bundle-uri: limit recursion depth for bundle lists

The next change will start allowing us to parse bundle lists that are
downloaded from a provided bundle URI. Those lists might point to other
lists, which could proceed to an arbitrary depth (and even create
cycles). Restructure fetch_bundle_uri() to have an internal version that
has a recursion depth. Compare that to a new max_bundle_uri_depth
constant that is twice as high as we expect this depth to be for any
legitimate use of bundle list linking.

We can consider making max_bundle_uri_depth a configurable value if
there is demonstrated value in the future.

Signed-off-by: Derrick Stolee <derrickstolee@github.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/bundle-uri.c b/bundle-uri.c
index 3d44ec2b1e6fcd745d86ae27748b90cb3f88c1a7..8a7c11c63934b339c1990648e9041c91aa43441b 100644 (file)
--- a/bundle-uri.c
+++ b/bundle-uri.c
@@ -334,11 +334,25 @@ static int unbundle_from_file(struct repository *r, const char *file)
        return result;
 }
 
-int fetch_bundle_uri(struct repository *r, const char *uri)
+/**
+ * This limits the recursion on fetch_bundle_uri_internal() when following
+ * bundle lists.
+ */
+static int max_bundle_uri_depth = 4;
+
+static int fetch_bundle_uri_internal(struct repository *r,
+                                    const char *uri,
+                                    int depth)
 {
        int result = 0;
        char *filename;
 
+       if (depth >= max_bundle_uri_depth) {
+               warning(_("exceeded bundle URI recursion limit (%d)"),
+                       max_bundle_uri_depth);
+               return -1;
+       }
+
        if (!(filename = find_temp_filename())) {
                result = -1;
                goto cleanup;
@@ -366,6 +380,11 @@ cleanup:
        return result;
 }
 
+int fetch_bundle_uri(struct repository *r, const char *uri)
+{
+       return fetch_bundle_uri_internal(r, uri, 0);
+}
+
 /**
  * General API for {transport,connect}.c etc.
  */