upload-pack: tighten request validation.
[gitweb.git] / upload-pack.c
index 21b4b8b7575dd3ceb2fdf40b5aa4b7483168ec1e..07c150595efef02d8b5d115a55e261c31f73cebb 100644 (file)
@@ -4,13 +4,21 @@
 #include "tag.h"
 #include "object.h"
 
-static const char upload_pack_usage[] = "git-upload-pack <dir>";
+static const char upload_pack_usage[] = "git-upload-pack [--strict] [--timeout=nn] <dir>";
 
-#define MAX_HAS (16)
-#define MAX_NEEDS (256)
-static int nr_has = 0, nr_needs = 0;
+#define OUR_REF (1U << 1)
+#define WANTED (1U << 2)
+#define MAX_HAS 256
+#define MAX_NEEDS 256
+static int nr_has = 0, nr_needs = 0, nr_our_refs = 0;
 static unsigned char has_sha1[MAX_HAS][20];
 static unsigned char needs_sha1[MAX_NEEDS][20];
+static unsigned int timeout = 0;
+
+static void reset_timeout(void)
+{
+       alarm(timeout);
+}
 
 static int strip(char *line, int len)
 {
@@ -23,6 +31,7 @@ static void create_pack_file(void)
 {
        int fd[2];
        pid_t pid;
+       int create_full_pack = (nr_our_refs == nr_needs && !nr_has);
 
        if (pipe(fd) < 0)
                die("git-upload-pack: unable to create pipe");
@@ -37,8 +46,8 @@ static void create_pack_file(void)
                char *buf;
                char **p;
 
-               if (MAX_NEEDS <= nr_needs)
-                       args = nr_has + 10;
+               if (create_full_pack)
+                       args = 10;
                else
                        args = nr_has + nr_needs + 5;
                argv = xmalloc(args * sizeof(char *));
@@ -100,6 +109,7 @@ static int get_common_commits(void)
 
        for(;;) {
                len = packet_read_line(0, line, sizeof(line));
+               reset_timeout();
 
                if (!len) {
                        packet_write(1, "NAK\n");
@@ -122,6 +132,7 @@ static int get_common_commits(void)
 
        for (;;) {
                len = packet_read_line(0, line, sizeof(line));
+               reset_timeout();
                if (!len)
                        continue;
                len = strip(line, len);
@@ -143,8 +154,10 @@ static int receive_needs(void)
 
        needs = 0;
        for (;;) {
+               struct object *o;
                unsigned char dummy[20], *sha1_buf;
                len = packet_read_line(0, line, sizeof(line));
+               reset_timeout();
                if (!len)
                        return needs;
 
@@ -161,7 +174,22 @@ static int receive_needs(void)
                if (strncmp("want ", line, 5) || get_sha1_hex(line+5, sha1_buf))
                        die("git-upload-pack: protocol error, "
                            "expected to get sha, not '%s'", line);
-               needs++;
+
+               /* We have sent all our refs already, and the other end
+                * should have chosen out of them; otherwise they are
+                * asking for nonsense.
+                *
+                * Hmph.  We may later want to allow "want" line that
+                * asks for something like "master~10" (symbolic)...
+                * would it make sense?  I don't know.
+                */
+               o = lookup_object(sha1_buf);
+               if (!o || !(o->flags & OUR_REF))
+                       die("git-upload-pack: not our ref %s", line+5);
+               if (!(o->flags & WANTED)) {
+                       o->flags |= WANTED;
+                       needs++;
+               }
        }
 }
 
@@ -170,6 +198,10 @@ static int send_ref(const char *refname, const unsigned char *sha1)
        struct object *o = parse_object(sha1);
 
        packet_write(1, "%s %s\n", sha1_to_hex(sha1), refname);
+       if (!(o->flags & OUR_REF)) {
+               o->flags |= OUR_REF;
+               nr_our_refs++;
+       }
        if (o->type == tag_type) {
                o = deref_tag(o);
                packet_write(1, "%s %s^{}\n", sha1_to_hex(o->sha1), refname);
@@ -179,6 +211,7 @@ static int send_ref(const char *refname, const unsigned char *sha1)
 
 static int upload_pack(void)
 {
+       reset_timeout();
        head_ref(send_ref);
        for_each_ref(send_ref);
        packet_flush(1);
@@ -193,18 +226,43 @@ static int upload_pack(void)
 int main(int argc, char **argv)
 {
        const char *dir;
-       if (argc != 2)
+       int i;
+       int strict = 0;
+
+       for (i = 1; i < argc; i++) {
+               char *arg = argv[i];
+
+               if (arg[0] != '-')
+                       break;
+               if (!strcmp(arg, "--strict")) {
+                       strict = 1;
+                       continue;
+               }
+               if (!strncmp(arg, "--timeout=", 10)) {
+                       timeout = atoi(arg+10);
+                       continue;
+               }
+               if (!strcmp(arg, "--")) {
+                       i++;
+                       break;
+               }
+       }
+       
+       if (i != argc-1)
                usage(upload_pack_usage);
-       dir = argv[1];
+       dir = argv[i];
 
        /* chdir to the directory. If that fails, try appending ".git" */
        if (chdir(dir) < 0) {
-               if (chdir(mkpath("%s.git", dir)) < 0)
+               if (strict || chdir(mkpath("%s.git", dir)) < 0)
                        die("git-upload-pack unable to chdir to %s", dir);
        }
-       chdir(".git");
+       if (!strict)
+               chdir(".git");
+
        if (access("objects", X_OK) || access("refs", X_OK))
                die("git-upload-pack: %s doesn't seem to be a git archive", dir);
+
        putenv("GIT_DIR=.");
        upload_pack();
        return 0;