diff options
author | Bjørn Erik Pedersen <[email protected]> | 2020-02-29 12:05:06 +0100 |
---|---|---|
committer | Bjørn Erik Pedersen <[email protected]> | 2020-02-29 15:12:56 +0100 |
commit | 6f48146e75e9877c4271ec239b763e6f3bc3babb (patch) | |
tree | 13b07f9d04a85e40f3a1c90beef10201049b8cb0 | |
parent | b0d850321e58a052ead25f7014b7851f63497601 (diff) | |
download | hugo-6f48146e75e9877c4271ec239b763e6f3bc3babb.tar.gz hugo-6f48146e75e9877c4271ec239b763e6f3bc3babb.zip |
identity: Fix potential infinite recursion in server change detection
Fixes #6986
-rw-r--r-- | identity/identity.go | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/identity/identity.go b/identity/identity.go index d06710efe..7e03120b4 100644 --- a/identity/identity.go +++ b/identity/identity.go @@ -24,14 +24,24 @@ func NewPathIdentity(typ, pat string) PathIdentity { // Identities stores identity providers. type Identities map[Identity]Provider -func (ids Identities) search(id Identity) Provider { - if v, found := ids[id]; found { +func (ids Identities) search(depth int, id Identity) Provider { + + if v, found := ids[id.GetIdentity()]; found { return v } + + depth++ + + // There may be infinite recursion in templates. + if depth > 100 { + // Bail out. + return nil + } + for _, v := range ids { switch t := v.(type) { case IdentitiesProvider: - if nested := t.GetIdentities().search(id); nested != nil { + if nested := t.GetIdentities().search(depth, id); nested != nil { return nested } } @@ -127,5 +137,5 @@ func (im *identityManager) GetIdentities() Identities { func (im *identityManager) Search(id Identity) Provider { im.Lock() defer im.Unlock() - return im.ids.search(id.GetIdentity()) + return im.ids.search(0, id.GetIdentity()) } |