git.con commit gitweb: Secure against commit-ish/tree-ish with the same name as path (45bd0c8)
   1#include <stdio.h>
   2#include <sys/types.h>
   3#include <sys/stat.h>
   4#include <dirent.h>
   5#include <unistd.h>
   6#include <stdlib.h>
   7#include <string.h>
   8#include <errno.h>
   9#include <limits.h>
  10#include <stdarg.h>
  11#include "git-compat-util.h"
  12#include "exec_cmd.h"
  13#include "cache.h"
  14#include "quote.h"
  15
  16#include "builtin.h"
  17
  18const char git_usage_string[] =
  19        "git [--version] [--exec-path[=GIT_EXEC_PATH]] [-p|--paginate] [--bare] [--git-dir=GIT_DIR] [--help] COMMAND [ARGS]";
  20
  21static void prepend_to_path(const char *dir, int len)
  22{
  23        const char *old_path = getenv("PATH");
  24        char *path;
  25        int path_len = len;
  26
  27        if (!old_path)
  28                old_path = "/usr/local/bin:/usr/bin:/bin";
  29
  30        path_len = len + strlen(old_path) + 1;
  31
  32        path = xmalloc(path_len + 1);
  33
  34        memcpy(path, dir, len);
  35        path[len] = ':';
  36        memcpy(path + len + 1, old_path, path_len - len);
  37
  38        setenv("PATH", path, 1);
  39
  40        free(path);
  41}
  42
  43static int handle_options(const char*** argv, int* argc)
  44{
  45        int handled = 0;
  46
  47        while (*argc > 0) {
  48                const char *cmd = (*argv)[0];
  49                if (cmd[0] != '-')
  50                        break;
  51
  52                /*
  53                 * For legacy reasons, the "version" and "help"
  54                 * commands can be written with "--" prepended
  55                 * to make them look like flags.
  56                 */
  57                if (!strcmp(cmd, "--help") || !strcmp(cmd, "--version"))
  58                        break;
  59
  60                /*
  61                 * Check remaining flags.
  62                 */
  63                if (!strncmp(cmd, "--exec-path", 11)) {
  64                        cmd += 11;
  65                        if (*cmd == '=')
  66                                git_set_exec_path(cmd + 1);
  67                        else {
  68                                puts(git_exec_path());
  69                                exit(0);
  70                        }
  71                } else if (!strcmp(cmd, "-p") || !strcmp(cmd, "--paginate")) {
  72                        setup_pager();
  73                } else if (!strcmp(cmd, "--git-dir")) {
  74                        if (*argc < 1)
  75                                return -1;
  76                        setenv("GIT_DIR", (*argv)[1], 1);
  77                        (*argv)++;
  78                        (*argc)--;
  79                } else if (!strncmp(cmd, "--git-dir=", 10)) {
  80                        setenv("GIT_DIR", cmd + 10, 1);
  81                } else if (!strcmp(cmd, "--bare")) {
  82                        static char git_dir[1024];
  83                        setenv("GIT_DIR", getcwd(git_dir, 1024), 1);
  84                } else {
  85                        fprintf(stderr, "Unknown option: %s\n", cmd);
  86                        usage(git_usage_string);
  87                }
  88
  89                (*argv)++;
  90                (*argc)--;
  91                handled++;
  92        }
  93        return handled;
  94}
  95
  96static const char *alias_command;
  97static char *alias_string;
  98
  99static int git_alias_config(const char *var, const char *value)
 100{
 101        if (!strncmp(var, "alias.", 6) && !strcmp(var + 6, alias_command)) {
 102                alias_string = xstrdup(value);
 103        }
 104        return 0;
 105}
 106
 107static int split_cmdline(char *cmdline, const char ***argv)
 108{
 109        int src, dst, count = 0, size = 16;
 110        char quoted = 0;
 111
 112        *argv = malloc(sizeof(char*) * size);
 113
 114        /* split alias_string */
 115        (*argv)[count++] = cmdline;
 116        for (src = dst = 0; cmdline[src];) {
 117                char c = cmdline[src];
 118                if (!quoted && isspace(c)) {
 119                        cmdline[dst++] = 0;
 120                        while (cmdline[++src]
 121                                        && isspace(cmdline[src]))
 122                                ; /* skip */
 123                        if (count >= size) {
 124                                size += 16;
 125                                *argv = xrealloc(*argv, sizeof(char*) * size);
 126                        }
 127                        (*argv)[count++] = cmdline + dst;
 128                } else if(!quoted && (c == '\'' || c == '"')) {
 129                        quoted = c;
 130                        src++;
 131                } else if (c == quoted) {
 132                        quoted = 0;
 133                        src++;
 134                } else {
 135                        if (c == '\\' && quoted != '\'') {
 136                                src++;
 137                                c = cmdline[src];
 138                                if (!c) {
 139                                        free(*argv);
 140                                        *argv = NULL;
 141                                        return error("cmdline ends with \\");
 142                                }
 143                        }
 144                        cmdline[dst++] = c;
 145                        src++;
 146                }
 147        }
 148
 149        cmdline[dst] = 0;
 150
 151        if (quoted) {
 152                free(*argv);
 153                *argv = NULL;
 154                return error("unclosed quote");
 155        }
 156
 157        return count;
 158}
 159
 160static int handle_alias(int *argcp, const char ***argv)
 161{
 162        int nongit = 0, ret = 0, saved_errno = errno;
 163        const char *subdir;
 164        int count, option_count;
 165        const char** new_argv;
 166
 167        subdir = setup_git_directory_gently(&nongit);
 168
 169        alias_command = (*argv)[0];
 170        git_config(git_alias_config);
 171        if (alias_string) {
 172                count = split_cmdline(alias_string, &new_argv);
 173                option_count = handle_options(&new_argv, &count);
 174                memmove(new_argv - option_count, new_argv,
 175                                count * sizeof(char *));
 176                new_argv -= option_count;
 177
 178                if (count < 1)
 179                        die("empty alias for %s", alias_command);
 180
 181                if (!strcmp(alias_command, new_argv[0]))
 182                        die("recursive alias: %s", alias_command);
 183
 184                trace_argv_printf(new_argv, count,
 185                                  "trace: alias expansion: %s =>",
 186                                  alias_command);
 187
 188                new_argv = xrealloc(new_argv, sizeof(char*) *
 189                                    (count + *argcp + 1));
 190                /* insert after command name */
 191                memcpy(new_argv + count, *argv + 1, sizeof(char*) * *argcp);
 192                new_argv[count+*argcp] = NULL;
 193
 194                *argv = new_argv;
 195                *argcp += count - 1;
 196
 197                ret = 1;
 198        }
 199
 200        if (subdir)
 201                chdir(subdir);
 202
 203        errno = saved_errno;
 204
 205        return ret;
 206}
 207
 208const char git_version_string[] = GIT_VERSION;
 209
 210#define RUN_SETUP       (1<<0)
 211#define USE_PAGER       (1<<1)
 212
 213static void handle_internal_command(int argc, const char **argv, char **envp)
 214{
 215        const char *cmd = argv[0];
 216        static struct cmd_struct {
 217                const char *cmd;
 218                int (*fn)(int, const char **, const char *);
 219                int option;
 220        } commands[] = {
 221                { "add", cmd_add, RUN_SETUP },
 222                { "annotate", cmd_annotate, },
 223                { "apply", cmd_apply },
 224                { "archive", cmd_archive },
 225                { "branch", cmd_branch },
 226                { "cat-file", cmd_cat_file, RUN_SETUP },
 227                { "checkout-index", cmd_checkout_index, RUN_SETUP },
 228                { "check-ref-format", cmd_check_ref_format },
 229                { "cherry", cmd_cherry, RUN_SETUP },
 230                { "commit-tree", cmd_commit_tree, RUN_SETUP },
 231                { "count-objects", cmd_count_objects, RUN_SETUP },
 232                { "diff", cmd_diff, RUN_SETUP | USE_PAGER },
 233                { "diff-files", cmd_diff_files, RUN_SETUP },
 234                { "diff-index", cmd_diff_index, RUN_SETUP },
 235                { "diff-stages", cmd_diff_stages, RUN_SETUP },
 236                { "diff-tree", cmd_diff_tree, RUN_SETUP },
 237                { "fmt-merge-msg", cmd_fmt_merge_msg, RUN_SETUP },
 238                { "for-each-ref", cmd_for_each_ref, RUN_SETUP },
 239                { "format-patch", cmd_format_patch, RUN_SETUP },
 240                { "get-tar-commit-id", cmd_get_tar_commit_id },
 241                { "grep", cmd_grep, RUN_SETUP },
 242                { "help", cmd_help },
 243                { "init-db", cmd_init_db },
 244                { "log", cmd_log, RUN_SETUP | USE_PAGER },
 245                { "ls-files", cmd_ls_files, RUN_SETUP },
 246                { "ls-tree", cmd_ls_tree, RUN_SETUP },
 247                { "mailinfo", cmd_mailinfo },
 248                { "mailsplit", cmd_mailsplit },
 249                { "mv", cmd_mv, RUN_SETUP },
 250                { "name-rev", cmd_name_rev, RUN_SETUP },
 251                { "pack-objects", cmd_pack_objects, RUN_SETUP },
 252                { "prune", cmd_prune, RUN_SETUP },
 253                { "prune-packed", cmd_prune_packed, RUN_SETUP },
 254                { "push", cmd_push, RUN_SETUP },
 255                { "read-tree", cmd_read_tree, RUN_SETUP },
 256                { "repo-config", cmd_repo_config },
 257                { "rev-list", cmd_rev_list, RUN_SETUP },
 258                { "rev-parse", cmd_rev_parse, RUN_SETUP },
 259                { "rm", cmd_rm, RUN_SETUP },
 260                { "runstatus", cmd_runstatus, RUN_SETUP },
 261                { "show-branch", cmd_show_branch, RUN_SETUP },
 262                { "show", cmd_show, RUN_SETUP | USE_PAGER },
 263                { "stripspace", cmd_stripspace },
 264                { "symbolic-ref", cmd_symbolic_ref, RUN_SETUP },
 265                { "tar-tree", cmd_tar_tree },
 266                { "unpack-objects", cmd_unpack_objects, RUN_SETUP },
 267                { "update-index", cmd_update_index, RUN_SETUP },
 268                { "update-ref", cmd_update_ref, RUN_SETUP },
 269                { "upload-archive", cmd_upload_archive },
 270                { "version", cmd_version },
 271                { "whatchanged", cmd_whatchanged, RUN_SETUP | USE_PAGER },
 272                { "write-tree", cmd_write_tree, RUN_SETUP },
 273                { "verify-pack", cmd_verify_pack },
 274                { "show-ref", cmd_show_ref, RUN_SETUP },
 275                { "pack-refs", cmd_pack_refs, RUN_SETUP },
 276        };
 277        int i;
 278
 279        /* Turn "git cmd --help" into "git help cmd" */
 280        if (argc > 1 && !strcmp(argv[1], "--help")) {
 281                argv[1] = argv[0];
 282                argv[0] = cmd = "help";
 283        }
 284
 285        for (i = 0; i < ARRAY_SIZE(commands); i++) {
 286                struct cmd_struct *p = commands+i;
 287                const char *prefix;
 288                if (strcmp(p->cmd, cmd))
 289                        continue;
 290
 291                prefix = NULL;
 292                if (p->option & RUN_SETUP)
 293                        prefix = setup_git_directory();
 294                if (p->option & USE_PAGER)
 295                        setup_pager();
 296                trace_argv_printf(argv, argc, "trace: built-in: git");
 297
 298                exit(p->fn(argc, argv, prefix));
 299        }
 300}
 301
 302int main(int argc, const char **argv, char **envp)
 303{
 304        const char *cmd = argv[0] ? argv[0] : "git-help";
 305        char *slash = strrchr(cmd, '/');
 306        const char *exec_path = NULL;
 307        int done_alias = 0;
 308
 309        /*
 310         * Take the basename of argv[0] as the command
 311         * name, and the dirname as the default exec_path
 312         * if it's an absolute path and we don't have
 313         * anything better.
 314         */
 315        if (slash) {
 316                *slash++ = 0;
 317                if (*cmd == '/')
 318                        exec_path = cmd;
 319                cmd = slash;
 320        }
 321
 322        /*
 323         * "git-xxxx" is the same as "git xxxx", but we obviously:
 324         *
 325         *  - cannot take flags in between the "git" and the "xxxx".
 326         *  - cannot execute it externally (since it would just do
 327         *    the same thing over again)
 328         *
 329         * So we just directly call the internal command handler, and
 330         * die if that one cannot handle it.
 331         */
 332        if (!strncmp(cmd, "git-", 4)) {
 333                cmd += 4;
 334                argv[0] = cmd;
 335                handle_internal_command(argc, argv, envp);
 336                die("cannot handle %s internally", cmd);
 337        }
 338
 339        /* Look for flags.. */
 340        argv++;
 341        argc--;
 342        handle_options(&argv, &argc);
 343        if (argc > 0) {
 344                if (!strncmp(argv[0], "--", 2))
 345                        argv[0] += 2;
 346        } else {
 347                /* Default command: "help" */
 348                argv[0] = "help";
 349                argc = 1;
 350        }
 351        cmd = argv[0];
 352
 353        /*
 354         * We search for git commands in the following order:
 355         *  - git_exec_path()
 356         *  - the path of the "git" command if we could find it
 357         *    in $0
 358         *  - the regular PATH.
 359         */
 360        if (exec_path)
 361                prepend_to_path(exec_path, strlen(exec_path));
 362        exec_path = git_exec_path();
 363        prepend_to_path(exec_path, strlen(exec_path));
 364
 365        while (1) {
 366                /* See if it's an internal command */
 367                handle_internal_command(argc, argv, envp);
 368
 369                /* .. then try the external ones */
 370                execv_git_cmd(argv);
 371
 372                /* It could be an alias -- this works around the insanity
 373                 * of overriding "git log" with "git show" by having
 374                 * alias.log = show
 375                 */
 376                if (done_alias || !handle_alias(&argc, &argv))
 377                        break;
 378                done_alias = 1;
 379        }
 380
 381        if (errno == ENOENT)
 382                help_unknown_cmd(cmd);
 383
 384        fprintf(stderr, "Failed to run command '%s': %s\n",
 385                cmd, strerror(errno));
 386
 387        return 1;
 388}