[PATCH v2] scan-path: fix recursive or corss-linked directory infinite loops

Varphone Wong varphone at qq.com
Sat Apr 15 20:20:59 CEST 2017 

If there is some symbol in the scan-path that links to the . or .. or self more than one,
or cross-linked, the program will run in infinite loops, CPU 100%.

For example:
	# cgitrc
	scan-path=$HOME/cgit-test/repos

	$ mkdir -p ~/cgit-test/repos
	$ (cd ~/cgit-test/repos && ln -s . current && ln -s . another-current)
	  or
	$ (cd ~/cgit-test/repos && ln -s .. parent && ln -s .. another-parent)
	  or
	$ ln -s ~/cgit-test/repos ~/cgit-test/repos/self
	$ ln -s ~/cgit-test/repos ~/cgit-test/repos/another-self
	  or
	$ mkdir -p ~/cgit/cgit-test/repos/{a,b}
	$ ln -s ~/cgit-test/repos/a ~/cgit-test/repos/b/link-to-a
	$ ln -s ~/cgit-test/repos/b ~/cgit-test/repos/a/link-to-b
	$ ./cgit

Signed-off-by: Varphone Wong <varphone at qq.com>
---
 cgit.h      |  1 +
 scan-tree.c | 17 +++++++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/cgit.h b/cgit.h
index fbc6c6a..2aba89e 100644
--- a/cgit.h
+++ b/cgit.h
@@ -24,6 +24,7 @@
 #include <utf8.h>
 #include <notes.h>
 #include <graph.h>
+#include <mru.h>
 
 /* Add isgraph(x) to Git's sane ctype support (see git-compat-util.h) */
 #undef isgraph
diff --git a/scan-tree.c b/scan-tree.c
index 08f3f1d..47a4bb0 100644
--- a/scan-tree.c
+++ b/scan-tree.c
@@ -183,6 +183,20 @@ static void add_repo(const char *base, struct strbuf *path, repo_config_fn fn)
 	strbuf_release(&rel);
 }
 
+/* return 1 if symlink has been scanned */
+static int is_symlink_ino_scanned(ino_t ino)
+{
+	static struct mru inolist;
+	struct mru_entry *p;
+	for (p = inolist.head; p; p = p->next) {
+		if (p->item == (void *)ino)
+			return 1;
+	}
+	mru_append(&inolist, (void *)ino);
+	/* The inolist freed at program exit */
+	return 0;
+}
+
 static void scan_path(const char *base, const char *path, repo_config_fn fn)
 {
 	DIR *dir = opendir(path);
@@ -213,6 +227,9 @@ static void scan_path(const char *base, const char *path, repo_config_fn fn)
 	 */
 	pathlen++;
 	while ((ent = readdir(dir)) != NULL) {
+		/* Skip scanned symlinks to prevent infinite loops */
+		if ((ent->d_type == DT_LNK) && is_symlink_ino_scanned(ent->d_ino))
+			continue;
 		if (ent->d_name[0] == '.') {
 			if (ent->d_name[1] == '\0')
 				continue;
-- 
2.7.4

More information about the CGit mailing list