Andrew's git / gitweb.git / vcs-svn/fast_export.c
?
vcs-svn / fast_export.con commit vcs-svn: guard against overflow when computing preimage length (abe27c0)
   1/*
   2 * Licensed under a two-clause BSD-style license.
   3 * See LICENSE for details.
   4 */
   5
   6#include "git-compat-util.h"
   7#include "strbuf.h"
   8#include "quote.h"
   9#include "fast_export.h"
  10#include "repo_tree.h"
  11#include "strbuf.h"
  12#include "svndiff.h"
  13#include "sliding_window.h"
  14#include "line_buffer.h"
  15
  16#define MAX_GITSVN_LINE_LEN 4096
  17#define REPORT_FILENO 3
  18
  19static uint32_t first_commit_done;
  20static struct line_buffer postimage = LINE_BUFFER_INIT;
  21static struct line_buffer report_buffer = LINE_BUFFER_INIT;
  22
  23/* NEEDSWORK: move to fast_export_init() */
  24static int init_postimage(void)
  25{
  26        static int postimage_initialized;
  27        if (postimage_initialized)
  28                return 0;
  29        postimage_initialized = 1;
  30        return buffer_tmpfile_init(&postimage);
  31}
  32
  33static int init_report_buffer(int fd)
  34{
  35        static int report_buffer_initialized;
  36        if (report_buffer_initialized)
  37                return 0;
  38        report_buffer_initialized = 1;
  39        return buffer_fdinit(&report_buffer, fd);
  40}
  41
  42void fast_export_init(int fd)
  43{
  44        if (buffer_fdinit(&report_buffer, fd))
  45                die_errno("cannot read from file descriptor %d", fd);
  46}
  47
  48void fast_export_deinit(void)
  49{
  50        if (buffer_deinit(&report_buffer))
  51                die_errno("error closing fast-import feedback stream");
  52}
  53
  54void fast_export_reset(void)
  55{
  56        buffer_reset(&report_buffer);
  57}
  58
  59void fast_export_delete(const char *path)
  60{
  61        putchar('D');
  62        putchar(' ');
  63        quote_c_style(path, NULL, stdout, 0);
  64        putchar('\n');
  65}
  66
  67static void fast_export_truncate(const char *path, uint32_t mode)
  68{
  69        fast_export_modify(path, mode, "inline");
  70        printf("data 0\n\n");
  71}
  72
  73void fast_export_modify(const char *path, uint32_t mode, const char *dataref)
  74{
  75        /* Mode must be 100644, 100755, 120000, or 160000. */
  76        if (!dataref) {
  77                fast_export_truncate(path, mode);
  78                return;
  79        }
  80        printf("M %06"PRIo32" %s ", mode, dataref);
  81        quote_c_style(path, NULL, stdout, 0);
  82        putchar('\n');
  83}
  84
  85static char gitsvnline[MAX_GITSVN_LINE_LEN];
  86void fast_export_begin_commit(uint32_t revision, const char *author,
  87                        const struct strbuf *log,
  88                        const char *uuid, const char *url,
  89                        unsigned long timestamp)
  90{
  91        static const struct strbuf empty = STRBUF_INIT;
  92        if (!log)
  93                log = ∅
  94        if (*uuid && *url) {
  95                snprintf(gitsvnline, MAX_GITSVN_LINE_LEN,
  96                                "\n\ngit-svn-id: %s@%"PRIu32" %s\n",
  97                                 url, revision, uuid);
  98        } else {
  99                *gitsvnline = '\0';
 100        }
 101        printf("commit refs/heads/master\n");
 102        printf("mark :%"PRIu32"\n", revision);
 103        printf("committer %s <%s@%s> %ld +0000\n",
 104                   *author ? author : "nobody",
 105                   *author ? author : "nobody",
 106                   *uuid ? uuid : "local", timestamp);
 107        printf("data %"PRIuMAX"\n",
 108                (uintmax_t) (log->len + strlen(gitsvnline)));
 109        fwrite(log->buf, log->len, 1, stdout);
 110        printf("%s\n", gitsvnline);
 111        if (!first_commit_done) {
 112                if (revision > 1)
 113                        printf("from :%"PRIu32"\n", revision - 1);
 114                first_commit_done = 1;
 115        }
 116}
 117
 118void fast_export_end_commit(uint32_t revision)
 119{
 120        printf("progress Imported commit %"PRIu32".\n\n", revision);
 121}
 122
 123static void ls_from_rev(uint32_t rev, const char *path)
 124{
 125        /* ls :5 path/to/old/file */
 126        printf("ls :%"PRIu32" ", rev);
 127        quote_c_style(path, NULL, stdout, 0);
 128        putchar('\n');
 129        fflush(stdout);
 130}
 131
 132static void ls_from_active_commit(const char *path)
 133{
 134        /* ls "path/to/file" */
 135        printf("ls \"");
 136        quote_c_style(path, NULL, stdout, 1);
 137        printf("\"\n");
 138        fflush(stdout);
 139}
 140
 141static const char *get_response_line(void)
 142{
 143        const char *line = buffer_read_line(&report_buffer);
 144        if (line)
 145                return line;
 146        if (buffer_ferror(&report_buffer))
 147                die_errno("error reading from fast-import");
 148        die("unexpected end of fast-import feedback");
 149}
 150
 151static void die_short_read(struct line_buffer *input)
 152{
 153        if (buffer_ferror(input))
 154                die_errno("error reading dump file");
 155        die("invalid dump: unexpected end of file");
 156}
 157
 158static int ends_with(const char *s, size_t len, const char *suffix)
 159{
 160        const size_t suffixlen = strlen(suffix);
 161        if (len < suffixlen)
 162                return 0;
 163        return !memcmp(s + len - suffixlen, suffix, suffixlen);
 164}
 165
 166static int parse_cat_response_line(const char *header, off_t *len)
 167{
 168        size_t headerlen = strlen(header);
 169        uintmax_t n;
 170        const char *type;
 171        const char *end;
 172
 173        if (ends_with(header, headerlen, " missing"))
 174                return error("cat-blob reports missing blob: %s", header);
 175        type = memmem(header, headerlen, " blob ", strlen(" blob "));
 176        if (!type)
 177                return error("cat-blob header has wrong object type: %s", header);
 178        n = strtoumax(type + strlen(" blob "), (char **) &end, 10);
 179        if (end == type + strlen(" blob "))
 180                return error("cat-blob header does not contain length: %s", header);
 181        if (memchr(type + strlen(" blob "), '-', end - type - strlen(" blob ")))
 182                return error("cat-blob header contains negative length: %s", header);
 183        if (n == UINTMAX_MAX || n > maximum_signed_value_of_type(off_t))
 184                return error("blob too large for current definition of off_t");
 185        *len = n;
 186        if (*end)
 187                return error("cat-blob header contains garbage after length: %s", header);
 188        return 0;
 189}
 190
 191static void check_preimage_overflow(off_t a, off_t b)
 192{
 193        if (signed_add_overflows(a, b))
 194                die("blob too large for current definition of off_t");
 195}
 196
 197static long apply_delta(off_t len, struct line_buffer *input,
 198                        const char *old_data, uint32_t old_mode)
 199{
 200        long ret;
 201        off_t preimage_len = 0;
 202        struct sliding_view preimage = SLIDING_VIEW_INIT(&report_buffer, -1);
 203        FILE *out;
 204
 205        if (init_postimage() || !(out = buffer_tmpfile_rewind(&postimage)))
 206                die("cannot open temporary file for blob retrieval");
 207        if (init_report_buffer(REPORT_FILENO))
 208                die("cannot open fd 3 for feedback from fast-import");
 209        if (old_data) {
 210                const char *response;
 211                printf("cat-blob %s\n", old_data);
 212                fflush(stdout);
 213                response = get_response_line();
 214                if (parse_cat_response_line(response, &preimage_len))
 215                        die("invalid cat-blob response: %s", response);
 216        }
 217        if (old_mode == REPO_MODE_LNK) {
 218                strbuf_addstr(&preimage.buf, "link ");
 219                check_preimage_overflow(preimage_len, strlen("link "));
 220                preimage_len += strlen("link ");
 221        }
 222        if (svndiff0_apply(input, len, &preimage, out))
 223                die("cannot apply delta");
 224        if (old_data) {
 225                /* Read the remainder of preimage and trailing newline. */
 226                if (move_window(&preimage, preimage_len, 1))
 227                        die("cannot seek to end of input");
 228                if (preimage.buf.buf[0] != '\n')
 229                        die("missing newline after cat-blob response");
 230        }
 231        ret = buffer_tmpfile_prepare_to_read(&postimage);
 232        if (ret < 0)
 233                die("cannot read temporary file for blob retrieval");
 234        strbuf_release(&preimage.buf);
 235        return ret;
 236}
 237
 238void fast_export_data(uint32_t mode, uint32_t len, struct line_buffer *input)
 239{
 240        if (mode == REPO_MODE_LNK) {
 241                /* svn symlink blobs start with "link " */
 242                len -= 5;
 243                if (buffer_skip_bytes(input, 5) != 5)
 244                        die_short_read(input);
 245        }
 246        printf("data %"PRIu32"\n", len);
 247        if (buffer_copy_bytes(input, len) != len)
 248                die_short_read(input);
 249        fputc('\n', stdout);
 250}
 251
 252static int parse_ls_response(const char *response, uint32_t *mode,
 253                                        struct strbuf *dataref)
 254{
 255        const char *tab;
 256        const char *response_end;
 257
 258        assert(response);
 259        response_end = response + strlen(response);
 260
 261        if (*response == 'm') { /* Missing. */
 262                errno = ENOENT;
 263                return -1;
 264        }
 265
 266        /* Mode. */
 267        if (response_end - response < strlen("100644") ||
 268            response[strlen("100644")] != ' ')
 269                die("invalid ls response: missing mode: %s", response);
 270        *mode = 0;
 271        for (; *response != ' '; response++) {
 272                char ch = *response;
 273                if (ch < '0' || ch > '7')
 274                        die("invalid ls response: mode is not octal: %s", response);
 275                *mode *= 8;
 276                *mode += ch - '0';
 277        }
 278
 279        /* ' blob ' or ' tree ' */
 280        if (response_end - response < strlen(" blob ") ||
 281            (response[1] != 'b' && response[1] != 't'))
 282                die("unexpected ls response: not a tree or blob: %s", response);
 283        response += strlen(" blob ");
 284
 285        /* Dataref. */
 286        tab = memchr(response, '\t', response_end - response);
 287        if (!tab)
 288                die("invalid ls response: missing tab: %s", response);
 289        strbuf_add(dataref, response, tab - response);
 290        return 0;
 291}
 292
 293int fast_export_ls_rev(uint32_t rev, const char *path,
 294                                uint32_t *mode, struct strbuf *dataref)
 295{
 296        ls_from_rev(rev, path);
 297        return parse_ls_response(get_response_line(), mode, dataref);
 298}
 299
 300int fast_export_ls(const char *path, uint32_t *mode, struct strbuf *dataref)
 301{
 302        ls_from_active_commit(path);
 303        return parse_ls_response(get_response_line(), mode, dataref);
 304}
 305
 306void fast_export_blob_delta(uint32_t mode,
 307                                uint32_t old_mode, const char *old_data,
 308                                uint32_t len, struct line_buffer *input)
 309{
 310        long postimage_len;
 311        if (len > maximum_signed_value_of_type(off_t))
 312                die("enormous delta");
 313        postimage_len = apply_delta((off_t) len, input, old_data, old_mode);
 314        if (mode == REPO_MODE_LNK) {
 315                buffer_skip_bytes(&postimage, strlen("link "));
 316                postimage_len -= strlen("link ");
 317        }
 318        printf("data %ld\n", postimage_len);
 319        buffer_copy_bytes(&postimage, postimage_len);
 320        fputc('\n', stdout);
 321}