On 11/21/2011 4:24 PM, s...@apache.org wrote:
Author: sf
Date: Mon Nov 21 22:24:12 2011
New Revision: 1204730
URL: http://svn.apache.org/viewvc?rev=1204730&view=rev
Log:
Merge r1204087, 1204090:
Limit recursion in ap_expr evaluation to avoid unbounded stack usage
* evaluate chains of ||,&&, and string concatenation non-recursively
* limit other types of recursion to 20 levels
* avoid some string copies if concatenating more than 2 strings
URL:
http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/util_expr_eval.c?rev=1204730&r1=1204729&r2=1204730&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/server/util_expr_eval.c (original)
+++ httpd/httpd/branches/2.4.x/server/util_expr_eval.c Mon Nov 21 22:24:12 2011
@@ -56,10 +56,30 @@ static void expr_dump_tree(const ap_expr
int loglevel, int indent);
#endif
+/*
+ * To reduce counting overhead, we only count calls to
+ * ap_expr_eval_word() and ap_expr_eval(). The max number of
+ * stack frames is larger by some factor.
+ */
+#define AP_EXPR_MAX_RECURSION 20
+static int inc_rec(ap_expr_eval_ctx_t *ctx)
+{
+ if (ctx->reclvl< AP_EXPR_MAX_RECURSION) {
+ ctx->reclvl++;
+ return 0;
+ }
+ *ctx->err = "Recursion limit reached";
+ /* short circuit further evaluation */
+ ctx->reclvl = INT_MAX;
When did this project adopt Posix99? Not that I'm complaining
but that isn't a K&R construct (and this is the first such breakage
that I'm aware of.)
