builtin-commit-tree.con commit ssh-upload: prevent buffer overrun (d677db8)
   1/*
   2 * GIT - The information manager from hell
   3 *
   4 * Copyright (C) Linus Torvalds, 2005
   5 */
   6#include "cache.h"
   7#include "commit.h"
   8#include "tree.h"
   9#include "builtin.h"
  10#include "utf8.h"
  11
  12#define BLOCKING (1ul << 14)
  13
  14/*
  15 * FIXME! Share the code with "write-tree.c"
  16 */
  17static void init_buffer(char **bufp, unsigned int *sizep)
  18{
  19        char *buf = xmalloc(BLOCKING);
  20        *sizep = 0;
  21        *bufp = buf;
  22}
  23
  24static void add_buffer(char **bufp, unsigned int *sizep, const char *fmt, ...)
  25{
  26        char one_line[2048];
  27        va_list args;
  28        int len;
  29        unsigned long alloc, size, newsize;
  30        char *buf;
  31
  32        va_start(args, fmt);
  33        len = vsnprintf(one_line, sizeof(one_line), fmt, args);
  34        va_end(args);
  35        size = *sizep;
  36        newsize = size + len + 1;
  37        alloc = (size + 32767) & ~32767;
  38        buf = *bufp;
  39        if (newsize > alloc) {
  40                alloc = (newsize + 32767) & ~32767;
  41                buf = xrealloc(buf, alloc);
  42                *bufp = buf;
  43        }
  44        *sizep = newsize - 1;
  45        memcpy(buf + size, one_line, len);
  46}
  47
  48static void check_valid(unsigned char *sha1, const char *expect)
  49{
  50        char type[20];
  51
  52        if (sha1_object_info(sha1, type, NULL))
  53                die("%s is not a valid object", sha1_to_hex(sha1));
  54        if (expect && strcmp(type, expect))
  55                die("%s is not a valid '%s' object", sha1_to_hex(sha1),
  56                    expect);
  57}
  58
  59/*
  60 * Having more than two parents is not strange at all, and this is
  61 * how multi-way merges are represented.
  62 */
  63#define MAXPARENT (16)
  64static unsigned char parent_sha1[MAXPARENT][20];
  65
  66static const char commit_tree_usage[] = "git-commit-tree <sha1> [-p <sha1>]* < changelog";
  67
  68static int new_parent(int idx)
  69{
  70        int i;
  71        unsigned char *sha1 = parent_sha1[idx];
  72        for (i = 0; i < idx; i++) {
  73                if (!hashcmp(parent_sha1[i], sha1)) {
  74                        error("duplicate parent %s ignored", sha1_to_hex(sha1));
  75                        return 0;
  76                }
  77        }
  78        return 1;
  79}
  80
  81static const char commit_utf8_warn[] =
  82"Warning: commit message does not conform to UTF-8.\n"
  83"You may want to amend it after fixing the message, or set the config\n"
  84"variable i18n.commitencoding to the encoding your project uses.\n";
  85
  86int cmd_commit_tree(int argc, const char **argv, const char *prefix)
  87{
  88        int i;
  89        int parents = 0;
  90        unsigned char tree_sha1[20];
  91        unsigned char commit_sha1[20];
  92        char comment[1000];
  93        char *buffer;
  94        unsigned int size;
  95        int encoding_is_utf8;
  96
  97        setup_ident();
  98        git_config(git_default_config);
  99
 100        if (argc < 2)
 101                usage(commit_tree_usage);
 102        if (get_sha1(argv[1], tree_sha1))
 103                die("Not a valid object name %s", argv[1]);
 104
 105        check_valid(tree_sha1, tree_type);
 106        for (i = 2; i < argc; i += 2) {
 107                const char *a, *b;
 108                a = argv[i]; b = argv[i+1];
 109                if (!b || strcmp(a, "-p"))
 110                        usage(commit_tree_usage);
 111
 112                if (parents >= MAXPARENT)
 113                        die("Too many parents (%d max)", MAXPARENT);
 114                if (get_sha1(b, parent_sha1[parents]))
 115                        die("Not a valid object name %s", b);
 116                check_valid(parent_sha1[parents], commit_type);
 117                if (new_parent(parents))
 118                        parents++;
 119        }
 120
 121        /* Not having i18n.commitencoding is the same as having utf-8 */
 122        encoding_is_utf8 = is_encoding_utf8(git_commit_encoding);
 123
 124        init_buffer(&buffer, &size);
 125        add_buffer(&buffer, &size, "tree %s\n", sha1_to_hex(tree_sha1));
 126
 127        /*
 128         * NOTE! This ordering means that the same exact tree merged with a
 129         * different order of parents will be a _different_ changeset even
 130         * if everything else stays the same.
 131         */
 132        for (i = 0; i < parents; i++)
 133                add_buffer(&buffer, &size, "parent %s\n", sha1_to_hex(parent_sha1[i]));
 134
 135        /* Person/date information */
 136        add_buffer(&buffer, &size, "author %s\n", git_author_info(1));
 137        add_buffer(&buffer, &size, "committer %s\n", git_committer_info(1));
 138        if (!encoding_is_utf8)
 139                add_buffer(&buffer, &size,
 140                                "encoding %s\n", git_commit_encoding);
 141        add_buffer(&buffer, &size, "\n");
 142
 143        /* And add the comment */
 144        while (fgets(comment, sizeof(comment), stdin) != NULL)
 145                add_buffer(&buffer, &size, "%s", comment);
 146
 147        /* And check the encoding */
 148        buffer[size] = '\0';
 149        if (encoding_is_utf8 && !is_utf8(buffer))
 150                fprintf(stderr, commit_utf8_warn);
 151
 152        if (!write_sha1_file(buffer, size, commit_type, commit_sha1)) {
 153                printf("%s\n", sha1_to_hex(commit_sha1));
 154                return 0;
 155        }
 156        else
 157                return 1;
 158}