bugfix: Adding depth limit to resolveExprPath

There is no termination condition for evaluation of cyclical expression paths which can lead to infinite loops. This addresses one spot in the parser in a similar fashion as utils.cc/canonPath does. This issue can be reproduced by something like: ``` ln -s a b ln -s b a nix-instantiate -E 'import ./a' ```
author: Dima <dgoldin+github@protonmail.ch> 2019-12-13 14:44:14 +0100
committer: Dima <dgoldin+github@protonmail.ch> 2019-12-13 14:51:30 +0100
commit: d89d9958a771fb6299eae084c1b52d0ecf95901b (patch)
tree: 31babc5f12da18325771f0283b7f4264220f9e37 /src
parent: 3e787423c22c34d65fd6fe0cdf2e6ec333d81c0b (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/src/libexpr/parser.y b/src/libexpr/parser.y
index 10a057062..df55986f6 100644
--- a/src/libexpr/parser.y
+++ b/src/libexpr/parser.y
@@ -576,10 +576,15 @@ Path resolveExprPath(Path path)
 {
     assert(path[0] == '/');
 
+    unsigned int followCount = 0, maxFollow = 1024;
+
     /* If `path' is a symlink, follow it.  This is so that relative
        path references work. */
     struct stat st;
     while (true) {
+        // Basic cycle/depth limit to avoid infinite loops.
+        if (++followCount >= maxFollow)
+          throw Error(format("can't resolve expression. infinite symlink recursion in path '%1%'") % path);
         if (lstat(path.c_str(), &st))
             throw SysError(format("getting status of '%1%'") % path);
         if (!S_ISLNK(st.st_mode)) break;
author	Dima <dgoldin+github@protonmail.ch>	2019-12-13 14:44:14 +0100
committer	Dima <dgoldin+github@protonmail.ch>	2019-12-13 14:51:30 +0100
commit	d89d9958a771fb6299eae084c1b52d0ecf95901b (patch)
tree	31babc5f12da18325771f0283b7f4264220f9e37 /src
parent	3e787423c22c34d65fd6fe0cdf2e6ec333d81c0b (diff)