ref: 6f48146e75e9877c4271ec239b763e6f3bc3babb
parent: b0d850321e58a052ead25f7014b7851f63497601
author: Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com>
date: Sat Feb 29 07:05:06 EST 2020
identity: Fix potential infinite recursion in server change detection Fixes #6986
--- a/identity/identity.go
+++ b/identity/identity.go
@@ -24,14 +24,24 @@
// Identities stores identity providers.
type Identities map[Identity]Provider
-func (ids Identities) search(id Identity) Provider {- if v, found := ids[id]; found {+func (ids Identities) search(depth int, id Identity) Provider {+
+ if v, found := ids[id.GetIdentity()]; found {return v
}
+
+ depth++
+
+ // There may be infinite recursion in templates.
+ if depth > 100 {+ // Bail out.
+ return nil
+ }
+
for _, v := range ids { switch t := v.(type) {case IdentitiesProvider:
- if nested := t.GetIdentities().search(id); nested != nil {+ if nested := t.GetIdentities().search(depth, id); nested != nil {return nested
}
}
@@ -127,5 +137,5 @@
func (im *identityManager) Search(id Identity) Provider {im.Lock()
defer im.Unlock()
- return im.ids.search(id.GetIdentity())
+ return im.ids.search(0, id.GetIdentity())
}