upload-pack: tighten request validation.
[gitweb.git] / upload-pack.c
index c3abf7ba659b9f4957740486b8bb7aca5b1c8471..07c150595efef02d8b5d115a55e261c31f73cebb 100644 (file)
@@ -3,14 +3,14 @@
 #include "pkt-line.h"
 #include "tag.h"
 #include "object.h"
-#include "commit.h"
 
 static const char upload_pack_usage[] = "git-upload-pack [--strict] [--timeout=nn] <dir>";
 
-#define THEY_HAVE (1U << 0)
+#define OUR_REF (1U << 1)
+#define WANTED (1U << 2)
 #define MAX_HAS 256
 #define MAX_NEEDS 256
-static int nr_has = 0, nr_needs = 0, multi_ack = 0;
+static int nr_has = 0, nr_needs = 0, nr_our_refs = 0;
 static unsigned char has_sha1[MAX_HAS][20];
 static unsigned char needs_sha1[MAX_NEEDS][20];
 static unsigned int timeout = 0;
@@ -31,6 +31,7 @@ static void create_pack_file(void)
 {
        int fd[2];
        pid_t pid;
+       int create_full_pack = (nr_our_refs == nr_needs && !nr_has);
 
        if (pipe(fd) < 0)
                die("git-upload-pack: unable to create pipe");
@@ -45,8 +46,8 @@ static void create_pack_file(void)
                char *buf;
                char **p;
 
-               if (MAX_NEEDS <= nr_needs)
-                       args = nr_has + 10;
+               if (create_full_pack)
+                       args = 10;
                else
                        args = nr_has + nr_needs + 5;
                argv = xmalloc(args * sizeof(char *));
@@ -87,25 +88,15 @@ static void create_pack_file(void)
 
 static int got_sha1(char *hex, unsigned char *sha1)
 {
+       int nr;
        if (get_sha1_hex(hex, sha1))
                die("git-upload-pack: expected SHA1 object, got '%s'", hex);
        if (!has_sha1_file(sha1))
                return 0;
-       if (nr_has < MAX_HAS) {
-               struct object *o = lookup_object(sha1);
-               if (!o || (!o->parsed && !parse_object(sha1)))
-                       die("oops (%s)", sha1_to_hex(sha1));
-               if (o->type == commit_type) {
-                       struct commit_list *parents;
-                       if (o->flags & THEY_HAVE)
-                               return 0;
-                       o->flags |= THEY_HAVE;
-                       for (parents = ((struct commit*)o)->parents;
-                            parents;
-                            parents = parents->next)
-                               parents->item->object.flags |= THEY_HAVE;
-               }
-               memcpy(has_sha1[nr_has++], sha1, 20);
+       nr = nr_has;
+       if (nr < MAX_HAS) {
+               memcpy(has_sha1[nr], sha1, 20);
+               nr_has = nr+1;
        }
        return 1;
 }
@@ -116,36 +107,44 @@ static int get_common_commits(void)
        unsigned char sha1[20];
        int len;
 
-       track_object_refs = 0;
-       save_commit_buffer = 0;
-
        for(;;) {
                len = packet_read_line(0, line, sizeof(line));
                reset_timeout();
 
                if (!len) {
-                       if (multi_ack || nr_has == 0)
-                               packet_write(1, "NAK\n");
+                       packet_write(1, "NAK\n");
                        continue;
                }
                len = strip(line, len);
                if (!strncmp(line, "have ", 5)) {
-                       if (got_sha1(line+5, sha1) &&
-                                       (multi_ack || nr_has == 1))
-                               packet_write(1, "ACK %s%s\n",
-                                       sha1_to_hex(sha1),
-                                       multi_ack && nr_has < MAX_HAS ?
-                                       " continue" : "");
+                       if (got_sha1(line+5, sha1)) {
+                               packet_write(1, "ACK %s\n", sha1_to_hex(sha1));
+                               break;
+                       }
                        continue;
                }
                if (!strcmp(line, "done")) {
-                       if (nr_has > 0)
-                               return 0;
                        packet_write(1, "NAK\n");
                        return -1;
                }
                die("git-upload-pack: expected SHA1 list, got '%s'", line);
        }
+
+       for (;;) {
+               len = packet_read_line(0, line, sizeof(line));
+               reset_timeout();
+               if (!len)
+                       continue;
+               len = strip(line, len);
+               if (!strncmp(line, "have ", 5)) {
+                       got_sha1(line+5, sha1);
+                       continue;
+               }
+               if (!strcmp(line, "done"))
+                       break;
+               die("git-upload-pack: expected SHA1 list, got '%s'", line);
+       }
+       return 0;
 }
 
 static int receive_needs(void)
@@ -155,6 +154,7 @@ static int receive_needs(void)
 
        needs = 0;
        for (;;) {
+               struct object *o;
                unsigned char dummy[20], *sha1_buf;
                len = packet_read_line(0, line, sizeof(line));
                reset_timeout();
@@ -175,10 +175,21 @@ static int receive_needs(void)
                        die("git-upload-pack: protocol error, "
                            "expected to get sha, not '%s'", line);
 
-               if (strstr(line+45, "multi_ack"))
-                       multi_ack = 1;
-
-               needs++;
+               /* We have sent all our refs already, and the other end
+                * should have chosen out of them; otherwise they are
+                * asking for nonsense.
+                *
+                * Hmph.  We may later want to allow "want" line that
+                * asks for something like "master~10" (symbolic)...
+                * would it make sense?  I don't know.
+                */
+               o = lookup_object(sha1_buf);
+               if (!o || !(o->flags & OUR_REF))
+                       die("git-upload-pack: not our ref %s", line+5);
+               if (!(o->flags & WANTED)) {
+                       o->flags |= WANTED;
+                       needs++;
+               }
        }
 }
 
@@ -187,6 +198,10 @@ static int send_ref(const char *refname, const unsigned char *sha1)
        struct object *o = parse_object(sha1);
 
        packet_write(1, "%s %s\n", sha1_to_hex(sha1), refname);
+       if (!(o->flags & OUR_REF)) {
+               o->flags |= OUR_REF;
+               nr_our_refs++;
+       }
        if (o->type == tag_type) {
                o = deref_tag(o);
                packet_write(1, "%s %s^{}\n", sha1_to_hex(o->sha1), refname);