Blame SOURCES/0005-http-limit-redirection-depth.patch

776a70
From 7f3bfdbc2670b4960242fa1b229dde6bcb2b463b Mon Sep 17 00:00:00 2001
776a70
From: Petr Stodulka <pstodulk@redhat.com>
776a70
Date: Fri, 23 Oct 2015 17:39:59 +0200
776a70
Subject: [PATCH 5/5] http: limit redirection depth
776a70
776a70
By default, libcurl will follow circular http redirects
776a70
forever. Let's put a cap on this so that somebody who can
776a70
trigger an automated fetch of an arbitrary repository (e.g.,
776a70
for CI) cannot convince git to loop infinitely.
776a70
776a70
The value chosen is 20, which is the same default that
776a70
Firefox uses.
776a70
---
776a70
 http.c | 1 +
776a70
 1 file changed, 1 insertion(+)
776a70
776a70
diff --git a/http.c b/http.c
776a70
index 235c2d5..a1c7dcb 100644
776a70
--- a/http.c
776a70
+++ b/http.c
776a70
@@ -298,6 +298,7 @@ static CURL *get_curl_handle(void)
776a70
 	}
776a70
 
776a70
 	curl_easy_setopt(result, CURLOPT_FOLLOWLOCATION, 1);
776a70
+	curl_easy_setopt(result, CURLOPT_MAXREDIRS, 20);
776a70
 #if LIBCURL_VERSION_NUM >= 0x071301
776a70
 	curl_easy_setopt(result, CURLOPT_POSTREDIR, CURL_REDIR_POST_ALL);
776a70
 #elif LIBCURL_VERSION_NUM >= 0x071101
776a70
-- 
776a70
2.1.0
776a70