s3:loadparm: prevent infinite include nesting.

This introduces a hard coded MAX_INCLUDE_DEPTH of 100.
When this is exceeded, handle_include (and hence lp_load) fails.

One could of course implement a more intelligent loop detection
in the include-tree, but this would require some restructuring
of the internal loadparm housekeeping. Maybe as a second improvement
step.

Michael
(cherry picked from commit d5f2bbdc489b751331e86afae58b0d80c5fedb9c)
(cherry picked from commit bfd10fd322fe1721b8b45256cd988ed83b18a8a6)

1 files changed, 19 insertions, 2 deletions

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index c7bb47de604..68a6ca20300 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -6874,6 +6874,10 @@ done:
 	return ret;
 }
 
+#define MAX_INCLUDE_DEPTH 100
+
+static uint8_t include_depth;
+
 static struct file_lists {
 	struct file_lists *next;
 	char *name;
@@ -7061,12 +7065,22 @@ static bool handle_include(int snum, const char *pszParmValue, char **ptr)
 {
 	char *fname;
 
+	if (include_depth >= MAX_INCLUDE_DEPTH) {
+		DEBUG(0, ("Error: Maximum include depth (%u) exceeded!\n",
+			  include_depth));
+		return false;
+	}
+
 	if (strequal(pszParmValue, INCLUDE_REGISTRY_NAME)) {
 		if (!bAllowIncludeRegistry) {
 			return true;
 		}
 		if (bInGlobalSection) {
-			return process_registry_globals();
+			bool ret;
+			include_depth++;
+			ret = process_registry_globals();
+			include_depth--;
+			return ret;
 		} else {
 			DEBUG(1, ("\"include = registry\" only effective "
 				  "in %s section\n", GLOBAL_NAME));
@@ -7083,7 +7097,10 @@ static bool handle_include(int snum, const char *pszParmValue, char **ptr)
 	string_set(ptr, fname);
 
 	if (file_exist(fname)) {
-		bool ret = pm_process(fname, do_section, do_parameter, NULL);
+		bool ret;
+		include_depth++;
+		ret = pm_process(fname, do_section, do_parameter, NULL);
+		include_depth--;
 		SAFE_FREE(fname);
 		return ret;
 	}