builtin / update-ref.con commit submodule: allow erroneous values for the fetchRecurseSubmodules option (027771f)
   1#include "cache.h"
   2#include "refs.h"
   3#include "builtin.h"
   4#include "parse-options.h"
   5#include "quote.h"
   6#include "argv-array.h"
   7
   8static const char * const git_update_ref_usage[] = {
   9        N_("git update-ref [<options>] -d <refname> [<old-val>]"),
  10        N_("git update-ref [<options>]    <refname> <new-val> [<old-val>]"),
  11        N_("git update-ref [<options>] --stdin [-z]"),
  12        NULL
  13};
  14
  15static char line_termination = '\n';
  16static int update_flags;
  17static const char *msg;
  18
  19/*
  20 * Parse one whitespace- or NUL-terminated, possibly C-quoted argument
  21 * and append the result to arg.  Return a pointer to the terminator.
  22 * Die if there is an error in how the argument is C-quoted.  This
  23 * function is only used if not -z.
  24 */
  25static const char *parse_arg(const char *next, struct strbuf *arg)
  26{
  27        if (*next == '"') {
  28                const char *orig = next;
  29
  30                if (unquote_c_style(arg, next, &next))
  31                        die("badly quoted argument: %s", orig);
  32                if (*next && !isspace(*next))
  33                        die("unexpected character after quoted argument: %s", orig);
  34        } else {
  35                while (*next && !isspace(*next))
  36                        strbuf_addch(arg, *next++);
  37        }
  38
  39        return next;
  40}
  41
  42/*
  43 * Parse the reference name immediately after "command SP".  If not
  44 * -z, then handle C-quoting.  Return a pointer to a newly allocated
  45 * string containing the name of the reference, or NULL if there was
  46 * an error.  Update *next to point at the character that terminates
  47 * the argument.  Die if C-quoting is malformed or the reference name
  48 * is invalid.
  49 */
  50static char *parse_refname(struct strbuf *input, const char **next)
  51{
  52        struct strbuf ref = STRBUF_INIT;
  53
  54        if (line_termination) {
  55                /* Without -z, use the next argument */
  56                *next = parse_arg(*next, &ref);
  57        } else {
  58                /* With -z, use everything up to the next NUL */
  59                strbuf_addstr(&ref, *next);
  60                *next += ref.len;
  61        }
  62
  63        if (!ref.len) {
  64                strbuf_release(&ref);
  65                return NULL;
  66        }
  67
  68        if (check_refname_format(ref.buf, REFNAME_ALLOW_ONELEVEL))
  69                die("invalid ref format: %s", ref.buf);
  70
  71        return strbuf_detach(&ref, NULL);
  72}
  73
  74/*
  75 * The value being parsed is <oldvalue> (as opposed to <newvalue>; the
  76 * difference affects which error messages are generated):
  77 */
  78#define PARSE_SHA1_OLD 0x01
  79
  80/*
  81 * For backwards compatibility, accept an empty string for update's
  82 * <newvalue> in binary mode to be equivalent to specifying zeros.
  83 */
  84#define PARSE_SHA1_ALLOW_EMPTY 0x02
  85
  86/*
  87 * Parse an argument separator followed by the next argument, if any.
  88 * If there is an argument, convert it to a SHA-1, write it to sha1,
  89 * set *next to point at the character terminating the argument, and
  90 * return 0.  If there is no argument at all (not even the empty
  91 * string), return 1 and leave *next unchanged.  If the value is
  92 * provided but cannot be converted to a SHA-1, die.  flags can
  93 * include PARSE_SHA1_OLD and/or PARSE_SHA1_ALLOW_EMPTY.
  94 */
  95static int parse_next_sha1(struct strbuf *input, const char **next,
  96                           unsigned char *sha1,
  97                           const char *command, const char *refname,
  98                           int flags)
  99{
 100        struct strbuf arg = STRBUF_INIT;
 101        int ret = 0;
 102
 103        if (*next == input->buf + input->len)
 104                goto eof;
 105
 106        if (line_termination) {
 107                /* Without -z, consume SP and use next argument */
 108                if (!**next || **next == line_termination)
 109                        return 1;
 110                if (**next != ' ')
 111                        die("%s %s: expected SP but got: %s",
 112                            command, refname, *next);
 113                (*next)++;
 114                *next = parse_arg(*next, &arg);
 115                if (arg.len) {
 116                        if (get_sha1(arg.buf, sha1))
 117                                goto invalid;
 118                } else {
 119                        /* Without -z, an empty value means all zeros: */
 120                        hashclr(sha1);
 121                }
 122        } else {
 123                /* With -z, read the next NUL-terminated line */
 124                if (**next)
 125                        die("%s %s: expected NUL but got: %s",
 126                            command, refname, *next);
 127                (*next)++;
 128                if (*next == input->buf + input->len)
 129                        goto eof;
 130                strbuf_addstr(&arg, *next);
 131                *next += arg.len;
 132
 133                if (arg.len) {
 134                        if (get_sha1(arg.buf, sha1))
 135                                goto invalid;
 136                } else if (flags & PARSE_SHA1_ALLOW_EMPTY) {
 137                        /* With -z, treat an empty value as all zeros: */
 138                        warning("%s %s: missing <newvalue>, treating as zero",
 139                                command, refname);
 140                        hashclr(sha1);
 141                } else {
 142                        /*
 143                         * With -z, an empty non-required value means
 144                         * unspecified:
 145                         */
 146                        ret = 1;
 147                }
 148        }
 149
 150        strbuf_release(&arg);
 151
 152        return ret;
 153
 154 invalid:
 155        die(flags & PARSE_SHA1_OLD ?
 156            "%s %s: invalid <oldvalue>: %s" :
 157            "%s %s: invalid <newvalue>: %s",
 158            command, refname, arg.buf);
 159
 160 eof:
 161        die(flags & PARSE_SHA1_OLD ?
 162            "%s %s: unexpected end of input when reading <oldvalue>" :
 163            "%s %s: unexpected end of input when reading <newvalue>",
 164            command, refname);
 165}
 166
 167
 168/*
 169 * The following five parse_cmd_*() functions parse the corresponding
 170 * command.  In each case, next points at the character following the
 171 * command name and the following space.  They each return a pointer
 172 * to the character terminating the command, and die with an
 173 * explanatory message if there are any parsing problems.  All of
 174 * these functions handle either text or binary format input,
 175 * depending on how line_termination is set.
 176 */
 177
 178static const char *parse_cmd_update(struct ref_transaction *transaction,
 179                                    struct strbuf *input, const char *next)
 180{
 181        struct strbuf err = STRBUF_INIT;
 182        char *refname;
 183        unsigned char new_sha1[20];
 184        unsigned char old_sha1[20];
 185        int have_old;
 186
 187        refname = parse_refname(input, &next);
 188        if (!refname)
 189                die("update: missing <ref>");
 190
 191        if (parse_next_sha1(input, &next, new_sha1, "update", refname,
 192                            PARSE_SHA1_ALLOW_EMPTY))
 193                die("update %s: missing <newvalue>", refname);
 194
 195        have_old = !parse_next_sha1(input, &next, old_sha1, "update", refname,
 196                                    PARSE_SHA1_OLD);
 197
 198        if (*next != line_termination)
 199                die("update %s: extra input: %s", refname, next);
 200
 201        if (ref_transaction_update(transaction, refname,
 202                                   new_sha1, have_old ? old_sha1 : NULL,
 203                                   update_flags, msg, &err))
 204                die("%s", err.buf);
 205
 206        update_flags = 0;
 207        free(refname);
 208        strbuf_release(&err);
 209
 210        return next;
 211}
 212
 213static const char *parse_cmd_create(struct ref_transaction *transaction,
 214                                    struct strbuf *input, const char *next)
 215{
 216        struct strbuf err = STRBUF_INIT;
 217        char *refname;
 218        unsigned char new_sha1[20];
 219
 220        refname = parse_refname(input, &next);
 221        if (!refname)
 222                die("create: missing <ref>");
 223
 224        if (parse_next_sha1(input, &next, new_sha1, "create", refname, 0))
 225                die("create %s: missing <newvalue>", refname);
 226
 227        if (is_null_sha1(new_sha1))
 228                die("create %s: zero <newvalue>", refname);
 229
 230        if (*next != line_termination)
 231                die("create %s: extra input: %s", refname, next);
 232
 233        if (ref_transaction_create(transaction, refname, new_sha1,
 234                                   update_flags, msg, &err))
 235                die("%s", err.buf);
 236
 237        update_flags = 0;
 238        free(refname);
 239        strbuf_release(&err);
 240
 241        return next;
 242}
 243
 244static const char *parse_cmd_delete(struct ref_transaction *transaction,
 245                                    struct strbuf *input, const char *next)
 246{
 247        struct strbuf err = STRBUF_INIT;
 248        char *refname;
 249        unsigned char old_sha1[20];
 250        int have_old;
 251
 252        refname = parse_refname(input, &next);
 253        if (!refname)
 254                die("delete: missing <ref>");
 255
 256        if (parse_next_sha1(input, &next, old_sha1, "delete", refname,
 257                            PARSE_SHA1_OLD)) {
 258                have_old = 0;
 259        } else {
 260                if (is_null_sha1(old_sha1))
 261                        die("delete %s: zero <oldvalue>", refname);
 262                have_old = 1;
 263        }
 264
 265        if (*next != line_termination)
 266                die("delete %s: extra input: %s", refname, next);
 267
 268        if (ref_transaction_delete(transaction, refname,
 269                                   have_old ? old_sha1 : NULL,
 270                                   update_flags, msg, &err))
 271                die("%s", err.buf);
 272
 273        update_flags = 0;
 274        free(refname);
 275        strbuf_release(&err);
 276
 277        return next;
 278}
 279
 280static const char *parse_cmd_verify(struct ref_transaction *transaction,
 281                                    struct strbuf *input, const char *next)
 282{
 283        struct strbuf err = STRBUF_INIT;
 284        char *refname;
 285        unsigned char old_sha1[20];
 286
 287        refname = parse_refname(input, &next);
 288        if (!refname)
 289                die("verify: missing <ref>");
 290
 291        if (parse_next_sha1(input, &next, old_sha1, "verify", refname,
 292                            PARSE_SHA1_OLD))
 293                hashclr(old_sha1);
 294
 295        if (*next != line_termination)
 296                die("verify %s: extra input: %s", refname, next);
 297
 298        if (ref_transaction_verify(transaction, refname, old_sha1,
 299                                   update_flags, &err))
 300                die("%s", err.buf);
 301
 302        update_flags = 0;
 303        free(refname);
 304        strbuf_release(&err);
 305
 306        return next;
 307}
 308
 309static const char *parse_cmd_option(struct strbuf *input, const char *next)
 310{
 311        if (!strncmp(next, "no-deref", 8) && next[8] == line_termination)
 312                update_flags |= REF_NODEREF;
 313        else
 314                die("option unknown: %s", next);
 315        return next + 8;
 316}
 317
 318static void update_refs_stdin(struct ref_transaction *transaction)
 319{
 320        struct strbuf input = STRBUF_INIT;
 321        const char *next;
 322
 323        if (strbuf_read(&input, 0, 1000) < 0)
 324                die_errno("could not read from stdin");
 325        next = input.buf;
 326        /* Read each line dispatch its command */
 327        while (next < input.buf + input.len) {
 328                if (*next == line_termination)
 329                        die("empty command in input");
 330                else if (isspace(*next))
 331                        die("whitespace before command: %s", next);
 332                else if (starts_with(next, "update "))
 333                        next = parse_cmd_update(transaction, &input, next + 7);
 334                else if (starts_with(next, "create "))
 335                        next = parse_cmd_create(transaction, &input, next + 7);
 336                else if (starts_with(next, "delete "))
 337                        next = parse_cmd_delete(transaction, &input, next + 7);
 338                else if (starts_with(next, "verify "))
 339                        next = parse_cmd_verify(transaction, &input, next + 7);
 340                else if (starts_with(next, "option "))
 341                        next = parse_cmd_option(&input, next + 7);
 342                else
 343                        die("unknown command: %s", next);
 344
 345                next++;
 346        }
 347
 348        strbuf_release(&input);
 349}
 350
 351int cmd_update_ref(int argc, const char **argv, const char *prefix)
 352{
 353        const char *refname, *oldval;
 354        unsigned char sha1[20], oldsha1[20];
 355        int delete = 0, no_deref = 0, read_stdin = 0, end_null = 0;
 356        unsigned int flags = 0;
 357        struct option options[] = {
 358                OPT_STRING( 'm', NULL, &msg, N_("reason"), N_("reason of the update")),
 359                OPT_BOOL('d', NULL, &delete, N_("delete the reference")),
 360                OPT_BOOL( 0 , "no-deref", &no_deref,
 361                                        N_("update <refname> not the one it points to")),
 362                OPT_BOOL('z', NULL, &end_null, N_("stdin has NUL-terminated arguments")),
 363                OPT_BOOL( 0 , "stdin", &read_stdin, N_("read updates from stdin")),
 364                OPT_END(),
 365        };
 366
 367        git_config(git_default_config, NULL);
 368        argc = parse_options(argc, argv, prefix, options, git_update_ref_usage,
 369                             0);
 370        if (msg && !*msg)
 371                die("Refusing to perform update with empty message.");
 372
 373        if (read_stdin) {
 374                struct strbuf err = STRBUF_INIT;
 375                struct ref_transaction *transaction;
 376
 377                transaction = ref_transaction_begin(&err);
 378                if (!transaction)
 379                        die("%s", err.buf);
 380                if (delete || no_deref || argc > 0)
 381                        usage_with_options(git_update_ref_usage, options);
 382                if (end_null)
 383                        line_termination = '\0';
 384                update_refs_stdin(transaction);
 385                if (ref_transaction_commit(transaction, &err))
 386                        die("%s", err.buf);
 387                ref_transaction_free(transaction);
 388                strbuf_release(&err);
 389                return 0;
 390        }
 391
 392        if (end_null)
 393                usage_with_options(git_update_ref_usage, options);
 394
 395        if (delete) {
 396                if (argc < 1 || argc > 2)
 397                        usage_with_options(git_update_ref_usage, options);
 398                refname = argv[0];
 399                oldval = argv[1];
 400        } else {
 401                const char *value;
 402                if (argc < 2 || argc > 3)
 403                        usage_with_options(git_update_ref_usage, options);
 404                refname = argv[0];
 405                value = argv[1];
 406                oldval = argv[2];
 407                if (get_sha1(value, sha1))
 408                        die("%s: not a valid SHA1", value);
 409        }
 410
 411        hashclr(oldsha1); /* all-zero hash in case oldval is the empty string */
 412        if (oldval && *oldval && get_sha1(oldval, oldsha1))
 413                die("%s: not a valid old SHA1", oldval);
 414
 415        if (no_deref)
 416                flags = REF_NODEREF;
 417        if (delete)
 418                return delete_ref(refname, oldval ? oldsha1 : NULL, flags);
 419        else
 420                return update_ref(msg, refname, sha1, oldval ? oldsha1 : NULL,
 421                                  flags, UPDATE_REFS_DIE_ON_ERR);
 422}