From b4f4bd38e8a0d9afd30231cf999e73548bef5760 Mon Sep 17 00:00:00 2001
From: vaxerski <vaxry@vaxry.net>
Date: Wed, 20 Dec 2023 13:07:12 +0100
Subject: [PATCH] configmanager: set a limit to config variable substitutions

fixes #4198
---
 src/config/ConfigManager.cpp | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/config/ConfigManager.cpp b/src/config/ConfigManager.cpp
index 8afa627d..8ecfa87b 100644
--- a/src/config/ConfigManager.cpp
+++ b/src/config/ConfigManager.cpp
@@ -1478,7 +1478,10 @@ std::string CConfigManager::parseKeyword(const std::string& COMMAND, const std::
 void CConfigManager::applyUserDefinedVars(std::string& line, const size_t equalsPlace) {
     auto dollarPlace = line.find_first_of('$', equalsPlace);
 
+    int  times = 0;
+
     while (dollarPlace != std::string::npos) {
+        times++;
 
         const auto STRAFTERDOLLAR = line.substr(dollarPlace + 1);
         bool       found          = false;
@@ -1501,6 +1504,13 @@ void CConfigManager::applyUserDefinedVars(std::string& line, const size_t equals
         }
 
         dollarPlace = line.find_first_of('$', dollarPlace + 1);
+
+        if (times > 256 /* arbitrary limit */) {
+            line       = "";
+            parseError = "Maximum variable recursion limit hit. Evaluating the line led to too many variable substitutions.";
+            Debug::log(ERR, "Variable recursion limit hit in configmanager");
+            break;
+        }
     }
 }