lighttpd
/
lighttpd1.4
2
0
Fork 0
Code Issues Releases Wiki Activity

[mod_webdav] limit webdav_propfind_dir() recursion

This commit is contained in:
Glenn Strauss 2020-06-11 22:11:42 -04:00
parent 965c47c85a
commit 1a02cd7e33
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/mod_webdav.c
View File

@ -2881,6 +2881,7 @@ typedef struct webdav_propfind_bufs {
int propname;
int lockdiscovery;
int depth;
int recursed;
struct stat st;
} webdav_propfind_bufs;
@ -3273,6 +3274,10 @@ webdav_propfind_resource (const webdav_propfind_bufs * const restrict pb)
static void
webdav_propfind_dir (webdav_propfind_bufs * const restrict pb)
{
/* arbitrary recursion limit to prevent infinite loops,
* e.g. due to symlink loops, or excessive resource usage */
if (++pb->recursed > 100) return;
physical_st * const dst = pb->dst;
const int dfd = fdevent_open_dirname(dst->path.ptr, 0);
DIR * const dir = (dfd >= 0) ? fdopendir(dfd) : NULL;
@ -3793,6 +3798,7 @@ mod_webdav_propfind (request_st * const r, const plugin_config * const pconf)
pb.allprop = 0;
pb.propname = 0;
pb.lockdiscovery= 0;
pb.recursed = 0;
pb.depth = webdav_parse_Depth(r);
/* future: might add config option to enable Depth: infinity