identity: Fix potential infinite recursion in server change detection

Fixes #6986
author: Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com> 2020-02-29 12:05:06 +0100
committer: Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com> 2020-02-29 15:12:56 +0100
commit: 6f48146e75e9877c4271ec239b763e6f3bc3babb (patch)
tree: 13b07f9d04a85e40f3a1c90beef10201049b8cb0 /identity
parent: b0d850321e58a052ead25f7014b7851f63497601 (diff)
1 files changed, 14 insertions, 4 deletions
diff --git a/identity/identity.go b/identity/identity.go
index d06710efe..7e03120b4 100644
--- a/identity/identity.go
+++ b/identity/identity.go
@@ -24,14 +24,24 @@ func NewPathIdentity(typ, pat string) PathIdentity {
 // Identities stores identity providers.
 type Identities map[Identity]Provider
 
-func (ids Identities) search(id Identity) Provider {
-	if v, found := ids[id]; found {
+func (ids Identities) search(depth int, id Identity) Provider {
+
+	if v, found := ids[id.GetIdentity()]; found {
 		return v
 	}
+
+	depth++
+
+	// There may be infinite recursion in templates.
+	if depth > 100 {
+		// Bail out.
+		return nil
+	}
+
 	for _, v := range ids {
 		switch t := v.(type) {
 		case IdentitiesProvider:
-			if nested := t.GetIdentities().search(id); nested != nil {
+			if nested := t.GetIdentities().search(depth, id); nested != nil {
 				return nested
 			}
 		}
@@ -127,5 +137,5 @@ func (im *identityManager) GetIdentities() Identities {
 func (im *identityManager) Search(id Identity) Provider {
 	im.Lock()
 	defer im.Unlock()
-	return im.ids.search(id.GetIdentity())
+	return im.ids.search(0, id.GetIdentity())
 }
author	Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com>	2020-02-29 12:05:06 +0100
committer	Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com>	2020-02-29 15:12:56 +0100
commit	6f48146e75e9877c4271ec239b763e6f3bc3babb (patch)
tree	13b07f9d04a85e40f3a1c90beef10201049b8cb0 /identity
parent	b0d850321e58a052ead25f7014b7851f63497601 (diff)