Merge branch 'coredns:master' into master

Author: jdamick

caddy.go

@@ -149,7 +149,7 @@ func (i *Instance) Stop() error {
 	instancesMu.Lock()
 	for j, other := range instances {
 		if other == i {
-			instances[j] = nil
+			slices.Delete(instances, j, j+1)
 			instances = append(instances[:j], instances[j+1:]...)
 			break
 		}
@@ -503,7 +503,7 @@ func startWithListenerFds(cdyfile Input, inst *Instance, restartFds map[string][
 			instancesMu.Lock()
 			for i, otherInst := range instances {
 				if otherInst == inst {
-					instances[i] = nil
+					slices.Delete(instances, i, i+1)
 					instances = append(instances[:i], instances[i+1:]...)
 					break
 				}

caddyfile/parse.go

@@ -51,12 +51,22 @@ func allTokens(input io.Reader) ([]Token, error) {
 
 type parser struct {
 	Dispenser
-	block           ServerBlock // current server block being parsed
-	validDirectives []string    // a directive must be valid or it's an error
-	eof             bool        // if we encounter a valid EOF in a hard place
-	definedSnippets map[string][]Token
+	block             ServerBlock // current server block being parsed
+	validDirectives   []string    // a directive must be valid or it's an error
+	eof               bool        // if we encounter a valid EOF in a hard place
+	definedSnippets   map[string][]Token
+	snippetExpansions int // counts snippet imports expanded during this parse
+	fileExpansions    int // counts file/glob imports expanded during this parse
 }
 
+// maxSnippetExpansions is a hard cap to prevent excessively deep or cyclic snippet imports.
+// set as a variable to allow modifications for testing
+var maxSnippetExpansions = 10000
+
+// maxFileExpansions is a hard cap to prevent excessively deep or cyclic file imports.
+// set as a variable to allow modifications for testing
+var maxFileExpansions = 100000
+
 func (p *parser) parseAll() ([]ServerBlock, error) {
 	var blocks []ServerBlock
 
@@ -108,6 +118,16 @@ func (p *parser) begin() error {
 		if err != nil {
 			return err
 		}
+		// minimal guard: detect trivial self-import in snippet body
+		for i := 0; i+1 < len(tokens); i++ {
+			if tokens[i].Text == "import" {
+				// Only consider it an import directive if at start of a line
+				atLineStart := i == 0 || tokens[i-1].File != tokens[i].File || tokens[i-1].Line != tokens[i].Line
+				if atLineStart && replaceEnvVars(tokens[i+1].Text) == name {
+					return p.Errf("maximum snippet import depth (%d) exceeded", maxSnippetExpansions)
+				}
+			}
+		}
 		p.definedSnippets[name] = tokens
 		// empty block keys so we don't save this block as a real server.
 		p.block.Keys = nil
@@ -245,10 +265,18 @@ func (p *parser) doImport() error {
 	tokensAfter := p.tokens[p.cursor+1:]
 	var importedTokens []Token
 
-	// first check snippets. That is a simple, non-recursive replacement
+	// first check snippets. Count expansion and enforce cap.
 	if p.definedSnippets != nil && p.definedSnippets[importPattern] != nil {
+		if p.snippetExpansions >= maxSnippetExpansions {
+			return p.Errf("maximum snippet import depth (%d) exceeded", maxSnippetExpansions)
+		}
+		p.snippetExpansions++
 		importedTokens = p.definedSnippets[importPattern]
 	} else {
+		if p.fileExpansions >= maxFileExpansions {
+			return p.Errf("maximum file import depth (%d) exceeded", maxSnippetExpansions)
+		}
+		p.fileExpansions++
 		// make path relative to the file of the _token_ being processed rather
 		// than current working directory (issue #867) and then use glob to get
 		// list of matching filenames

caddyfile/parse_test.go

@@ -15,13 +15,20 @@
 package caddyfile
 
 import (
+	"fmt"
 	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
 	"testing"
 )
 
+func init() {
+	// set a lower limit for testing only
+	maxSnippetExpansions = 10
+	maxFileExpansions = 10
+}
+
 func TestAllTokens(t *testing.T) {
 	tests := []struct {
 		name     string
@@ -744,3 +751,84 @@ func TestSnippetAcrossMultipleFiles(t *testing.T) {
 		t.Errorf("Expected argument to be '%s' but was '%s'", expected, actual)
 	}
 }
+
+func TestSnippetImportCycle(t *testing.T) {
+	tests := []struct {
+		name  string
+		input string
+	}{
+		{
+			name: "direct self-import",
+			input: `
+	(loop) {
+	import loop
+	}
+	import loop
+	`,
+		},
+		{
+			name: "self-import via recursion",
+			input: `
+	(loop) {
+	{ }
+	import loop
+	}
+	import loop
+	`,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			p := testParser(tt.input)
+			_, err := p.parseAll()
+			if err == nil {
+				t.Fatalf("expected error for snippet self-import cycle, got nil")
+			}
+		})
+	}
+}
+
+func TestFileImportCycleError(t *testing.T) {
+	fileA := writeStringToTempFileOrDie(t, "")
+	defer os.Remove(fileA)
+	fileB := writeStringToTempFileOrDie(t, "")
+	defer os.Remove(fileB)
+
+	if err := ioutil.WriteFile(fileA, []byte("import "+fileB), 0644); err != nil {
+		t.Fatal(err)
+	}
+	if err := ioutil.WriteFile(fileB, []byte("import "+fileA), 0644); err != nil {
+		t.Fatal(err)
+	}
+
+	p := testParser("import " + fileA)
+	_, err := p.parseAll()
+	if err == nil {
+		t.Fatalf("expected error for file import cycle, got nil")
+	}
+}
+
+func TestFileImportDir(t *testing.T) {
+	dir, err := ioutil.TempDir("", t.Name())
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	// create 10x the maxFileExpansions files
+	// a single import with a glob should not error
+	for i := 0; i < maxFileExpansions*10; i++ {
+		fp := filepath.Join(dir, filepath.Base(dir)+"_"+fmt.Sprintf("%d", i))
+		if err := ioutil.WriteFile(fp, []byte(""), 0644); err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	input := "import " + filepath.Join(dir, "*")
+	p := testParser(input)
+	_, err = p.parseAll()
+	if err != nil {
+		t.Fatalf("unexpected error importing temp dir via glob: %v", err)
+	}
+}