fsck.con commit commit: reject invalid UTF-8 codepoints (28110d4)
   1#include "cache.h"
   2#include "object.h"
   3#include "blob.h"
   4#include "tree.h"
   5#include "tree-walk.h"
   6#include "commit.h"
   7#include "tag.h"
   8#include "fsck.h"
   9
  10static int fsck_walk_tree(struct tree *tree, fsck_walk_func walk, void *data)
  11{
  12        struct tree_desc desc;
  13        struct name_entry entry;
  14        int res = 0;
  15
  16        if (parse_tree(tree))
  17                return -1;
  18
  19        init_tree_desc(&desc, tree->buffer, tree->size);
  20        while (tree_entry(&desc, &entry)) {
  21                int result;
  22
  23                if (S_ISGITLINK(entry.mode))
  24                        continue;
  25                if (S_ISDIR(entry.mode))
  26                        result = walk(&lookup_tree(entry.sha1)->object, OBJ_TREE, data);
  27                else if (S_ISREG(entry.mode) || S_ISLNK(entry.mode))
  28                        result = walk(&lookup_blob(entry.sha1)->object, OBJ_BLOB, data);
  29                else {
  30                        result = error("in tree %s: entry %s has bad mode %.6o",
  31                                        sha1_to_hex(tree->object.sha1), entry.path, entry.mode);
  32                }
  33                if (result < 0)
  34                        return result;
  35                if (!res)
  36                        res = result;
  37        }
  38        return res;
  39}
  40
  41static int fsck_walk_commit(struct commit *commit, fsck_walk_func walk, void *data)
  42{
  43        struct commit_list *parents;
  44        int res;
  45        int result;
  46
  47        if (parse_commit(commit))
  48                return -1;
  49
  50        result = walk((struct object *)commit->tree, OBJ_TREE, data);
  51        if (result < 0)
  52                return result;
  53        res = result;
  54
  55        parents = commit->parents;
  56        while (parents) {
  57                result = walk((struct object *)parents->item, OBJ_COMMIT, data);
  58                if (result < 0)
  59                        return result;
  60                if (!res)
  61                        res = result;
  62                parents = parents->next;
  63        }
  64        return res;
  65}
  66
  67static int fsck_walk_tag(struct tag *tag, fsck_walk_func walk, void *data)
  68{
  69        if (parse_tag(tag))
  70                return -1;
  71        return walk(tag->tagged, OBJ_ANY, data);
  72}
  73
  74int fsck_walk(struct object *obj, fsck_walk_func walk, void *data)
  75{
  76        if (!obj)
  77                return -1;
  78        switch (obj->type) {
  79        case OBJ_BLOB:
  80                return 0;
  81        case OBJ_TREE:
  82                return fsck_walk_tree((struct tree *)obj, walk, data);
  83        case OBJ_COMMIT:
  84                return fsck_walk_commit((struct commit *)obj, walk, data);
  85        case OBJ_TAG:
  86                return fsck_walk_tag((struct tag *)obj, walk, data);
  87        default:
  88                error("Unknown object type for %s", sha1_to_hex(obj->sha1));
  89                return -1;
  90        }
  91}
  92
  93/*
  94 * The entries in a tree are ordered in the _path_ order,
  95 * which means that a directory entry is ordered by adding
  96 * a slash to the end of it.
  97 *
  98 * So a directory called "a" is ordered _after_ a file
  99 * called "a.c", because "a/" sorts after "a.c".
 100 */
 101#define TREE_UNORDERED (-1)
 102#define TREE_HAS_DUPS  (-2)
 103
 104static int verify_ordered(unsigned mode1, const char *name1, unsigned mode2, const char *name2)
 105{
 106        int len1 = strlen(name1);
 107        int len2 = strlen(name2);
 108        int len = len1 < len2 ? len1 : len2;
 109        unsigned char c1, c2;
 110        int cmp;
 111
 112        cmp = memcmp(name1, name2, len);
 113        if (cmp < 0)
 114                return 0;
 115        if (cmp > 0)
 116                return TREE_UNORDERED;
 117
 118        /*
 119         * Ok, the first <len> characters are the same.
 120         * Now we need to order the next one, but turn
 121         * a '\0' into a '/' for a directory entry.
 122         */
 123        c1 = name1[len];
 124        c2 = name2[len];
 125        if (!c1 && !c2)
 126                /*
 127                 * git-write-tree used to write out a nonsense tree that has
 128                 * entries with the same name, one blob and one tree.  Make
 129                 * sure we do not have duplicate entries.
 130                 */
 131                return TREE_HAS_DUPS;
 132        if (!c1 && S_ISDIR(mode1))
 133                c1 = '/';
 134        if (!c2 && S_ISDIR(mode2))
 135                c2 = '/';
 136        return c1 < c2 ? 0 : TREE_UNORDERED;
 137}
 138
 139static int fsck_tree(struct tree *item, int strict, fsck_error error_func)
 140{
 141        int retval;
 142        int has_null_sha1 = 0;
 143        int has_full_path = 0;
 144        int has_empty_name = 0;
 145        int has_dot = 0;
 146        int has_dotdot = 0;
 147        int has_dotgit = 0;
 148        int has_zero_pad = 0;
 149        int has_bad_modes = 0;
 150        int has_dup_entries = 0;
 151        int not_properly_sorted = 0;
 152        struct tree_desc desc;
 153        unsigned o_mode;
 154        const char *o_name;
 155
 156        init_tree_desc(&desc, item->buffer, item->size);
 157
 158        o_mode = 0;
 159        o_name = NULL;
 160
 161        while (desc.size) {
 162                unsigned mode;
 163                const char *name;
 164                const unsigned char *sha1;
 165
 166                sha1 = tree_entry_extract(&desc, &name, &mode);
 167
 168                if (is_null_sha1(sha1))
 169                        has_null_sha1 = 1;
 170                if (strchr(name, '/'))
 171                        has_full_path = 1;
 172                if (!*name)
 173                        has_empty_name = 1;
 174                if (!strcmp(name, "."))
 175                        has_dot = 1;
 176                if (!strcmp(name, ".."))
 177                        has_dotdot = 1;
 178                if (!strcmp(name, ".git"))
 179                        has_dotgit = 1;
 180                has_zero_pad |= *(char *)desc.buffer == '0';
 181                update_tree_entry(&desc);
 182
 183                switch (mode) {
 184                /*
 185                 * Standard modes..
 186                 */
 187                case S_IFREG | 0755:
 188                case S_IFREG | 0644:
 189                case S_IFLNK:
 190                case S_IFDIR:
 191                case S_IFGITLINK:
 192                        break;
 193                /*
 194                 * This is nonstandard, but we had a few of these
 195                 * early on when we honored the full set of mode
 196                 * bits..
 197                 */
 198                case S_IFREG | 0664:
 199                        if (!strict)
 200                                break;
 201                default:
 202                        has_bad_modes = 1;
 203                }
 204
 205                if (o_name) {
 206                        switch (verify_ordered(o_mode, o_name, mode, name)) {
 207                        case TREE_UNORDERED:
 208                                not_properly_sorted = 1;
 209                                break;
 210                        case TREE_HAS_DUPS:
 211                                has_dup_entries = 1;
 212                                break;
 213                        default:
 214                                break;
 215                        }
 216                }
 217
 218                o_mode = mode;
 219                o_name = name;
 220        }
 221
 222        retval = 0;
 223        if (has_null_sha1)
 224                retval += error_func(&item->object, FSCK_WARN, "contains entries pointing to null sha1");
 225        if (has_full_path)
 226                retval += error_func(&item->object, FSCK_WARN, "contains full pathnames");
 227        if (has_empty_name)
 228                retval += error_func(&item->object, FSCK_WARN, "contains empty pathname");
 229        if (has_dot)
 230                retval += error_func(&item->object, FSCK_WARN, "contains '.'");
 231        if (has_dotdot)
 232                retval += error_func(&item->object, FSCK_WARN, "contains '..'");
 233        if (has_dotgit)
 234                retval += error_func(&item->object, FSCK_WARN, "contains '.git'");
 235        if (has_zero_pad)
 236                retval += error_func(&item->object, FSCK_WARN, "contains zero-padded file modes");
 237        if (has_bad_modes)
 238                retval += error_func(&item->object, FSCK_WARN, "contains bad file modes");
 239        if (has_dup_entries)
 240                retval += error_func(&item->object, FSCK_ERROR, "contains duplicate file entries");
 241        if (not_properly_sorted)
 242                retval += error_func(&item->object, FSCK_ERROR, "not properly sorted");
 243        return retval;
 244}
 245
 246static int fsck_ident(char **ident, struct object *obj, fsck_error error_func)
 247{
 248        if (**ident == '<')
 249                return error_func(obj, FSCK_ERROR, "invalid author/committer line - missing space before email");
 250        *ident += strcspn(*ident, "<>\n");
 251        if (**ident == '>')
 252                return error_func(obj, FSCK_ERROR, "invalid author/committer line - bad name");
 253        if (**ident != '<')
 254                return error_func(obj, FSCK_ERROR, "invalid author/committer line - missing email");
 255        if ((*ident)[-1] != ' ')
 256                return error_func(obj, FSCK_ERROR, "invalid author/committer line - missing space before email");
 257        (*ident)++;
 258        *ident += strcspn(*ident, "<>\n");
 259        if (**ident != '>')
 260                return error_func(obj, FSCK_ERROR, "invalid author/committer line - bad email");
 261        (*ident)++;
 262        if (**ident != ' ')
 263                return error_func(obj, FSCK_ERROR, "invalid author/committer line - missing space before date");
 264        (*ident)++;
 265        if (**ident == '0' && (*ident)[1] != ' ')
 266                return error_func(obj, FSCK_ERROR, "invalid author/committer line - zero-padded date");
 267        *ident += strspn(*ident, "0123456789");
 268        if (**ident != ' ')
 269                return error_func(obj, FSCK_ERROR, "invalid author/committer line - bad date");
 270        (*ident)++;
 271        if ((**ident != '+' && **ident != '-') ||
 272            !isdigit((*ident)[1]) ||
 273            !isdigit((*ident)[2]) ||
 274            !isdigit((*ident)[3]) ||
 275            !isdigit((*ident)[4]) ||
 276            ((*ident)[5] != '\n'))
 277                return error_func(obj, FSCK_ERROR, "invalid author/committer line - bad time zone");
 278        (*ident) += 6;
 279        return 0;
 280}
 281
 282static int fsck_commit(struct commit *commit, fsck_error error_func)
 283{
 284        char *buffer = commit->buffer;
 285        unsigned char tree_sha1[20], sha1[20];
 286        struct commit_graft *graft;
 287        int parents = 0;
 288        int err;
 289
 290        if (commit->date == ULONG_MAX)
 291                return error_func(&commit->object, FSCK_ERROR, "invalid author/committer line");
 292
 293        if (memcmp(buffer, "tree ", 5))
 294                return error_func(&commit->object, FSCK_ERROR, "invalid format - expected 'tree' line");
 295        if (get_sha1_hex(buffer+5, tree_sha1) || buffer[45] != '\n')
 296                return error_func(&commit->object, FSCK_ERROR, "invalid 'tree' line format - bad sha1");
 297        buffer += 46;
 298        while (!memcmp(buffer, "parent ", 7)) {
 299                if (get_sha1_hex(buffer+7, sha1) || buffer[47] != '\n')
 300                        return error_func(&commit->object, FSCK_ERROR, "invalid 'parent' line format - bad sha1");
 301                buffer += 48;
 302                parents++;
 303        }
 304        graft = lookup_commit_graft(commit->object.sha1);
 305        if (graft) {
 306                struct commit_list *p = commit->parents;
 307                parents = 0;
 308                while (p) {
 309                        p = p->next;
 310                        parents++;
 311                }
 312                if (graft->nr_parent == -1 && !parents)
 313                        ; /* shallow commit */
 314                else if (graft->nr_parent != parents)
 315                        return error_func(&commit->object, FSCK_ERROR, "graft objects missing");
 316        } else {
 317                struct commit_list *p = commit->parents;
 318                while (p && parents) {
 319                        p = p->next;
 320                        parents--;
 321                }
 322                if (p || parents)
 323                        return error_func(&commit->object, FSCK_ERROR, "parent objects missing");
 324        }
 325        if (memcmp(buffer, "author ", 7))
 326                return error_func(&commit->object, FSCK_ERROR, "invalid format - expected 'author' line");
 327        buffer += 7;
 328        err = fsck_ident(&buffer, &commit->object, error_func);
 329        if (err)
 330                return err;
 331        if (memcmp(buffer, "committer ", strlen("committer ")))
 332                return error_func(&commit->object, FSCK_ERROR, "invalid format - expected 'committer' line");
 333        buffer += strlen("committer ");
 334        err = fsck_ident(&buffer, &commit->object, error_func);
 335        if (err)
 336                return err;
 337        if (!commit->tree)
 338                return error_func(&commit->object, FSCK_ERROR, "could not load commit's tree %s", sha1_to_hex(tree_sha1));
 339
 340        return 0;
 341}
 342
 343static int fsck_tag(struct tag *tag, fsck_error error_func)
 344{
 345        struct object *tagged = tag->tagged;
 346
 347        if (!tagged)
 348                return error_func(&tag->object, FSCK_ERROR, "could not load tagged object");
 349        return 0;
 350}
 351
 352int fsck_object(struct object *obj, int strict, fsck_error error_func)
 353{
 354        if (!obj)
 355                return error_func(obj, FSCK_ERROR, "no valid object to fsck");
 356
 357        if (obj->type == OBJ_BLOB)
 358                return 0;
 359        if (obj->type == OBJ_TREE)
 360                return fsck_tree((struct tree *) obj, strict, error_func);
 361        if (obj->type == OBJ_COMMIT)
 362                return fsck_commit((struct commit *) obj, error_func);
 363        if (obj->type == OBJ_TAG)
 364                return fsck_tag((struct tag *) obj, error_func);
 365
 366        return error_func(obj, FSCK_ERROR, "unknown type '%d' (internal fsck error)",
 367                          obj->type);
 368}
 369
 370int fsck_error_function(struct object *obj, int type, const char *fmt, ...)
 371{
 372        va_list ap;
 373        struct strbuf sb = STRBUF_INIT;
 374
 375        strbuf_addf(&sb, "object %s:", sha1_to_hex(obj->sha1));
 376
 377        va_start(ap, fmt);
 378        strbuf_vaddf(&sb, fmt, ap);
 379        va_end(ap);
 380
 381        error("%s", sb.buf);
 382        strbuf_release(&sb);
 383        return 1;
 384}