vcs-svn / fast_export.con commit log: fix -L bounds checking bug (63828b8)
   1/*
   2 * Licensed under a two-clause BSD-style license.
   3 * See LICENSE for details.
   4 */
   5
   6#include "cache.h"
   7#include "quote.h"
   8#include "fast_export.h"
   9#include "repo_tree.h"
  10#include "strbuf.h"
  11#include "svndiff.h"
  12#include "sliding_window.h"
  13#include "line_buffer.h"
  14
  15#define MAX_GITSVN_LINE_LEN 4096
  16
  17static uint32_t first_commit_done;
  18static struct line_buffer postimage = LINE_BUFFER_INIT;
  19static struct line_buffer report_buffer = LINE_BUFFER_INIT;
  20
  21/* NEEDSWORK: move to fast_export_init() */
  22static int init_postimage(void)
  23{
  24        static int postimage_initialized;
  25        if (postimage_initialized)
  26                return 0;
  27        postimage_initialized = 1;
  28        return buffer_tmpfile_init(&postimage);
  29}
  30
  31void fast_export_init(int fd)
  32{
  33        first_commit_done = 0;
  34        if (buffer_fdinit(&report_buffer, fd))
  35                die_errno("cannot read from file descriptor %d", fd);
  36}
  37
  38void fast_export_deinit(void)
  39{
  40        if (buffer_deinit(&report_buffer))
  41                die_errno("error closing fast-import feedback stream");
  42}
  43
  44void fast_export_delete(const char *path)
  45{
  46        putchar('D');
  47        putchar(' ');
  48        quote_c_style(path, NULL, stdout, 0);
  49        putchar('\n');
  50}
  51
  52static void fast_export_truncate(const char *path, uint32_t mode)
  53{
  54        fast_export_modify(path, mode, "inline");
  55        printf("data 0\n\n");
  56}
  57
  58void fast_export_modify(const char *path, uint32_t mode, const char *dataref)
  59{
  60        /* Mode must be 100644, 100755, 120000, or 160000. */
  61        if (!dataref) {
  62                fast_export_truncate(path, mode);
  63                return;
  64        }
  65        printf("M %06"PRIo32" %s ", mode, dataref);
  66        quote_c_style(path, NULL, stdout, 0);
  67        putchar('\n');
  68}
  69
  70void fast_export_begin_note(uint32_t revision, const char *author,
  71                const char *log, unsigned long timestamp, const char *note_ref)
  72{
  73        static int firstnote = 1;
  74        size_t loglen = strlen(log);
  75        printf("commit %s\n", note_ref);
  76        printf("committer %s <%s@%s> %ld +0000\n", author, author, "local", timestamp);
  77        printf("data %"PRIuMAX"\n", (uintmax_t)loglen);
  78        fwrite(log, loglen, 1, stdout);
  79        if (firstnote) {
  80                if (revision > 1)
  81                        printf("from %s^0", note_ref);
  82                firstnote = 0;
  83        }
  84        fputc('\n', stdout);
  85}
  86
  87void fast_export_note(const char *committish, const char *dataref)
  88{
  89        printf("N %s %s\n", dataref, committish);
  90}
  91
  92static char gitsvnline[MAX_GITSVN_LINE_LEN];
  93void fast_export_begin_commit(uint32_t revision, const char *author,
  94                        const struct strbuf *log,
  95                        const char *uuid, const char *url,
  96                        unsigned long timestamp, const char *local_ref)
  97{
  98        static const struct strbuf empty = STRBUF_INIT;
  99        if (!log)
 100                log = &empty;
 101        if (*uuid && *url) {
 102                snprintf(gitsvnline, MAX_GITSVN_LINE_LEN,
 103                                "\n\ngit-svn-id: %s@%"PRIu32" %s\n",
 104                                 url, revision, uuid);
 105        } else {
 106                *gitsvnline = '\0';
 107        }
 108        printf("commit %s\n", local_ref);
 109        printf("mark :%"PRIu32"\n", revision);
 110        printf("committer %s <%s@%s> %ld +0000\n",
 111                   *author ? author : "nobody",
 112                   *author ? author : "nobody",
 113                   *uuid ? uuid : "local", timestamp);
 114        printf("data %"PRIuMAX"\n",
 115                (uintmax_t) (log->len + strlen(gitsvnline)));
 116        fwrite(log->buf, log->len, 1, stdout);
 117        printf("%s\n", gitsvnline);
 118        if (!first_commit_done) {
 119                if (revision > 1)
 120                        printf("from :%"PRIu32"\n", revision - 1);
 121                first_commit_done = 1;
 122        }
 123}
 124
 125void fast_export_end_commit(uint32_t revision)
 126{
 127        printf("progress Imported commit %"PRIu32".\n\n", revision);
 128}
 129
 130static void ls_from_rev(uint32_t rev, const char *path)
 131{
 132        /* ls :5 path/to/old/file */
 133        printf("ls :%"PRIu32" ", rev);
 134        quote_c_style(path, NULL, stdout, 0);
 135        putchar('\n');
 136        fflush(stdout);
 137}
 138
 139static void ls_from_active_commit(const char *path)
 140{
 141        /* ls "path/to/file" */
 142        printf("ls \"");
 143        quote_c_style(path, NULL, stdout, 1);
 144        printf("\"\n");
 145        fflush(stdout);
 146}
 147
 148static const char *get_response_line(void)
 149{
 150        const char *line = buffer_read_line(&report_buffer);
 151        if (line)
 152                return line;
 153        if (buffer_ferror(&report_buffer))
 154                die_errno("error reading from fast-import");
 155        die("unexpected end of fast-import feedback");
 156}
 157
 158static void die_short_read(struct line_buffer *input)
 159{
 160        if (buffer_ferror(input))
 161                die_errno("error reading dump file");
 162        die("invalid dump: unexpected end of file");
 163}
 164
 165static int ends_with(const char *s, size_t len, const char *suffix)
 166{
 167        const size_t suffixlen = strlen(suffix);
 168        if (len < suffixlen)
 169                return 0;
 170        return !memcmp(s + len - suffixlen, suffix, suffixlen);
 171}
 172
 173static int parse_cat_response_line(const char *header, off_t *len)
 174{
 175        size_t headerlen = strlen(header);
 176        uintmax_t n;
 177        const char *type;
 178        const char *end;
 179
 180        if (ends_with(header, headerlen, " missing"))
 181                return error("cat-blob reports missing blob: %s", header);
 182        type = strstr(header, " blob ");
 183        if (!type)
 184                return error("cat-blob header has wrong object type: %s", header);
 185        n = strtoumax(type + strlen(" blob "), (char **) &end, 10);
 186        if (end == type + strlen(" blob "))
 187                return error("cat-blob header does not contain length: %s", header);
 188        if (memchr(type + strlen(" blob "), '-', end - type - strlen(" blob ")))
 189                return error("cat-blob header contains negative length: %s", header);
 190        if (n == UINTMAX_MAX || n > maximum_signed_value_of_type(off_t))
 191                return error("blob too large for current definition of off_t");
 192        *len = n;
 193        if (*end)
 194                return error("cat-blob header contains garbage after length: %s", header);
 195        return 0;
 196}
 197
 198static void check_preimage_overflow(off_t a, off_t b)
 199{
 200        if (signed_add_overflows(a, b))
 201                die("blob too large for current definition of off_t");
 202}
 203
 204static long apply_delta(off_t len, struct line_buffer *input,
 205                        const char *old_data, uint32_t old_mode)
 206{
 207        long ret;
 208        struct sliding_view preimage = SLIDING_VIEW_INIT(&report_buffer, 0);
 209        FILE *out;
 210
 211        if (init_postimage() || !(out = buffer_tmpfile_rewind(&postimage)))
 212                die("cannot open temporary file for blob retrieval");
 213        if (old_data) {
 214                const char *response;
 215                printf("cat-blob %s\n", old_data);
 216                fflush(stdout);
 217                response = get_response_line();
 218                if (parse_cat_response_line(response, &preimage.max_off))
 219                        die("invalid cat-blob response: %s", response);
 220                check_preimage_overflow(preimage.max_off, 1);
 221        }
 222        if (old_mode == REPO_MODE_LNK) {
 223                strbuf_addstr(&preimage.buf, "link ");
 224                check_preimage_overflow(preimage.max_off, strlen("link "));
 225                preimage.max_off += strlen("link ");
 226                check_preimage_overflow(preimage.max_off, 1);
 227        }
 228        if (svndiff0_apply(input, len, &preimage, out))
 229                die("cannot apply delta");
 230        if (old_data) {
 231                /* Read the remainder of preimage and trailing newline. */
 232                assert(!signed_add_overflows(preimage.max_off, 1));
 233                preimage.max_off++;     /* room for newline */
 234                if (move_window(&preimage, preimage.max_off - 1, 1))
 235                        die("cannot seek to end of input");
 236                if (preimage.buf.buf[0] != '\n')
 237                        die("missing newline after cat-blob response");
 238        }
 239        ret = buffer_tmpfile_prepare_to_read(&postimage);
 240        if (ret < 0)
 241                die("cannot read temporary file for blob retrieval");
 242        strbuf_release(&preimage.buf);
 243        return ret;
 244}
 245
 246void fast_export_buf_to_data(const struct strbuf *data)
 247{
 248        printf("data %"PRIuMAX"\n", (uintmax_t)data->len);
 249        fwrite(data->buf, data->len, 1, stdout);
 250        fputc('\n', stdout);
 251}
 252
 253void fast_export_data(uint32_t mode, off_t len, struct line_buffer *input)
 254{
 255        assert(len >= 0);
 256        if (mode == REPO_MODE_LNK) {
 257                /* svn symlink blobs start with "link " */
 258                if (len < 5)
 259                        die("invalid dump: symlink too short for \"link\" prefix");
 260                len -= 5;
 261                if (buffer_skip_bytes(input, 5) != 5)
 262                        die_short_read(input);
 263        }
 264        printf("data %"PRIuMAX"\n", (uintmax_t) len);
 265        if (buffer_copy_bytes(input, len) != len)
 266                die_short_read(input);
 267        fputc('\n', stdout);
 268}
 269
 270static int parse_ls_response(const char *response, uint32_t *mode,
 271                                        struct strbuf *dataref)
 272{
 273        const char *tab;
 274        const char *response_end;
 275
 276        assert(response);
 277        response_end = response + strlen(response);
 278
 279        if (*response == 'm') { /* Missing. */
 280                errno = ENOENT;
 281                return -1;
 282        }
 283
 284        /* Mode. */
 285        if (response_end - response < (signed) strlen("100644") ||
 286            response[strlen("100644")] != ' ')
 287                die("invalid ls response: missing mode: %s", response);
 288        *mode = 0;
 289        for (; *response != ' '; response++) {
 290                char ch = *response;
 291                if (ch < '0' || ch > '7')
 292                        die("invalid ls response: mode is not octal: %s", response);
 293                *mode *= 8;
 294                *mode += ch - '0';
 295        }
 296
 297        /* ' blob ' or ' tree ' */
 298        if (response_end - response < (signed) strlen(" blob ") ||
 299            (response[1] != 'b' && response[1] != 't'))
 300                die("unexpected ls response: not a tree or blob: %s", response);
 301        response += strlen(" blob ");
 302
 303        /* Dataref. */
 304        tab = memchr(response, '\t', response_end - response);
 305        if (!tab)
 306                die("invalid ls response: missing tab: %s", response);
 307        strbuf_add(dataref, response, tab - response);
 308        return 0;
 309}
 310
 311int fast_export_ls_rev(uint32_t rev, const char *path,
 312                                uint32_t *mode, struct strbuf *dataref)
 313{
 314        ls_from_rev(rev, path);
 315        return parse_ls_response(get_response_line(), mode, dataref);
 316}
 317
 318int fast_export_ls(const char *path, uint32_t *mode, struct strbuf *dataref)
 319{
 320        ls_from_active_commit(path);
 321        return parse_ls_response(get_response_line(), mode, dataref);
 322}
 323
 324void fast_export_blob_delta(uint32_t mode,
 325                                uint32_t old_mode, const char *old_data,
 326                                off_t len, struct line_buffer *input)
 327{
 328        long postimage_len;
 329
 330        assert(len >= 0);
 331        postimage_len = apply_delta(len, input, old_data, old_mode);
 332        if (mode == REPO_MODE_LNK) {
 333                buffer_skip_bytes(&postimage, strlen("link "));
 334                postimage_len -= strlen("link ");
 335        }
 336        printf("data %ld\n", postimage_len);
 337        buffer_copy_bytes(&postimage, postimage_len);
 338        fputc('\n', stdout);
 339}