Blame SOURCES/0005-http-limit-redirection-depth.patch
|
 |
fdd391 |
From 7f3bfdbc2670b4960242fa1b229dde6bcb2b463b Mon Sep 17 00:00:00 2001
|
|
|
fdd391 |
From: Petr Stodulka <pstodulk@redhat.com>
|
|
|
fdd391 |
Date: Fri, 23 Oct 2015 17:39:59 +0200
|
|
|
fdd391 |
Subject: [PATCH 5/5] http: limit redirection depth
|
|
|
fdd391 |
|
|
|
fdd391 |
By default, libcurl will follow circular http redirects
|
|
|
fdd391 |
forever. Let's put a cap on this so that somebody who can
|
|
|
fdd391 |
trigger an automated fetch of an arbitrary repository (e.g.,
|
|
|
fdd391 |
for CI) cannot convince git to loop infinitely.
|
|
|
fdd391 |
|
|
|
fdd391 |
The value chosen is 20, which is the same default that
|
|
|
fdd391 |
Firefox uses.
|
|
|
fdd391 |
---
|
|
|
fdd391 |
http.c | 1 +
|
|
|
fdd391 |
1 file changed, 1 insertion(+)
|
|
|
fdd391 |
|
|
|
fdd391 |
diff --git a/http.c b/http.c
|
|
|
fdd391 |
index 235c2d5..a1c7dcb 100644
|
|
|
fdd391 |
--- a/http.c
|
|
|
fdd391 |
+++ b/http.c
|
|
|
fdd391 |
@@ -298,6 +298,7 @@ static CURL *get_curl_handle(void)
|
|
|
fdd391 |
}
|
|
|
fdd391 |
|
|
|
fdd391 |
curl_easy_setopt(result, CURLOPT_FOLLOWLOCATION, 1);
|
|
|
fdd391 |
+ curl_easy_setopt(result, CURLOPT_MAXREDIRS, 20);
|
|
|
fdd391 |
#if LIBCURL_VERSION_NUM >= 0x071301
|
|
|
fdd391 |
curl_easy_setopt(result, CURLOPT_POSTREDIR, CURL_REDIR_POST_ALL);
|
|
|
fdd391 |
#elif LIBCURL_VERSION_NUM >= 0x071101
|
|
|
fdd391 |
--
|
|
|
fdd391 |
2.1.0
|
|
|
fdd391 |
|