, NULL, 'R', 0);
 
   for (i = 1; fgets(line, sizeof(line), in); i++) {
@@ -440,6 +447,8 @@ CNF_ReadFile(const char *filename)
   }
 
   fclose(in);
+
+  include_level--;
 }
 
 /* ================================================== */