1#include "cache.h"
2#include "pack.h"
3#include "pack-revindex.h"
4
5struct idx_entry {
6 off_t offset;
7 const unsigned char *sha1;
8 unsigned int nr;
9};
10
11static int compare_entries(const void *e1, const void *e2)
12{
13 const struct idx_entry *entry1 = e1;
14 const struct idx_entry *entry2 = e2;
15 if (entry1->offset < entry2->offset)
16 return -1;
17 if (entry1->offset > entry2->offset)
18 return 1;
19 return 0;
20}
21
22int check_pack_crc(struct packed_git *p, struct pack_window **w_curs,
23 off_t offset, off_t len, unsigned int nr)
24{
25 const uint32_t *index_crc;
26 uint32_t data_crc = crc32(0, Z_NULL, 0);
27
28 do {
29 unsigned int avail;
30 void *data = use_pack(p, w_curs, offset, &avail);
31 if (avail > len)
32 avail = len;
33 data_crc = crc32(data_crc, data, avail);
34 offset += avail;
35 len -= avail;
36 } while (len);
37
38 index_crc = p->index_data;
39 index_crc += 2 + 256 + p->num_objects * (20/4) + nr;
40
41 return data_crc != ntohl(*index_crc);
42}
43
44static int verify_packfile(struct packed_git *p,
45 struct pack_window **w_curs)
46{
47 off_t index_size = p->index_size;
48 const unsigned char *index_base = p->index_data;
49 git_SHA_CTX ctx;
50 unsigned char sha1[20], *pack_sig;
51 off_t offset = 0, pack_sig_ofs = 0;
52 uint32_t nr_objects, i;
53 int err = 0;
54 struct idx_entry *entries;
55
56 /* Note that the pack header checks are actually performed by
57 * use_pack when it first opens the pack file. If anything
58 * goes wrong during those checks then the call will die out
59 * immediately.
60 */
61
62 git_SHA1_Init(&ctx);
63 do {
64 unsigned int remaining;
65 unsigned char *in = use_pack(p, w_curs, offset, &remaining);
66 offset += remaining;
67 if (!pack_sig_ofs)
68 pack_sig_ofs = p->pack_size - 20;
69 if (offset > pack_sig_ofs)
70 remaining -= (unsigned int)(offset - pack_sig_ofs);
71 git_SHA1_Update(&ctx, in, remaining);
72 } while (offset < pack_sig_ofs);
73 git_SHA1_Final(sha1, &ctx);
74 pack_sig = use_pack(p, w_curs, pack_sig_ofs, NULL);
75 if (hashcmp(sha1, pack_sig))
76 err = error("%s SHA1 checksum mismatch",
77 p->pack_name);
78 if (hashcmp(index_base + index_size - 40, pack_sig))
79 err = error("%s SHA1 does not match its index",
80 p->pack_name);
81 unuse_pack(w_curs);
82
83 /* Make sure everything reachable from idx is valid. Since we
84 * have verified that nr_objects matches between idx and pack,
85 * we do not do scan-streaming check on the pack file.
86 */
87 nr_objects = p->num_objects;
88 entries = xmalloc((nr_objects + 1) * sizeof(*entries));
89 entries[nr_objects].offset = pack_sig_ofs;
90 /* first sort entries by pack offset, since unpacking them is more efficient that way */
91 for (i = 0; i < nr_objects; i++) {
92 entries[i].sha1 = nth_packed_object_sha1(p, i);
93 if (!entries[i].sha1)
94 die("internal error pack-check nth-packed-object");
95 entries[i].offset = nth_packed_object_offset(p, i);
96 entries[i].nr = i;
97 }
98 qsort(entries, nr_objects, sizeof(*entries), compare_entries);
99
100 for (i = 0; i < nr_objects; i++) {
101 void *data;
102 enum object_type type;
103 unsigned long size;
104
105 if (p->index_version > 1) {
106 off_t offset = entries[i].offset;
107 off_t len = entries[i+1].offset - offset;
108 unsigned int nr = entries[i].nr;
109 if (check_pack_crc(p, w_curs, offset, len, nr))
110 err = error("index CRC mismatch for object %s "
111 "from %s at offset %"PRIuMAX"",
112 sha1_to_hex(entries[i].sha1),
113 p->pack_name, (uintmax_t)offset);
114 }
115 data = unpack_entry(p, entries[i].offset, &type, &size);
116 if (!data) {
117 err = error("cannot unpack %s from %s at offset %"PRIuMAX"",
118 sha1_to_hex(entries[i].sha1), p->pack_name,
119 (uintmax_t)entries[i].offset);
120 break;
121 }
122 if (check_sha1_signature(entries[i].sha1, data, size, typename(type))) {
123 err = error("packed %s from %s is corrupt",
124 sha1_to_hex(entries[i].sha1), p->pack_name);
125 free(data);
126 break;
127 }
128 free(data);
129 }
130 free(entries);
131
132 return err;
133}
134
135int verify_pack_index(struct packed_git *p)
136{
137 off_t index_size;
138 const unsigned char *index_base;
139 git_SHA_CTX ctx;
140 unsigned char sha1[20];
141 int err = 0;
142
143 if (open_pack_index(p))
144 return error("packfile %s index not opened", p->pack_name);
145 index_size = p->index_size;
146 index_base = p->index_data;
147
148 /* Verify SHA1 sum of the index file */
149 git_SHA1_Init(&ctx);
150 git_SHA1_Update(&ctx, index_base, (unsigned int)(index_size - 20));
151 git_SHA1_Final(sha1, &ctx);
152 if (hashcmp(sha1, index_base + index_size - 20))
153 err = error("Packfile index for %s SHA1 mismatch",
154 p->pack_name);
155 return err;
156}
157
158int verify_pack(struct packed_git *p)
159{
160 int err = 0;
161 struct pack_window *w_curs = NULL;
162
163 err |= verify_pack_index(p);
164 if (!p->index_data)
165 return -1;
166
167 err |= verify_packfile(p, &w_curs);
168 unuse_pack(&w_curs);
169
170 return err;
171}