Merge pull request from GHSA-pmw9-567p-68pc

Co-authored-by: Oliver Geiselhardt-Herms <[email protected]>
cloudflare · Oct 18, 2022 · 5f64bcd · 5f64bcd
1 parent 10191d9
commit 5f64bcd
Showing 1 changed file with 7 additions and 4 deletions.
diff --git a/cmd/octorpki/octorpki.go b/cmd/octorpki/octorpki.go
@@ -1234,10 +1234,6 @@ func (s *OctoRPKI) validationLoop() {
 
 		s.stats.Iteration++
 		iterationsUntilStable++
-		// GHSA-g5gj-9ggf-9vmq: Prevent infinite repository traversal
-		if iterationsUntilStable > *MaxIterations {
-			log.Fatal("Max iterations has been reached. This number can be adjusted with -max.iterations")
-		}
 		span.SetTag("iteration", s.stats.Iteration)
 
 		if *RRDP {
@@ -1264,6 +1260,13 @@ func (s *OctoRPKI) validationLoop() {
 		span.SetTag("stable", s.Stable.Load())
 		span.Finish()
 
+		// GHSA-g5gj-9ggf-9vmq: Prevent infinite repository traversal
+		if iterationsUntilStable > *MaxIterations {
+			// GHSA-pmw9-567p-68pc: Do not crash when MaxIterations is reached
+			log.Warning("Max iterations has been reached. Defining current state as stable and stoppping deeper validation. This number can be adjusted with -max.iterations")
+			s.Stable.Store(true)
+		}
+
 		if *Mode == "oneoff" && s.Stable.Load() {
 			log.Info("Stable, terminating")
 			break