From 6f48146e75e9877c4271ec239b763e6f3bc3babb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B8rn=20Erik=20Pedersen?= Date: Sat, 29 Feb 2020 12:05:06 +0100 Subject: [PATCH] identity: Fix potential infinite recursion in server change detection Fixes #6986 --- identity/identity.go | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/identity/identity.go b/identity/identity.go index d06710efe91..7e03120b496 100644 --- a/identity/identity.go +++ b/identity/identity.go @@ -24,14 +24,24 @@ func NewPathIdentity(typ, pat string) PathIdentity { // Identities stores identity providers. type Identities map[Identity]Provider -func (ids Identities) search(id Identity) Provider { - if v, found := ids[id]; found { +func (ids Identities) search(depth int, id Identity) Provider { + + if v, found := ids[id.GetIdentity()]; found { return v } + + depth++ + + // There may be infinite recursion in templates. + if depth > 100 { + // Bail out. + return nil + } + for _, v := range ids { switch t := v.(type) { case IdentitiesProvider: - if nested := t.GetIdentities().search(id); nested != nil { + if nested := t.GetIdentities().search(depth, id); nested != nil { return nested } } @@ -127,5 +137,5 @@ func (im *identityManager) GetIdentities() Identities { func (im *identityManager) Search(id Identity) Provider { im.Lock() defer im.Unlock() - return im.ids.search(id.GetIdentity()) + return im.ids.search(0, id.GetIdentity()) }