31 lines
954 B
Diff
31 lines
954 B
Diff
From 653f7dc379a20d79728e6e77a07a718d9475e4c0 Mon Sep 17 00:00:00 2001
|
|
From: Petr Stodulka <pstodulk@redhat.com>
|
|
Date: Wed, 28 Oct 2015 17:30:24 +0100
|
|
Subject: [PATCH 5/5] http: limit redirection depth
|
|
|
|
By default, libcurl will follow circular http redirects
|
|
forever. Let's put a cap on this so that somebody who can
|
|
trigger an automated fetch of an arbitrary repository (e.g.,
|
|
for CI) cannot convince git to loop infinitely.
|
|
|
|
The value chosen is 20, which is the same default that
|
|
Firefox uses.
|
|
---
|
|
http.c | 1 +
|
|
1 file changed, 1 insertion(+)
|
|
|
|
diff --git a/http.c b/http.c
|
|
index 8a71f9e..45348fb 100644
|
|
--- a/http.c
|
|
+++ b/http.c
|
|
@@ -396,6 +396,7 @@ static CURL *get_curl_handle(void)
|
|
}
|
|
|
|
curl_easy_setopt(result, CURLOPT_FOLLOWLOCATION, 1);
|
|
+ curl_easy_setopt(result, CURLOPT_MAXREDIRS, 20);
|
|
#if LIBCURL_VERSION_NUM >= 0x071301
|
|
curl_easy_setopt(result, CURLOPT_POSTREDIR, CURL_REDIR_POST_ALL);
|
|
#elif LIBCURL_VERSION_NUM >= 0x071101
|
|
--
|
|
2.1.0
|
|
|