refs.con commit free(NULL) is perfectly valid. (4cac42b)
   1#include "refs.h"
   2#include "cache.h"
   3
   4#include <errno.h>
   5
   6/* We allow "recursive" symbolic refs. Only within reason, though */
   7#define MAXDEPTH 5
   8
   9const char *resolve_ref(const char *path, unsigned char *sha1, int reading)
  10{
  11        int depth = MAXDEPTH, len;
  12        char buffer[256];
  13
  14        for (;;) {
  15                struct stat st;
  16                char *buf;
  17                int fd;
  18
  19                if (--depth < 0)
  20                        return NULL;
  21
  22                /* Special case: non-existing file.
  23                 * Not having the refs/heads/new-branch is OK
  24                 * if we are writing into it, so is .git/HEAD
  25                 * that points at refs/heads/master still to be
  26                 * born.  It is NOT OK if we are resolving for
  27                 * reading.
  28                 */
  29                if (lstat(path, &st) < 0) {
  30                        if (reading || errno != ENOENT)
  31                                return NULL;
  32                        hashclr(sha1);
  33                        return path;
  34                }
  35
  36                /* Follow "normalized" - ie "refs/.." symlinks by hand */
  37                if (S_ISLNK(st.st_mode)) {
  38                        len = readlink(path, buffer, sizeof(buffer)-1);
  39                        if (len >= 5 && !memcmp("refs/", buffer, 5)) {
  40                                path = git_path("%.*s", len, buffer);
  41                                continue;
  42                        }
  43                }
  44
  45                /*
  46                 * Anything else, just open it and try to use it as
  47                 * a ref
  48                 */
  49                fd = open(path, O_RDONLY);
  50                if (fd < 0)
  51                        return NULL;
  52                len = read(fd, buffer, sizeof(buffer)-1);
  53                close(fd);
  54
  55                /*
  56                 * Is it a symbolic ref?
  57                 */
  58                if (len < 4 || memcmp("ref:", buffer, 4))
  59                        break;
  60                buf = buffer + 4;
  61                len -= 4;
  62                while (len && isspace(*buf))
  63                        buf++, len--;
  64                while (len && isspace(buf[len-1]))
  65                        buf[--len] = 0;
  66                path = git_path("%.*s", len, buf);
  67        }
  68        if (len < 40 || get_sha1_hex(buffer, sha1))
  69                return NULL;
  70        return path;
  71}
  72
  73int create_symref(const char *git_HEAD, const char *refs_heads_master)
  74{
  75        const char *lockpath;
  76        char ref[1000];
  77        int fd, len, written;
  78
  79#ifndef NO_SYMLINK_HEAD
  80        if (prefer_symlink_refs) {
  81                unlink(git_HEAD);
  82                if (!symlink(refs_heads_master, git_HEAD))
  83                        return 0;
  84                fprintf(stderr, "no symlink - falling back to symbolic ref\n");
  85        }
  86#endif
  87
  88        len = snprintf(ref, sizeof(ref), "ref: %s\n", refs_heads_master);
  89        if (sizeof(ref) <= len) {
  90                error("refname too long: %s", refs_heads_master);
  91                return -1;
  92        }
  93        lockpath = mkpath("%s.lock", git_HEAD);
  94        fd = open(lockpath, O_CREAT | O_EXCL | O_WRONLY, 0666); 
  95        written = write(fd, ref, len);
  96        close(fd);
  97        if (written != len) {
  98                unlink(lockpath);
  99                error("Unable to write to %s", lockpath);
 100                return -2;
 101        }
 102        if (rename(lockpath, git_HEAD) < 0) {
 103                unlink(lockpath);
 104                error("Unable to create %s", git_HEAD);
 105                return -3;
 106        }
 107        if (adjust_shared_perm(git_HEAD)) {
 108                unlink(lockpath);
 109                error("Unable to fix permissions on %s", lockpath);
 110                return -4;
 111        }
 112        return 0;
 113}
 114
 115int read_ref(const char *filename, unsigned char *sha1)
 116{
 117        if (resolve_ref(filename, sha1, 1))
 118                return 0;
 119        return -1;
 120}
 121
 122static int do_for_each_ref(const char *base, int (*fn)(const char *path, const unsigned char *sha1), int trim)
 123{
 124        int retval = 0;
 125        DIR *dir = opendir(git_path("%s", base));
 126
 127        if (dir) {
 128                struct dirent *de;
 129                int baselen = strlen(base);
 130                char *path = xmalloc(baselen + 257);
 131
 132                if (!strncmp(base, "./", 2)) {
 133                        base += 2;
 134                        baselen -= 2;
 135                }
 136                memcpy(path, base, baselen);
 137                if (baselen && base[baselen-1] != '/')
 138                        path[baselen++] = '/';
 139
 140                while ((de = readdir(dir)) != NULL) {
 141                        unsigned char sha1[20];
 142                        struct stat st;
 143                        int namelen;
 144
 145                        if (de->d_name[0] == '.')
 146                                continue;
 147                        namelen = strlen(de->d_name);
 148                        if (namelen > 255)
 149                                continue;
 150                        if (has_extension(de->d_name, ".lock"))
 151                                continue;
 152                        memcpy(path + baselen, de->d_name, namelen+1);
 153                        if (stat(git_path("%s", path), &st) < 0)
 154                                continue;
 155                        if (S_ISDIR(st.st_mode)) {
 156                                retval = do_for_each_ref(path, fn, trim);
 157                                if (retval)
 158                                        break;
 159                                continue;
 160                        }
 161                        if (read_ref(git_path("%s", path), sha1) < 0) {
 162                                error("%s points nowhere!", path);
 163                                continue;
 164                        }
 165                        if (!has_sha1_file(sha1)) {
 166                                error("%s does not point to a valid "
 167                                      "commit object!", path);
 168                                continue;
 169                        }
 170                        retval = fn(path + trim, sha1);
 171                        if (retval)
 172                                break;
 173                }
 174                free(path);
 175                closedir(dir);
 176        }
 177        return retval;
 178}
 179
 180int head_ref(int (*fn)(const char *path, const unsigned char *sha1))
 181{
 182        unsigned char sha1[20];
 183        if (!read_ref(git_path("HEAD"), sha1))
 184                return fn("HEAD", sha1);
 185        return 0;
 186}
 187
 188int for_each_ref(int (*fn)(const char *path, const unsigned char *sha1))
 189{
 190        return do_for_each_ref("refs", fn, 0);
 191}
 192
 193int for_each_tag_ref(int (*fn)(const char *path, const unsigned char *sha1))
 194{
 195        return do_for_each_ref("refs/tags", fn, 10);
 196}
 197
 198int for_each_branch_ref(int (*fn)(const char *path, const unsigned char *sha1))
 199{
 200        return do_for_each_ref("refs/heads", fn, 11);
 201}
 202
 203int for_each_remote_ref(int (*fn)(const char *path, const unsigned char *sha1))
 204{
 205        return do_for_each_ref("refs/remotes", fn, 13);
 206}
 207
 208int get_ref_sha1(const char *ref, unsigned char *sha1)
 209{
 210        if (check_ref_format(ref))
 211                return -1;
 212        return read_ref(git_path("refs/%s", ref), sha1);
 213}
 214
 215/*
 216 * Make sure "ref" is something reasonable to have under ".git/refs/";
 217 * We do not like it if:
 218 *
 219 * - any path component of it begins with ".", or
 220 * - it has double dots "..", or
 221 * - it has ASCII control character, "~", "^", ":" or SP, anywhere, or
 222 * - it ends with a "/".
 223 */
 224
 225static inline int bad_ref_char(int ch)
 226{
 227        return (((unsigned) ch) <= ' ' ||
 228                ch == '~' || ch == '^' || ch == ':' ||
 229                /* 2.13 Pattern Matching Notation */
 230                ch == '?' || ch == '*' || ch == '[');
 231}
 232
 233int check_ref_format(const char *ref)
 234{
 235        int ch, level;
 236        const char *cp = ref;
 237
 238        level = 0;
 239        while (1) {
 240                while ((ch = *cp++) == '/')
 241                        ; /* tolerate duplicated slashes */
 242                if (!ch)
 243                        return -1; /* should not end with slashes */
 244
 245                /* we are at the beginning of the path component */
 246                if (ch == '.' || bad_ref_char(ch))
 247                        return -1;
 248
 249                /* scan the rest of the path component */
 250                while ((ch = *cp++) != 0) {
 251                        if (bad_ref_char(ch))
 252                                return -1;
 253                        if (ch == '/')
 254                                break;
 255                        if (ch == '.' && *cp == '.')
 256                                return -1;
 257                }
 258                level++;
 259                if (!ch) {
 260                        if (level < 2)
 261                                return -1; /* at least of form "heads/blah" */
 262                        return 0;
 263                }
 264        }
 265}
 266
 267static struct ref_lock *verify_lock(struct ref_lock *lock,
 268        const unsigned char *old_sha1, int mustexist)
 269{
 270        char buf[40];
 271        int nr, fd = open(lock->ref_file, O_RDONLY);
 272        if (fd < 0 && (mustexist || errno != ENOENT)) {
 273                error("Can't verify ref %s", lock->ref_file);
 274                unlock_ref(lock);
 275                return NULL;
 276        }
 277        nr = read(fd, buf, 40);
 278        close(fd);
 279        if (nr != 40 || get_sha1_hex(buf, lock->old_sha1) < 0) {
 280                error("Can't verify ref %s", lock->ref_file);
 281                unlock_ref(lock);
 282                return NULL;
 283        }
 284        if (hashcmp(lock->old_sha1, old_sha1)) {
 285                error("Ref %s is at %s but expected %s", lock->ref_file,
 286                        sha1_to_hex(lock->old_sha1), sha1_to_hex(old_sha1));
 287                unlock_ref(lock);
 288                return NULL;
 289        }
 290        return lock;
 291}
 292
 293static struct ref_lock *lock_ref_sha1_basic(const char *path,
 294        int plen,
 295        const unsigned char *old_sha1, int mustexist)
 296{
 297        const char *orig_path = path;
 298        struct ref_lock *lock;
 299        struct stat st;
 300
 301        lock = xcalloc(1, sizeof(struct ref_lock));
 302        lock->lock_fd = -1;
 303
 304        plen = strlen(path) - plen;
 305        path = resolve_ref(path, lock->old_sha1, mustexist);
 306        if (!path) {
 307                int last_errno = errno;
 308                error("unable to resolve reference %s: %s",
 309                        orig_path, strerror(errno));
 310                unlock_ref(lock);
 311                errno = last_errno;
 312                return NULL;
 313        }
 314        lock->lk = xcalloc(1, sizeof(struct lock_file));
 315
 316        lock->ref_file = strdup(path);
 317        lock->log_file = strdup(git_path("logs/%s", lock->ref_file + plen));
 318        lock->force_write = lstat(lock->ref_file, &st) && errno == ENOENT;
 319
 320        if (safe_create_leading_directories(lock->ref_file))
 321                die("unable to create directory for %s", lock->ref_file);
 322        lock->lock_fd = hold_lock_file_for_update(lock->lk, lock->ref_file, 1);
 323
 324        return old_sha1 ? verify_lock(lock, old_sha1, mustexist) : lock;
 325}
 326
 327struct ref_lock *lock_ref_sha1(const char *ref,
 328        const unsigned char *old_sha1, int mustexist)
 329{
 330        if (check_ref_format(ref))
 331                return NULL;
 332        return lock_ref_sha1_basic(git_path("refs/%s", ref),
 333                5 + strlen(ref), old_sha1, mustexist);
 334}
 335
 336struct ref_lock *lock_any_ref_for_update(const char *ref,
 337        const unsigned char *old_sha1, int mustexist)
 338{
 339        return lock_ref_sha1_basic(git_path("%s", ref),
 340                strlen(ref), old_sha1, mustexist);
 341}
 342
 343void unlock_ref(struct ref_lock *lock)
 344{
 345        if (lock->lock_fd >= 0) {
 346                close(lock->lock_fd);
 347                /* Do not free lock->lk -- atexit() still looks at them */
 348                if (lock->lk)
 349                        rollback_lock_file(lock->lk);
 350        }
 351        free(lock->ref_file);
 352        free(lock->log_file);
 353        free(lock);
 354}
 355
 356static int log_ref_write(struct ref_lock *lock,
 357        const unsigned char *sha1, const char *msg)
 358{
 359        int logfd, written, oflags = O_APPEND | O_WRONLY;
 360        unsigned maxlen, len;
 361        char *logrec;
 362        const char *committer;
 363
 364        if (log_all_ref_updates) {
 365                if (safe_create_leading_directories(lock->log_file) < 0)
 366                        return error("unable to create directory for %s",
 367                                lock->log_file);
 368                oflags |= O_CREAT;
 369        }
 370
 371        logfd = open(lock->log_file, oflags, 0666);
 372        if (logfd < 0) {
 373                if (!log_all_ref_updates && errno == ENOENT)
 374                        return 0;
 375                return error("Unable to append to %s: %s",
 376                        lock->log_file, strerror(errno));
 377        }
 378
 379        committer = git_committer_info(1);
 380        if (msg) {
 381                maxlen = strlen(committer) + strlen(msg) + 2*40 + 5;
 382                logrec = xmalloc(maxlen);
 383                len = snprintf(logrec, maxlen, "%s %s %s\t%s\n",
 384                        sha1_to_hex(lock->old_sha1),
 385                        sha1_to_hex(sha1),
 386                        committer,
 387                        msg);
 388        }
 389        else {
 390                maxlen = strlen(committer) + 2*40 + 4;
 391                logrec = xmalloc(maxlen);
 392                len = snprintf(logrec, maxlen, "%s %s %s\n",
 393                        sha1_to_hex(lock->old_sha1),
 394                        sha1_to_hex(sha1),
 395                        committer);
 396        }
 397        written = len <= maxlen ? write(logfd, logrec, len) : -1;
 398        free(logrec);
 399        close(logfd);
 400        if (written != len)
 401                return error("Unable to append to %s", lock->log_file);
 402        return 0;
 403}
 404
 405int write_ref_sha1(struct ref_lock *lock,
 406        const unsigned char *sha1, const char *logmsg)
 407{
 408        static char term = '\n';
 409
 410        if (!lock)
 411                return -1;
 412        if (!lock->force_write && !hashcmp(lock->old_sha1, sha1)) {
 413                unlock_ref(lock);
 414                return 0;
 415        }
 416        if (write(lock->lock_fd, sha1_to_hex(sha1), 40) != 40 ||
 417            write(lock->lock_fd, &term, 1) != 1
 418                || close(lock->lock_fd) < 0) {
 419                error("Couldn't write %s", lock->lk->filename);
 420                unlock_ref(lock);
 421                return -1;
 422        }
 423        if (log_ref_write(lock, sha1, logmsg) < 0) {
 424                unlock_ref(lock);
 425                return -1;
 426        }
 427        if (commit_lock_file(lock->lk)) {
 428                error("Couldn't set %s", lock->ref_file);
 429                unlock_ref(lock);
 430                return -1;
 431        }
 432        lock->lock_fd = -1;
 433        unlock_ref(lock);
 434        return 0;
 435}
 436
 437int read_ref_at(const char *ref, unsigned long at_time, unsigned char *sha1)
 438{
 439        const char *logfile, *logdata, *logend, *rec, *lastgt, *lastrec;
 440        char *tz_c;
 441        int logfd, tz;
 442        struct stat st;
 443        unsigned long date;
 444        unsigned char logged_sha1[20];
 445
 446        logfile = git_path("logs/%s", ref);
 447        logfd = open(logfile, O_RDONLY, 0);
 448        if (logfd < 0)
 449                die("Unable to read log %s: %s", logfile, strerror(errno));
 450        fstat(logfd, &st);
 451        if (!st.st_size)
 452                die("Log %s is empty.", logfile);
 453        logdata = mmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, logfd, 0);
 454        close(logfd);
 455
 456        lastrec = NULL;
 457        rec = logend = logdata + st.st_size;
 458        while (logdata < rec) {
 459                if (logdata < rec && *(rec-1) == '\n')
 460                        rec--;
 461                lastgt = NULL;
 462                while (logdata < rec && *(rec-1) != '\n') {
 463                        rec--;
 464                        if (*rec == '>')
 465                                lastgt = rec;
 466                }
 467                if (!lastgt)
 468                        die("Log %s is corrupt.", logfile);
 469                date = strtoul(lastgt + 1, &tz_c, 10);
 470                if (date <= at_time) {
 471                        if (lastrec) {
 472                                if (get_sha1_hex(lastrec, logged_sha1))
 473                                        die("Log %s is corrupt.", logfile);
 474                                if (get_sha1_hex(rec + 41, sha1))
 475                                        die("Log %s is corrupt.", logfile);
 476                                if (hashcmp(logged_sha1, sha1)) {
 477                                        tz = strtoul(tz_c, NULL, 10);
 478                                        fprintf(stderr,
 479                                                "warning: Log %s has gap after %s.\n",
 480                                                logfile, show_rfc2822_date(date, tz));
 481                                }
 482                        }
 483                        else if (date == at_time) {
 484                                if (get_sha1_hex(rec + 41, sha1))
 485                                        die("Log %s is corrupt.", logfile);
 486                        }
 487                        else {
 488                                if (get_sha1_hex(rec + 41, logged_sha1))
 489                                        die("Log %s is corrupt.", logfile);
 490                                if (hashcmp(logged_sha1, sha1)) {
 491                                        tz = strtoul(tz_c, NULL, 10);
 492                                        fprintf(stderr,
 493                                                "warning: Log %s unexpectedly ended on %s.\n",
 494                                                logfile, show_rfc2822_date(date, tz));
 495                                }
 496                        }
 497                        munmap((void*)logdata, st.st_size);
 498                        return 0;
 499                }
 500                lastrec = rec;
 501        }
 502
 503        rec = logdata;
 504        while (rec < logend && *rec != '>' && *rec != '\n')
 505                rec++;
 506        if (rec == logend || *rec == '\n')
 507                die("Log %s is corrupt.", logfile);
 508        date = strtoul(rec + 1, &tz_c, 10);
 509        tz = strtoul(tz_c, NULL, 10);
 510        if (get_sha1_hex(logdata, sha1))
 511                die("Log %s is corrupt.", logfile);
 512        munmap((void*)logdata, st.st_size);
 513        fprintf(stderr, "warning: Log %s only goes back to %s.\n",
 514                logfile, show_rfc2822_date(date, tz));
 515        return 0;
 516}