upload-pack.con commit Fix integer overflow in patch_delta() (222083a)
   1#include "cache.h"
   2#include "refs.h"
   3#include "pkt-line.h"
   4#include "sideband.h"
   5#include "tag.h"
   6#include "object.h"
   7#include "commit.h"
   8#include "exec_cmd.h"
   9#include "diff.h"
  10#include "revision.h"
  11#include "list-objects.h"
  12#include "run-command.h"
  13
  14static const char upload_pack_usage[] = "git upload-pack [--strict] [--timeout=nn] <dir>";
  15
  16/* bits #0..7 in revision.h, #8..10 in commit.c */
  17#define THEY_HAVE       (1u << 11)
  18#define OUR_REF         (1u << 12)
  19#define WANTED          (1u << 13)
  20#define COMMON_KNOWN    (1u << 14)
  21#define REACHABLE       (1u << 15)
  22
  23#define SHALLOW         (1u << 16)
  24#define NOT_SHALLOW     (1u << 17)
  25#define CLIENT_SHALLOW  (1u << 18)
  26
  27static unsigned long oldest_have;
  28
  29static int multi_ack, nr_our_refs;
  30static int use_thin_pack, use_ofs_delta, use_include_tag;
  31static int no_progress, daemon_mode;
  32static int shallow_nr;
  33static struct object_array have_obj;
  34static struct object_array want_obj;
  35static struct object_array extra_edge_obj;
  36static unsigned int timeout;
  37/* 0 for no sideband,
  38 * otherwise maximum packet size (up to 65520 bytes).
  39 */
  40static int use_sideband;
  41static int debug_fd;
  42
  43static void reset_timeout(void)
  44{
  45        alarm(timeout);
  46}
  47
  48static int strip(char *line, int len)
  49{
  50        if (len && line[len-1] == '\n')
  51                line[--len] = 0;
  52        return len;
  53}
  54
  55static ssize_t send_client_data(int fd, const char *data, ssize_t sz)
  56{
  57        if (use_sideband)
  58                return send_sideband(1, fd, data, sz, use_sideband);
  59        if (fd == 3)
  60                /* emergency quit */
  61                fd = 2;
  62        if (fd == 2) {
  63                /* XXX: are we happy to lose stuff here? */
  64                xwrite(fd, data, sz);
  65                return sz;
  66        }
  67        return safe_write(fd, data, sz);
  68}
  69
  70static FILE *pack_pipe = NULL;
  71static void show_commit(struct commit *commit, void *data)
  72{
  73        if (commit->object.flags & BOUNDARY)
  74                fputc('-', pack_pipe);
  75        if (fputs(sha1_to_hex(commit->object.sha1), pack_pipe) < 0)
  76                die("broken output pipe");
  77        fputc('\n', pack_pipe);
  78        fflush(pack_pipe);
  79        free(commit->buffer);
  80        commit->buffer = NULL;
  81}
  82
  83static void show_object(struct object *obj, const struct name_path *path, const char *component)
  84{
  85        /* An object with name "foo\n0000000..." can be used to
  86         * confuse downstream git-pack-objects very badly.
  87         */
  88        const char *name = path_name(path, component);
  89        const char *ep = strchr(name, '\n');
  90        if (ep) {
  91                fprintf(pack_pipe, "%s %.*s\n", sha1_to_hex(obj->sha1),
  92                       (int) (ep - name),
  93                       name);
  94        }
  95        else
  96                fprintf(pack_pipe, "%s %s\n",
  97                                sha1_to_hex(obj->sha1), name);
  98        free((char *)name);
  99}
 100
 101static void show_edge(struct commit *commit)
 102{
 103        fprintf(pack_pipe, "-%s\n", sha1_to_hex(commit->object.sha1));
 104}
 105
 106static int do_rev_list(int fd, void *create_full_pack)
 107{
 108        int i;
 109        struct rev_info revs;
 110
 111        pack_pipe = xfdopen(fd, "w");
 112        init_revisions(&revs, NULL);
 113        revs.tag_objects = 1;
 114        revs.tree_objects = 1;
 115        revs.blob_objects = 1;
 116        if (use_thin_pack)
 117                revs.edge_hint = 1;
 118
 119        if (create_full_pack) {
 120                const char *args[] = {"rev-list", "--all", NULL};
 121                setup_revisions(2, args, &revs, NULL);
 122        } else {
 123                for (i = 0; i < want_obj.nr; i++) {
 124                        struct object *o = want_obj.objects[i].item;
 125                        /* why??? */
 126                        o->flags &= ~UNINTERESTING;
 127                        add_pending_object(&revs, o, NULL);
 128                }
 129                for (i = 0; i < have_obj.nr; i++) {
 130                        struct object *o = have_obj.objects[i].item;
 131                        o->flags |= UNINTERESTING;
 132                        add_pending_object(&revs, o, NULL);
 133                }
 134                setup_revisions(0, NULL, &revs, NULL);
 135        }
 136        if (prepare_revision_walk(&revs))
 137                die("revision walk setup failed");
 138        mark_edges_uninteresting(revs.commits, &revs, show_edge);
 139        if (use_thin_pack)
 140                for (i = 0; i < extra_edge_obj.nr; i++)
 141                        fprintf(pack_pipe, "-%s\n", sha1_to_hex(
 142                                        extra_edge_obj.objects[i].item->sha1));
 143        traverse_commit_list(&revs, show_commit, show_object, NULL);
 144        fflush(pack_pipe);
 145        fclose(pack_pipe);
 146        return 0;
 147}
 148
 149static void create_pack_file(void)
 150{
 151        struct async rev_list;
 152        struct child_process pack_objects;
 153        int create_full_pack = (nr_our_refs == want_obj.nr && !have_obj.nr);
 154        char data[8193], progress[128];
 155        char abort_msg[] = "aborting due to possible repository "
 156                "corruption on the remote side.";
 157        int buffered = -1;
 158        ssize_t sz;
 159        const char *argv[10];
 160        int arg = 0;
 161
 162        if (shallow_nr) {
 163                rev_list.proc = do_rev_list;
 164                rev_list.data = 0;
 165                if (start_async(&rev_list))
 166                        die("git upload-pack: unable to fork git-rev-list");
 167                argv[arg++] = "pack-objects";
 168        } else {
 169                argv[arg++] = "pack-objects";
 170                argv[arg++] = "--revs";
 171                if (create_full_pack)
 172                        argv[arg++] = "--all";
 173                else if (use_thin_pack)
 174                        argv[arg++] = "--thin";
 175        }
 176
 177        argv[arg++] = "--stdout";
 178        if (!no_progress)
 179                argv[arg++] = "--progress";
 180        if (use_ofs_delta)
 181                argv[arg++] = "--delta-base-offset";
 182        if (use_include_tag)
 183                argv[arg++] = "--include-tag";
 184        argv[arg++] = NULL;
 185
 186        memset(&pack_objects, 0, sizeof(pack_objects));
 187        pack_objects.in = shallow_nr ? rev_list.out : -1;
 188        pack_objects.out = -1;
 189        pack_objects.err = -1;
 190        pack_objects.git_cmd = 1;
 191        pack_objects.argv = argv;
 192
 193        if (start_command(&pack_objects))
 194                die("git upload-pack: unable to fork git-pack-objects");
 195
 196        /* pass on revisions we (don't) want */
 197        if (!shallow_nr) {
 198                FILE *pipe_fd = xfdopen(pack_objects.in, "w");
 199                if (!create_full_pack) {
 200                        int i;
 201                        for (i = 0; i < want_obj.nr; i++)
 202                                fprintf(pipe_fd, "%s\n", sha1_to_hex(want_obj.objects[i].item->sha1));
 203                        fprintf(pipe_fd, "--not\n");
 204                        for (i = 0; i < have_obj.nr; i++)
 205                                fprintf(pipe_fd, "%s\n", sha1_to_hex(have_obj.objects[i].item->sha1));
 206                }
 207
 208                fprintf(pipe_fd, "\n");
 209                fflush(pipe_fd);
 210                fclose(pipe_fd);
 211        }
 212
 213
 214        /* We read from pack_objects.err to capture stderr output for
 215         * progress bar, and pack_objects.out to capture the pack data.
 216         */
 217
 218        while (1) {
 219                struct pollfd pfd[2];
 220                int pe, pu, pollsize;
 221
 222                reset_timeout();
 223
 224                pollsize = 0;
 225                pe = pu = -1;
 226
 227                if (0 <= pack_objects.out) {
 228                        pfd[pollsize].fd = pack_objects.out;
 229                        pfd[pollsize].events = POLLIN;
 230                        pu = pollsize;
 231                        pollsize++;
 232                }
 233                if (0 <= pack_objects.err) {
 234                        pfd[pollsize].fd = pack_objects.err;
 235                        pfd[pollsize].events = POLLIN;
 236                        pe = pollsize;
 237                        pollsize++;
 238                }
 239
 240                if (!pollsize)
 241                        break;
 242
 243                if (poll(pfd, pollsize, -1) < 0) {
 244                        if (errno != EINTR) {
 245                                error("poll failed, resuming: %s",
 246                                      strerror(errno));
 247                                sleep(1);
 248                        }
 249                        continue;
 250                }
 251                if (0 <= pe && (pfd[pe].revents & (POLLIN|POLLHUP))) {
 252                        /* Status ready; we ship that in the side-band
 253                         * or dump to the standard error.
 254                         */
 255                        sz = xread(pack_objects.err, progress,
 256                                  sizeof(progress));
 257                        if (0 < sz)
 258                                send_client_data(2, progress, sz);
 259                        else if (sz == 0) {
 260                                close(pack_objects.err);
 261                                pack_objects.err = -1;
 262                        }
 263                        else
 264                                goto fail;
 265                        /* give priority to status messages */
 266                        continue;
 267                }
 268                if (0 <= pu && (pfd[pu].revents & (POLLIN|POLLHUP))) {
 269                        /* Data ready; we keep the last byte to ourselves
 270                         * in case we detect broken rev-list, so that we
 271                         * can leave the stream corrupted.  This is
 272                         * unfortunate -- unpack-objects would happily
 273                         * accept a valid packdata with trailing garbage,
 274                         * so appending garbage after we pass all the
 275                         * pack data is not good enough to signal
 276                         * breakage to downstream.
 277                         */
 278                        char *cp = data;
 279                        ssize_t outsz = 0;
 280                        if (0 <= buffered) {
 281                                *cp++ = buffered;
 282                                outsz++;
 283                        }
 284                        sz = xread(pack_objects.out, cp,
 285                                  sizeof(data) - outsz);
 286                        if (0 < sz)
 287                                ;
 288                        else if (sz == 0) {
 289                                close(pack_objects.out);
 290                                pack_objects.out = -1;
 291                        }
 292                        else
 293                                goto fail;
 294                        sz += outsz;
 295                        if (1 < sz) {
 296                                buffered = data[sz-1] & 0xFF;
 297                                sz--;
 298                        }
 299                        else
 300                                buffered = -1;
 301                        sz = send_client_data(1, data, sz);
 302                        if (sz < 0)
 303                                goto fail;
 304                }
 305        }
 306
 307        if (finish_command(&pack_objects)) {
 308                error("git upload-pack: git-pack-objects died with error.");
 309                goto fail;
 310        }
 311        if (shallow_nr && finish_async(&rev_list))
 312                goto fail;      /* error was already reported */
 313
 314        /* flush the data */
 315        if (0 <= buffered) {
 316                data[0] = buffered;
 317                sz = send_client_data(1, data, 1);
 318                if (sz < 0)
 319                        goto fail;
 320                fprintf(stderr, "flushed.\n");
 321        }
 322        if (use_sideband)
 323                packet_flush(1);
 324        return;
 325
 326 fail:
 327        send_client_data(3, abort_msg, sizeof(abort_msg));
 328        die("git upload-pack: %s", abort_msg);
 329}
 330
 331static int got_sha1(char *hex, unsigned char *sha1)
 332{
 333        struct object *o;
 334        int we_knew_they_have = 0;
 335
 336        if (get_sha1_hex(hex, sha1))
 337                die("git upload-pack: expected SHA1 object, got '%s'", hex);
 338        if (!has_sha1_file(sha1))
 339                return -1;
 340
 341        o = lookup_object(sha1);
 342        if (!(o && o->parsed))
 343                o = parse_object(sha1);
 344        if (!o)
 345                die("oops (%s)", sha1_to_hex(sha1));
 346        if (o->type == OBJ_COMMIT) {
 347                struct commit_list *parents;
 348                struct commit *commit = (struct commit *)o;
 349                if (o->flags & THEY_HAVE)
 350                        we_knew_they_have = 1;
 351                else
 352                        o->flags |= THEY_HAVE;
 353                if (!oldest_have || (commit->date < oldest_have))
 354                        oldest_have = commit->date;
 355                for (parents = commit->parents;
 356                     parents;
 357                     parents = parents->next)
 358                        parents->item->object.flags |= THEY_HAVE;
 359        }
 360        if (!we_knew_they_have) {
 361                add_object_array(o, NULL, &have_obj);
 362                return 1;
 363        }
 364        return 0;
 365}
 366
 367static int reachable(struct commit *want)
 368{
 369        struct commit_list *work = NULL;
 370
 371        insert_by_date(want, &work);
 372        while (work) {
 373                struct commit_list *list = work->next;
 374                struct commit *commit = work->item;
 375                free(work);
 376                work = list;
 377
 378                if (commit->object.flags & THEY_HAVE) {
 379                        want->object.flags |= COMMON_KNOWN;
 380                        break;
 381                }
 382                if (!commit->object.parsed)
 383                        parse_object(commit->object.sha1);
 384                if (commit->object.flags & REACHABLE)
 385                        continue;
 386                commit->object.flags |= REACHABLE;
 387                if (commit->date < oldest_have)
 388                        continue;
 389                for (list = commit->parents; list; list = list->next) {
 390                        struct commit *parent = list->item;
 391                        if (!(parent->object.flags & REACHABLE))
 392                                insert_by_date(parent, &work);
 393                }
 394        }
 395        want->object.flags |= REACHABLE;
 396        clear_commit_marks(want, REACHABLE);
 397        free_commit_list(work);
 398        return (want->object.flags & COMMON_KNOWN);
 399}
 400
 401static int ok_to_give_up(void)
 402{
 403        int i;
 404
 405        if (!have_obj.nr)
 406                return 0;
 407
 408        for (i = 0; i < want_obj.nr; i++) {
 409                struct object *want = want_obj.objects[i].item;
 410
 411                if (want->flags & COMMON_KNOWN)
 412                        continue;
 413                want = deref_tag(want, "a want line", 0);
 414                if (!want || want->type != OBJ_COMMIT) {
 415                        /* no way to tell if this is reachable by
 416                         * looking at the ancestry chain alone, so
 417                         * leave a note to ourselves not to worry about
 418                         * this object anymore.
 419                         */
 420                        want_obj.objects[i].item->flags |= COMMON_KNOWN;
 421                        continue;
 422                }
 423                if (!reachable((struct commit *)want))
 424                        return 0;
 425        }
 426        return 1;
 427}
 428
 429static int get_common_commits(void)
 430{
 431        static char line[1000];
 432        unsigned char sha1[20];
 433        char hex[41], last_hex[41];
 434
 435        save_commit_buffer = 0;
 436
 437        for (;;) {
 438                int len = packet_read_line(0, line, sizeof(line));
 439                reset_timeout();
 440
 441                if (!len) {
 442                        if (have_obj.nr == 0 || multi_ack)
 443                                packet_write(1, "NAK\n");
 444                        continue;
 445                }
 446                strip(line, len);
 447                if (!prefixcmp(line, "have ")) {
 448                        switch (got_sha1(line+5, sha1)) {
 449                        case -1: /* they have what we do not */
 450                                if (multi_ack && ok_to_give_up())
 451                                        packet_write(1, "ACK %s continue\n",
 452                                                     sha1_to_hex(sha1));
 453                                break;
 454                        default:
 455                                memcpy(hex, sha1_to_hex(sha1), 41);
 456                                if (multi_ack) {
 457                                        const char *msg = "ACK %s continue\n";
 458                                        packet_write(1, msg, hex);
 459                                        memcpy(last_hex, hex, 41);
 460                                }
 461                                else if (have_obj.nr == 1)
 462                                        packet_write(1, "ACK %s\n", hex);
 463                                break;
 464                        }
 465                        continue;
 466                }
 467                if (!strcmp(line, "done")) {
 468                        if (have_obj.nr > 0) {
 469                                if (multi_ack)
 470                                        packet_write(1, "ACK %s\n", last_hex);
 471                                return 0;
 472                        }
 473                        packet_write(1, "NAK\n");
 474                        return -1;
 475                }
 476                die("git upload-pack: expected SHA1 list, got '%s'", line);
 477        }
 478}
 479
 480static void receive_needs(void)
 481{
 482        struct object_array shallows = {0, 0, NULL};
 483        static char line[1000];
 484        int len, depth = 0;
 485
 486        shallow_nr = 0;
 487        if (debug_fd)
 488                write_str_in_full(debug_fd, "#S\n");
 489        for (;;) {
 490                struct object *o;
 491                unsigned char sha1_buf[20];
 492                len = packet_read_line(0, line, sizeof(line));
 493                reset_timeout();
 494                if (!len)
 495                        break;
 496                if (debug_fd)
 497                        write_in_full(debug_fd, line, len);
 498
 499                if (!prefixcmp(line, "shallow ")) {
 500                        unsigned char sha1[20];
 501                        struct object *object;
 502                        if (get_sha1(line + 8, sha1))
 503                                die("invalid shallow line: %s", line);
 504                        object = parse_object(sha1);
 505                        if (!object)
 506                                die("did not find object for %s", line);
 507                        object->flags |= CLIENT_SHALLOW;
 508                        add_object_array(object, NULL, &shallows);
 509                        continue;
 510                }
 511                if (!prefixcmp(line, "deepen ")) {
 512                        char *end;
 513                        depth = strtol(line + 7, &end, 0);
 514                        if (end == line + 7 || depth <= 0)
 515                                die("Invalid deepen: %s", line);
 516                        continue;
 517                }
 518                if (prefixcmp(line, "want ") ||
 519                    get_sha1_hex(line+5, sha1_buf))
 520                        die("git upload-pack: protocol error, "
 521                            "expected to get sha, not '%s'", line);
 522                if (strstr(line+45, "multi_ack"))
 523                        multi_ack = 1;
 524                if (strstr(line+45, "thin-pack"))
 525                        use_thin_pack = 1;
 526                if (strstr(line+45, "ofs-delta"))
 527                        use_ofs_delta = 1;
 528                if (strstr(line+45, "side-band-64k"))
 529                        use_sideband = LARGE_PACKET_MAX;
 530                else if (strstr(line+45, "side-band"))
 531                        use_sideband = DEFAULT_PACKET_MAX;
 532                if (strstr(line+45, "no-progress"))
 533                        no_progress = 1;
 534                if (strstr(line+45, "include-tag"))
 535                        use_include_tag = 1;
 536
 537                /* We have sent all our refs already, and the other end
 538                 * should have chosen out of them; otherwise they are
 539                 * asking for nonsense.
 540                 *
 541                 * Hmph.  We may later want to allow "want" line that
 542                 * asks for something like "master~10" (symbolic)...
 543                 * would it make sense?  I don't know.
 544                 */
 545                o = lookup_object(sha1_buf);
 546                if (!o || !(o->flags & OUR_REF))
 547                        die("git upload-pack: not our ref %s", line+5);
 548                if (!(o->flags & WANTED)) {
 549                        o->flags |= WANTED;
 550                        add_object_array(o, NULL, &want_obj);
 551                }
 552        }
 553        if (debug_fd)
 554                write_str_in_full(debug_fd, "#E\n");
 555
 556        if (!use_sideband && daemon_mode)
 557                no_progress = 1;
 558
 559        if (depth == 0 && shallows.nr == 0)
 560                return;
 561        if (depth > 0) {
 562                struct commit_list *result, *backup;
 563                int i;
 564                backup = result = get_shallow_commits(&want_obj, depth,
 565                        SHALLOW, NOT_SHALLOW);
 566                while (result) {
 567                        struct object *object = &result->item->object;
 568                        if (!(object->flags & (CLIENT_SHALLOW|NOT_SHALLOW))) {
 569                                packet_write(1, "shallow %s",
 570                                                sha1_to_hex(object->sha1));
 571                                register_shallow(object->sha1);
 572                                shallow_nr++;
 573                        }
 574                        result = result->next;
 575                }
 576                free_commit_list(backup);
 577                for (i = 0; i < shallows.nr; i++) {
 578                        struct object *object = shallows.objects[i].item;
 579                        if (object->flags & NOT_SHALLOW) {
 580                                struct commit_list *parents;
 581                                packet_write(1, "unshallow %s",
 582                                        sha1_to_hex(object->sha1));
 583                                object->flags &= ~CLIENT_SHALLOW;
 584                                /* make sure the real parents are parsed */
 585                                unregister_shallow(object->sha1);
 586                                object->parsed = 0;
 587                                if (parse_commit((struct commit *)object))
 588                                        die("invalid commit");
 589                                parents = ((struct commit *)object)->parents;
 590                                while (parents) {
 591                                        add_object_array(&parents->item->object,
 592                                                        NULL, &want_obj);
 593                                        parents = parents->next;
 594                                }
 595                                add_object_array(object, NULL, &extra_edge_obj);
 596                        }
 597                        /* make sure commit traversal conforms to client */
 598                        register_shallow(object->sha1);
 599                }
 600                packet_flush(1);
 601        } else
 602                if (shallows.nr > 0) {
 603                        int i;
 604                        for (i = 0; i < shallows.nr; i++)
 605                                register_shallow(shallows.objects[i].item->sha1);
 606                }
 607
 608        shallow_nr += shallows.nr;
 609        free(shallows.objects);
 610}
 611
 612static int send_ref(const char *refname, const unsigned char *sha1, int flag, void *cb_data)
 613{
 614        static const char *capabilities = "multi_ack thin-pack side-band"
 615                " side-band-64k ofs-delta shallow no-progress"
 616                " include-tag";
 617        struct object *o = parse_object(sha1);
 618
 619        if (!o)
 620                die("git upload-pack: cannot find object %s:", sha1_to_hex(sha1));
 621
 622        if (capabilities)
 623                packet_write(1, "%s %s%c%s\n", sha1_to_hex(sha1), refname,
 624                        0, capabilities);
 625        else
 626                packet_write(1, "%s %s\n", sha1_to_hex(sha1), refname);
 627        capabilities = NULL;
 628        if (!(o->flags & OUR_REF)) {
 629                o->flags |= OUR_REF;
 630                nr_our_refs++;
 631        }
 632        if (o->type == OBJ_TAG) {
 633                o = deref_tag(o, refname, 0);
 634                if (o)
 635                        packet_write(1, "%s %s^{}\n", sha1_to_hex(o->sha1), refname);
 636        }
 637        return 0;
 638}
 639
 640static void upload_pack(void)
 641{
 642        reset_timeout();
 643        head_ref(send_ref, NULL);
 644        for_each_ref(send_ref, NULL);
 645        packet_flush(1);
 646        receive_needs();
 647        if (want_obj.nr) {
 648                get_common_commits();
 649                create_pack_file();
 650        }
 651}
 652
 653int main(int argc, char **argv)
 654{
 655        char *dir;
 656        int i;
 657        int strict = 0;
 658
 659        git_extract_argv0_path(argv[0]);
 660        read_replace_refs = 0;
 661
 662        for (i = 1; i < argc; i++) {
 663                char *arg = argv[i];
 664
 665                if (arg[0] != '-')
 666                        break;
 667                if (!strcmp(arg, "--strict")) {
 668                        strict = 1;
 669                        continue;
 670                }
 671                if (!prefixcmp(arg, "--timeout=")) {
 672                        timeout = atoi(arg+10);
 673                        daemon_mode = 1;
 674                        continue;
 675                }
 676                if (!strcmp(arg, "--")) {
 677                        i++;
 678                        break;
 679                }
 680        }
 681
 682        if (i != argc-1)
 683                usage(upload_pack_usage);
 684
 685        setup_path();
 686
 687        dir = argv[i];
 688
 689        if (!enter_repo(dir, strict))
 690                die("'%s' does not appear to be a git repository", dir);
 691        if (is_repository_shallow())
 692                die("attempt to fetch/clone from a shallow repository");
 693        if (getenv("GIT_DEBUG_SEND_PACK"))
 694                debug_fd = atoi(getenv("GIT_DEBUG_SEND_PACK"));
 695        upload_pack();
 696        return 0;
 697}