~emersion/go-scfg

2ae16e7820824363fc2e198c97a6f69d670ffd9c — Simon Ser 4 months ago 0b4e72d master
Limit max block nesting depth
1 files changed, 15 insertions(+), 2 deletions(-)

M reader.go
M reader.go => reader.go +15 -2
@@ 8,6 8,9 @@ import (
	"strings"
)

// This limits the max block nesting depth to prevent stack overflows.
const maxNestingDepth = 1000

// Load loads a configuration file.
func Load(path string) (Block, error) {
	f, err := os.Open(path)


@@ 35,13 38,23 @@ func Read(r io.Reader) (Block, error) {
}

type decoder struct {
	scanner *bufio.Scanner
	lineno  int
	scanner    *bufio.Scanner
	lineno     int
	blockDepth int
}

// readBlock reads a block. closingBrace is true if parsing stopped on '}'
// (otherwise, it stopped on Scanner.Scan).
func (dec *decoder) readBlock() (block Block, closingBrace bool, err error) {
	dec.blockDepth++
	defer func() {
		dec.blockDepth--
	}()

	if dec.blockDepth >= maxNestingDepth {
		return nil, false, fmt.Errorf("exceeded max block depth")
	}

	for dec.scanner.Scan() {
		dec.lineno++