gitweb: No error messages with unescaped/unprotected user input
[gitweb.git] / builtin-apply.c
index 4056b9d67bc1c4e50563ceaa0ee68e94873a8e65..f8c6763c7464a01ea81fae0665a7aef50809d031 100644 (file)
@@ -8,19 +8,21 @@
  */
 #include <fnmatch.h>
 #include "cache.h"
+#include "cache-tree.h"
 #include "quote.h"
 #include "blob.h"
 #include "delta.h"
 #include "builtin.h"
 
-//  --check turns on checking that the working tree matches the
-//    files that are being modified, but doesn't apply the patch
-//  --stat does just a diffstat, and doesn't actually apply
-//  --numstat does numeric diffstat, and doesn't actually apply
-//  --index-info shows the old and new index info for paths if available.
-//  --index updates the cache as well.
-//  --cached updates only the cache without ever touching the working tree.
-//
+/*
+ *  --check turns on checking that the working tree matches the
+ *    files that are being modified, but doesn't apply the patch
+ *  --stat does just a diffstat, and doesn't actually apply
+ *  --numstat does numeric diffstat, and doesn't actually apply
+ *  --index-info shows the old and new index info for paths if available.
+ *  --index updates the cache as well.
+ *  --cached updates only the cache without ever touching the working tree.
+ */
 static const char *prefix;
 static int prefix_length = -1;
 static int newfd = -1;
@@ -118,12 +120,13 @@ struct fragment {
 struct patch {
        char *new_name, *old_name, *def_name;
        unsigned int old_mode, new_mode;
-       int is_rename, is_copy, is_new, is_delete, is_binary;
+       int is_rename, is_copy, is_new, is_delete, is_binary, is_reverse;
 #define BINARY_DELTA_DEFLATED 1
 #define BINARY_LITERAL_DEFLATED 2
        unsigned long deflate_origlen;
        int lines_added, lines_deleted;
        int score;
+       int inaccurate_eof:1;
        struct fragment *fragments;
        char *result;
        unsigned long resultsize;
@@ -147,7 +150,7 @@ static void *read_patch_file(int fd, unsigned long *sizep)
                        buffer = xrealloc(buffer, alloc);
                        nr = alloc - size;
                }
-               nr = xread(fd, buffer + size, nr);
+               nr = xread(fd, (char *) buffer + size, nr);
                if (!nr)
                        break;
                if (nr < 0)
@@ -163,7 +166,7 @@ static void *read_patch_file(int fd, unsigned long *sizep)
         */
        if (alloc < size + SLOP)
                buffer = xrealloc(buffer, size + SLOP);
-       memset(buffer + size, 0, SLOP);
+       memset((char *) buffer + size, 0, SLOP);
        return buffer;
 }
 
@@ -282,8 +285,8 @@ static void parse_traditional_patch(const char *first, const char *second, struc
 {
        char *name;
 
-       first += 4;     // skip "--- "
-       second += 4;    // skip "+++ "
+       first += 4;     /* skip "--- " */
+       second += 4;    /* skip "+++ " */
        if (is_dev_null(first)) {
                patch->is_new = 1;
                patch->is_delete = 0;
@@ -763,7 +766,7 @@ static int find_header(char *line, unsigned long size, int *hdrsize, struct patc
                        continue;
 
                /*
-                * Make sure we don't find any unconnected patch fragmants.
+                * Make sure we don't find any unconnected patch fragments.
                 * That's a sign that we didn't find a header, and that a
                 * patch has become corrupted/broken up.
                 */
@@ -988,7 +991,7 @@ static int parse_binary(char *buffer, unsigned long size, struct patch *patch)
         * so one line can fit up to 13 groups that would decode
         * to 52 bytes max.  The length byte 'A'-'Z' corresponds
         * to 1-26 bytes, and 'a'-'z' corresponds to 27-52 bytes.
-        * The end of binary is signalled with an empty line.
+        * The end of binary is signaled with an empty line.
         */
        int llen, used;
        struct fragment *fragment;
@@ -1116,6 +1119,34 @@ static int parse_chunk(char *buffer, unsigned long size, struct patch *patch)
        return offset + hdrsize + patchsize;
 }
 
+#define swap(a,b) myswap((a),(b),sizeof(a))
+
+#define myswap(a, b, size) do {                \
+       unsigned char mytmp[size];      \
+       memcpy(mytmp, &a, size);                \
+       memcpy(&a, &b, size);           \
+       memcpy(&b, mytmp, size);                \
+} while (0)
+
+static void reverse_patches(struct patch *p)
+{
+       for (; p; p = p->next) {
+               struct fragment *frag = p->fragments;
+
+               swap(p->new_name, p->old_name);
+               swap(p->new_mode, p->old_mode);
+               swap(p->is_new, p->is_delete);
+               swap(p->lines_added, p->lines_deleted);
+               swap(p->old_sha1_prefix, p->new_sha1_prefix);
+
+               for (; frag; frag = frag->next) {
+                       swap(frag->newpos, frag->oldpos);
+                       swap(frag->newlines, frag->oldlines);
+               }
+               p->is_reverse = !p->is_reverse;
+       }
+}
+
 static const char pluses[] = "++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++";
 static const char minuses[]= "----------------------------------------------------------------------";
 
@@ -1193,7 +1224,7 @@ static int read_old_data(struct stat *st, const char *path, void *buf, unsigned
                        return error("unable to open %s", path);
                got = 0;
                for (;;) {
-                       int ret = xread(fd, buf + got, size - got);
+                       int ret = xread(fd, (char *) buf + got, size - got);
                        if (ret <= 0)
                                break;
                        got += ret;
@@ -1332,8 +1363,10 @@ static int apply_line(char *output, const char *patch, int plen)
        return plen;
 }
 
-static int apply_one_fragment(struct buffer_desc *desc, struct fragment *frag)
+static int apply_one_fragment(struct buffer_desc *desc, struct fragment *frag,
+       int reverse, int inaccurate_eof)
 {
+       int match_beginning, match_end;
        char *buf = desc->buffer;
        const char *patch = frag->patch;
        int offset, size = frag->size;
@@ -1345,6 +1378,7 @@ static int apply_one_fragment(struct buffer_desc *desc, struct fragment *frag)
        int pos, lines;
 
        while (size > 0) {
+               char first;
                int len = linelen(patch, size);
                int plen;
 
@@ -1361,16 +1395,23 @@ static int apply_one_fragment(struct buffer_desc *desc, struct fragment *frag)
                plen = len-1;
                if (len < size && patch[len] == '\\')
                        plen--;
-               switch (*patch) {
+               first = *patch;
+               if (reverse) {
+                       if (first == '-')
+                               first = '+';
+                       else if (first == '+')
+                               first = '-';
+               }
+               switch (first) {
                case ' ':
                case '-':
                        memcpy(old + oldsize, patch + 1, plen);
                        oldsize += plen;
-                       if (*patch == '-')
+                       if (first == '-')
                                break;
                /* Fall-through for ' ' */
                case '+':
-                       if (*patch != '+' || !no_add)
+                       if (first != '+' || !no_add)
                                newsize += apply_line(new + newsize, patch,
                                                      plen);
                        break;
@@ -1384,22 +1425,32 @@ static int apply_one_fragment(struct buffer_desc *desc, struct fragment *frag)
                size -= len;
        }
 
-#ifdef NO_ACCURATE_DIFF
-       if (oldsize > 0 && old[oldsize - 1] == '\n' &&
+       if (inaccurate_eof && oldsize > 0 && old[oldsize - 1] == '\n' &&
                        newsize > 0 && new[newsize - 1] == '\n') {
                oldsize--;
                newsize--;
        }
-#endif
 
        oldlines = old;
        newlines = new;
        leading = frag->leading;
        trailing = frag->trailing;
+
+       /*
+        * If we don't have any leading/trailing data in the patch,
+        * we want it to match at the beginning/end of the file.
+        */
+       match_beginning = !leading && (frag->oldpos == 1);
+       match_end = !trailing;
+
        lines = 0;
        pos = frag->newpos;
        for (;;) {
                offset = find_offset(buf, desc->size, oldlines, oldsize, pos, &lines);
+               if (match_end && offset + oldsize != desc->size)
+                       offset = -1;
+               if (match_beginning && offset)
+                       offset = -1;
                if (offset >= 0) {
                        int diff = newsize - oldsize;
                        unsigned long size = desc->size + diff;
@@ -1429,6 +1480,10 @@ static int apply_one_fragment(struct buffer_desc *desc, struct fragment *frag)
                /* Am I at my context limits? */
                if ((leading <= p_context) && (trailing <= p_context))
                        break;
+               if (match_beginning || match_end) {
+                       match_beginning = match_end = 0;
+                       continue;
+               }
                /* Reduce the number of context lines
                 * Reduce both leading and trailing if they are equal
                 * otherwise just reduce the larger context.
@@ -1480,6 +1535,12 @@ static int apply_binary_fragment(struct buffer_desc *desc, struct patch *patch)
        void *data;
        void *result;
 
+       /* Binary patch is irreversible */
+       if (patch->is_reverse)
+               return error("cannot reverse-apply a binary patch to '%s'",
+                            patch->new_name
+                            ? patch->new_name : patch->old_name);
+
        data = inflate_it(fragment->patch, fragment->size,
                          patch->deflate_origlen);
        if (!data)
@@ -1596,7 +1657,8 @@ static int apply_fragments(struct buffer_desc *desc, struct patch *patch)
                return apply_binary(desc, patch);
 
        while (frag) {
-               if (apply_one_fragment(desc, frag) < 0)
+               if (apply_one_fragment(desc, frag, patch->is_reverse,
+                                       patch->inaccurate_eof) < 0)
                        return error("patch failed: %s:%ld",
                                     name, frag->oldpos);
                frag = frag->next;
@@ -1645,13 +1707,14 @@ static int apply_data(struct patch *patch, struct stat *st, struct cache_entry *
        return 0;
 }
 
-static int check_patch(struct patch *patch)
+static int check_patch(struct patch *patch, struct patch *prev_patch)
 {
        struct stat st;
        const char *old_name = patch->old_name;
        const char *new_name = patch->new_name;
        const char *name = old_name ? old_name : new_name;
        struct cache_entry *ce = NULL;
+       int ok_if_exists;
 
        if (old_name) {
                int changed = 0;
@@ -1709,13 +1772,33 @@ static int check_patch(struct patch *patch)
                                old_name, st_mode, patch->old_mode);
        }
 
+       if (new_name && prev_patch && prev_patch->is_delete &&
+           !strcmp(prev_patch->old_name, new_name))
+               /* A type-change diff is always split into a patch to
+                * delete old, immediately followed by a patch to
+                * create new (see diff.c::run_diff()); in such a case
+                * it is Ok that the entry to be deleted by the
+                * previous patch is still in the working tree and in
+                * the index.
+                */
+               ok_if_exists = 1;
+       else
+               ok_if_exists = 0;
+
        if (new_name && (patch->is_new | patch->is_rename | patch->is_copy)) {
-               if (check_index && cache_name_pos(new_name, strlen(new_name)) >= 0)
+               if (check_index &&
+                   cache_name_pos(new_name, strlen(new_name)) >= 0 &&
+                   !ok_if_exists)
                        return error("%s: already exists in index", new_name);
                if (!cached) {
-                       if (!lstat(new_name, &st))
-                               return error("%s: already exists in working directory", new_name);
-                       if (errno != ENOENT)
+                       struct stat nst;
+                       if (!lstat(new_name, &nst)) {
+                               if (S_ISDIR(nst.st_mode) || ok_if_exists)
+                                       ; /* ok */
+                               else
+                                       return error("%s: already exists in working directory", new_name);
+                       }
+                       else if ((errno != ENOENT) && (errno != ENOTDIR))
                                return error("%s: %s", new_name, strerror(errno));
                }
                if (!patch->new_mode) {
@@ -1743,10 +1826,13 @@ static int check_patch(struct patch *patch)
 
 static int check_patch_list(struct patch *patch)
 {
+       struct patch *prev_patch = NULL;
        int error = 0;
 
-       for (;patch ; patch = patch->next)
-               error |= check_patch(patch);
+       for (prev_patch = NULL; patch ; patch = patch->next) {
+               error |= check_patch(patch, prev_patch);
+               prev_patch = patch;
+       }
        return error;
 }
 
@@ -1918,6 +2004,7 @@ static void remove_file(struct patch *patch)
        if (write_index) {
                if (remove_file_from_cache(patch->old_name) < 0)
                        die("unable to remove %s from index", patch->old_name);
+               cache_tree_invalidate_path(active_cache_tree, patch->old_name);
        }
        if (!cached)
                unlink(patch->old_name);
@@ -1990,6 +2077,16 @@ static void create_one_file(char *path, unsigned mode, const char *buf, unsigned
                        return;
        }
 
+       if (errno == EEXIST || errno == EACCES) {
+               /* We may be trying to create a file where a directory
+                * used to be.
+                */
+               struct stat st;
+               errno = 0;
+               if (!lstat(path, &st) && S_ISDIR(st.st_mode) && !rmdir(path))
+                       errno = EEXIST;
+       }
+
        if (errno == EEXIST) {
                unsigned int nr = getpid();
 
@@ -2019,40 +2116,51 @@ static void create_file(struct patch *patch)
 
        if (!mode)
                mode = S_IFREG | 0644;
-       create_one_file(path, mode, buf, size); 
+       create_one_file(path, mode, buf, size);
        add_index_file(path, mode, buf, size);
+       cache_tree_invalidate_path(active_cache_tree, path);
 }
 
-static void write_out_one_result(struct patch *patch)
+/* phase zero is to remove, phase one is to create */
+static void write_out_one_result(struct patch *patch, int phase)
 {
        if (patch->is_delete > 0) {
-               remove_file(patch);
+               if (phase == 0)
+                       remove_file(patch);
                return;
        }
        if (patch->is_new > 0 || patch->is_copy) {
-               create_file(patch);
+               if (phase == 1)
+                       create_file(patch);
                return;
        }
        /*
         * Rename or modification boils down to the same
         * thing: remove the old, write the new
         */
-       remove_file(patch);
+       if (phase == 0)
+               remove_file(patch);
+       if (phase == 1)
        create_file(patch);
 }
 
 static void write_out_results(struct patch *list, int skipped_patch)
 {
+       int phase;
+
        if (!list && !skipped_patch)
                die("No changes");
 
-       while (list) {
-               write_out_one_result(list);
-               list = list->next;
+       for (phase = 0; phase < 2; phase++) {
+               struct patch *l = list;
+               while (l) {
+                       write_out_one_result(l, phase);
+                       l = l->next;
+               }
        }
 }
 
-static struct cache_file cache_file;
+static struct lock_file lock_file;
 
 static struct excludes {
        struct excludes *next;
@@ -2077,7 +2185,8 @@ static int use_patch(struct patch *p)
        return 1;
 }
 
-static int apply_patch(int fd, const char *filename)
+static int apply_patch(int fd, const char *filename,
+               int reverse, int inaccurate_eof)
 {
        unsigned long offset, size;
        char *buffer = read_patch_file(fd, &size);
@@ -2093,9 +2202,12 @@ static int apply_patch(int fd, const char *filename)
                int nr;
 
                patch = xcalloc(1, sizeof(*patch));
+               patch->inaccurate_eof = inaccurate_eof;
                nr = parse_chunk(buffer + offset, size, patch);
                if (nr < 0)
                        break;
+               if (reverse)
+                       reverse_patches(patch);
                if (use_patch(patch)) {
                        patch_stats(patch);
                        *listp = patch;
@@ -2113,8 +2225,12 @@ static int apply_patch(int fd, const char *filename)
                apply = 0;
 
        write_index = check_index && apply;
-       if (write_index && newfd < 0)
-               newfd = hold_index_file_for_update(&cache_file, get_index_file());
+       if (write_index && newfd < 0) {
+               newfd = hold_lock_file_for_update(&lock_file,
+                                                 get_index_file());
+               if (newfd < 0)
+                       die("unable to create new index file");
+       }
        if (check_index) {
                if (read_cache() < 0)
                        die("unable to read index file");
@@ -2152,10 +2268,13 @@ static int git_apply_config(const char *var, const char *value)
 }
 
 
-int cmd_apply(int argc, const char **argv, char **envp)
+int cmd_apply(int argc, const char **argv, const char *prefix)
 {
        int i;
        int read_stdin = 1;
+       int reverse = 0;
+       int inaccurate_eof = 0;
+
        const char *whitespace_option = NULL;
 
        for (i = 1; i < argc; i++) {
@@ -2164,7 +2283,7 @@ int cmd_apply(int argc, const char **argv, char **envp)
                int fd;
 
                if (!strcmp(arg, "-")) {
-                       apply_patch(0, "<stdin>");
+                       apply_patch(0, "<stdin>", reverse, inaccurate_eof);
                        read_stdin = 0;
                        continue;
                }
@@ -2241,6 +2360,14 @@ int cmd_apply(int argc, const char **argv, char **envp)
                        parse_whitespace_option(arg + 13);
                        continue;
                }
+               if (!strcmp(arg, "-R") || !strcmp(arg, "--reverse")) {
+                       reverse = 1;
+                       continue;
+               }
+               if (!strcmp(arg, "--inaccurate-eof")) {
+                       inaccurate_eof = 1;
+                       continue;
+               }
 
                if (check_index && prefix_length < 0) {
                        prefix = setup_git_directory();
@@ -2257,12 +2384,12 @@ int cmd_apply(int argc, const char **argv, char **envp)
                        usage(apply_usage);
                read_stdin = 0;
                set_default_whitespace_mode(whitespace_option);
-               apply_patch(fd, arg);
+               apply_patch(fd, arg, reverse, inaccurate_eof);
                close(fd);
        }
        set_default_whitespace_mode(whitespace_option);
        if (read_stdin)
-               apply_patch(0, "<stdin>");
+               apply_patch(0, "<stdin>", reverse, inaccurate_eof);
        if (whitespace_error) {
                if (squelch_whitespace_errors &&
                    squelch_whitespace_errors < whitespace_error) {
@@ -2292,8 +2419,8 @@ int cmd_apply(int argc, const char **argv, char **envp)
 
        if (write_index) {
                if (write_cache(newfd, active_cache, active_nr) ||
-                   commit_index_file(&cache_file))
-                       die("Unable to write new cachefile");
+                   close(newfd) || commit_lock_file(&lock_file))
+                       die("Unable to write new index file");
        }
 
        return 0;