refs.con commit [PATCH] Fix symbolic ref validation (85912b0)
   1#include "refs.h"
   2#include "cache.h"
   3
   4#include <errno.h>
   5#include <ctype.h>
   6
   7/* We allow "recursive" symbolic refs. Only within reason, though */
   8#define MAXDEPTH 5
   9
  10#ifndef USE_SYMLINK_HEAD
  11#define USE_SYMLINK_HEAD 1
  12#endif
  13
  14int validate_symref(const char *path)
  15{
  16        struct stat st;
  17        char *buf, buffer[256];
  18        int len, fd;
  19
  20        if (lstat(path, &st) < 0)
  21                return -1;
  22
  23        /* Make sure it is a "refs/.." symlink */
  24        if (S_ISLNK(st.st_mode)) {
  25                len = readlink(path, buffer, sizeof(buffer)-1);
  26                if (len >= 5 && !memcmp("refs/", buffer, 5))
  27                        return 0;
  28                return -1;
  29        }
  30
  31        /*
  32         * Anything else, just open it and try to see if it is a symbolic ref.
  33         */
  34        fd = open(path, O_RDONLY);
  35        if (fd < 0)
  36                return -1;
  37        len = read(fd, buffer, sizeof(buffer)-1);
  38        close(fd);
  39
  40        /*
  41         * Is it a symbolic ref?
  42         */
  43        if (len < 4 || memcmp("ref:", buffer, 4))
  44                return -1;
  45        buf = buffer + 4;
  46        len -= 4;
  47        while (len && isspace(*buf))
  48                buf++, len--;
  49        if (len >= 5 && !memcmp("refs/", buf, 5))
  50                return 0;
  51        return -1;
  52}
  53
  54const char *resolve_ref(const char *path, unsigned char *sha1, int reading)
  55{
  56        int depth = MAXDEPTH, len;
  57        char buffer[256];
  58
  59        for (;;) {
  60                struct stat st;
  61                char *buf;
  62                int fd;
  63
  64                if (--depth < 0)
  65                        return NULL;
  66
  67                /* Special case: non-existing file.
  68                 * Not having the refs/heads/new-branch is OK
  69                 * if we are writing into it, so is .git/HEAD
  70                 * that points at refs/heads/master still to be
  71                 * born.  It is NOT OK if we are resolving for
  72                 * reading.
  73                 */
  74                if (lstat(path, &st) < 0) {
  75                        if (reading || errno != ENOENT)
  76                                return NULL;
  77                        memset(sha1, 0, 20);
  78                        return path;
  79                }
  80
  81                /* Follow "normalized" - ie "refs/.." symlinks by hand */
  82                if (S_ISLNK(st.st_mode)) {
  83                        len = readlink(path, buffer, sizeof(buffer)-1);
  84                        if (len >= 5 && !memcmp("refs/", buffer, 5)) {
  85                                path = git_path("%.*s", len, buffer);
  86                                continue;
  87                        }
  88                }
  89
  90                /*
  91                 * Anything else, just open it and try to use it as
  92                 * a ref
  93                 */
  94                fd = open(path, O_RDONLY);
  95                if (fd < 0)
  96                        return NULL;
  97                len = read(fd, buffer, sizeof(buffer)-1);
  98                close(fd);
  99
 100                /*
 101                 * Is it a symbolic ref?
 102                 */
 103                if (len < 4 || memcmp("ref:", buffer, 4))
 104                        break;
 105                buf = buffer + 4;
 106                len -= 4;
 107                while (len && isspace(*buf))
 108                        buf++, len--;
 109                while (len && isspace(buf[len-1]))
 110                        buf[--len] = 0;
 111                path = git_path("%.*s", len, buf);
 112        }
 113        if (len < 40 || get_sha1_hex(buffer, sha1))
 114                return NULL;
 115        return path;
 116}
 117
 118int create_symref(const char *git_HEAD, const char *refs_heads_master)
 119{
 120#if USE_SYMLINK_HEAD
 121        unlink(git_HEAD);
 122        return symlink(refs_heads_master, git_HEAD);
 123#else
 124        const char *lockpath;
 125        char ref[1000];
 126        int fd, len, written;
 127
 128        len = snprintf(ref, sizeof(ref), "ref: %s\n", refs_heads_master);
 129        if (sizeof(ref) <= len) {
 130                error("refname too long: %s", refs_heads_master);
 131                return -1;
 132        }
 133        lockpath = mkpath("%s.lock", git_HEAD);
 134        fd = open(lockpath, O_CREAT | O_EXCL | O_WRONLY, 0666); 
 135        written = write(fd, ref, len);
 136        close(fd);
 137        if (written != len) {
 138                unlink(lockpath);
 139                error("Unable to write to %s", lockpath);
 140                return -2;
 141        }
 142        if (rename(lockpath, git_HEAD) < 0) {
 143                unlink(lockpath);
 144                error("Unable to create %s", git_HEAD);
 145                return -3;
 146        }
 147        return 0;
 148#endif
 149}
 150
 151int read_ref(const char *filename, unsigned char *sha1)
 152{
 153        if (resolve_ref(filename, sha1, 1))
 154                return 0;
 155        return -1;
 156}
 157
 158static int do_for_each_ref(const char *base, int (*fn)(const char *path, const unsigned char *sha1))
 159{
 160        int retval = 0;
 161        DIR *dir = opendir(git_path("%s", base));
 162
 163        if (dir) {
 164                struct dirent *de;
 165                int baselen = strlen(base);
 166                char *path = xmalloc(baselen + 257);
 167
 168                if (!strncmp(base, "./", 2)) {
 169                        base += 2;
 170                        baselen -= 2;
 171                }
 172                memcpy(path, base, baselen);
 173                if (baselen && base[baselen-1] != '/')
 174                        path[baselen++] = '/';
 175
 176                while ((de = readdir(dir)) != NULL) {
 177                        unsigned char sha1[20];
 178                        struct stat st;
 179                        int namelen;
 180
 181                        if (de->d_name[0] == '.')
 182                                continue;
 183                        namelen = strlen(de->d_name);
 184                        if (namelen > 255)
 185                                continue;
 186                        memcpy(path + baselen, de->d_name, namelen+1);
 187                        if (stat(git_path("%s", path), &st) < 0)
 188                                continue;
 189                        if (S_ISDIR(st.st_mode)) {
 190                                retval = do_for_each_ref(path, fn);
 191                                if (retval)
 192                                        break;
 193                                continue;
 194                        }
 195                        if (read_ref(git_path("%s", path), sha1) < 0)
 196                                continue;
 197                        if (!has_sha1_file(sha1))
 198                                continue;
 199                        retval = fn(path, sha1);
 200                        if (retval)
 201                                break;
 202                }
 203                free(path);
 204                closedir(dir);
 205        }
 206        return retval;
 207}
 208
 209int head_ref(int (*fn)(const char *path, const unsigned char *sha1))
 210{
 211        unsigned char sha1[20];
 212        if (!read_ref(git_path("HEAD"), sha1))
 213                return fn("HEAD", sha1);
 214        return 0;
 215}
 216
 217int for_each_ref(int (*fn)(const char *path, const unsigned char *sha1))
 218{
 219        return do_for_each_ref("refs", fn);
 220}
 221
 222static char *ref_file_name(const char *ref)
 223{
 224        char *base = get_refs_directory();
 225        int baselen = strlen(base);
 226        int reflen = strlen(ref);
 227        char *ret = xmalloc(baselen + 2 + reflen);
 228        sprintf(ret, "%s/%s", base, ref);
 229        return ret;
 230}
 231
 232static char *ref_lock_file_name(const char *ref)
 233{
 234        char *base = get_refs_directory();
 235        int baselen = strlen(base);
 236        int reflen = strlen(ref);
 237        char *ret = xmalloc(baselen + 7 + reflen);
 238        sprintf(ret, "%s/%s.lock", base, ref);
 239        return ret;
 240}
 241
 242int get_ref_sha1(const char *ref, unsigned char *sha1)
 243{
 244        const char *filename;
 245
 246        if (check_ref_format(ref))
 247                return -1;
 248        filename = git_path("refs/%s", ref);
 249        return read_ref(filename, sha1);
 250}
 251
 252static int lock_ref_file(const char *filename, const char *lock_filename,
 253                         const unsigned char *old_sha1)
 254{
 255        int fd = open(lock_filename, O_WRONLY | O_CREAT | O_EXCL, 0666);
 256        unsigned char current_sha1[20];
 257        int retval;
 258        if (fd < 0) {
 259                return error("Couldn't open lock file for %s: %s",
 260                             filename, strerror(errno));
 261        }
 262        retval = read_ref(filename, current_sha1);
 263        if (old_sha1) {
 264                if (retval) {
 265                        close(fd);
 266                        unlink(lock_filename);
 267                        return error("Could not read the current value of %s",
 268                                     filename);
 269                }
 270                if (memcmp(current_sha1, old_sha1, 20)) {
 271                        close(fd);
 272                        unlink(lock_filename);
 273                        error("The current value of %s is %s",
 274                              filename, sha1_to_hex(current_sha1));
 275                        return error("Expected %s",
 276                                     sha1_to_hex(old_sha1));
 277                }
 278        } else {
 279                if (!retval) {
 280                        close(fd);
 281                        unlink(lock_filename);
 282                        return error("Unexpectedly found a value of %s for %s",
 283                                     sha1_to_hex(current_sha1), filename);
 284                }
 285        }
 286        return fd;
 287}
 288
 289int lock_ref_sha1(const char *ref, const unsigned char *old_sha1)
 290{
 291        char *filename;
 292        char *lock_filename;
 293        int retval;
 294        if (check_ref_format(ref))
 295                return -1;
 296        filename = ref_file_name(ref);
 297        lock_filename = ref_lock_file_name(ref);
 298        retval = lock_ref_file(filename, lock_filename, old_sha1);
 299        free(filename);
 300        free(lock_filename);
 301        return retval;
 302}
 303
 304static int write_ref_file(const char *filename,
 305                          const char *lock_filename, int fd,
 306                          const unsigned char *sha1)
 307{
 308        char *hex = sha1_to_hex(sha1);
 309        char term = '\n';
 310        if (write(fd, hex, 40) < 40 ||
 311            write(fd, &term, 1) < 1) {
 312                error("Couldn't write %s\n", filename);
 313                close(fd);
 314                return -1;
 315        }
 316        close(fd);
 317        rename(lock_filename, filename);
 318        return 0;
 319}
 320
 321int write_ref_sha1(const char *ref, int fd, const unsigned char *sha1)
 322{
 323        char *filename;
 324        char *lock_filename;
 325        int retval;
 326        if (fd < 0)
 327                return -1;
 328        if (check_ref_format(ref))
 329                return -1;
 330        filename = ref_file_name(ref);
 331        lock_filename = ref_lock_file_name(ref);
 332        retval = write_ref_file(filename, lock_filename, fd, sha1);
 333        free(filename);
 334        free(lock_filename);
 335        return retval;
 336}
 337
 338int check_ref_format(const char *ref)
 339{
 340        char *middle;
 341        if (ref[0] == '.' || ref[0] == '/')
 342                return -1;
 343        middle = strchr(ref, '/');
 344        if (!middle || !middle[1])
 345                return -1;
 346        if (strchr(middle + 1, '/'))
 347                return -1;
 348        return 0;
 349}
 350
 351int write_ref_sha1_unlocked(const char *ref, const unsigned char *sha1)
 352{
 353        char *filename;
 354        char *lock_filename;
 355        int fd;
 356        int retval;
 357        if (check_ref_format(ref))
 358                return -1;
 359        filename = ref_file_name(ref);
 360        lock_filename = ref_lock_file_name(ref);
 361        fd = open(lock_filename, O_WRONLY | O_CREAT | O_EXCL, 0666);
 362        if (fd < 0) {
 363                error("Writing %s", lock_filename);
 364                perror("Open");
 365        }
 366        retval = write_ref_file(filename, lock_filename, fd, sha1);
 367        free(filename);
 368        free(lock_filename);
 369        return retval;
 370}