upload-pack: tighten request validation.
[gitweb.git] / upload-pack.c
index d35c0685ce2269cec48d19fbf6b0499374a34b7e..07c150595efef02d8b5d115a55e261c31f73cebb 100644 (file)
@@ -1,14 +1,24 @@
 #include "cache.h"
 #include "refs.h"
 #include "pkt-line.h"
+#include "tag.h"
+#include "object.h"
 
-static const char upload_pack_usage[] = "git-upload-pack <dir>";
+static const char upload_pack_usage[] = "git-upload-pack [--strict] [--timeout=nn] <dir>";
 
-#define MAX_HAS (16)
-#define MAX_NEEDS (16)
-static int nr_has = 0, nr_needs = 0;
+#define OUR_REF (1U << 1)
+#define WANTED (1U << 2)
+#define MAX_HAS 256
+#define MAX_NEEDS 256
+static int nr_has = 0, nr_needs = 0, nr_our_refs = 0;
 static unsigned char has_sha1[MAX_HAS][20];
 static unsigned char needs_sha1[MAX_NEEDS][20];
+static unsigned int timeout = 0;
+
+static void reset_timeout(void)
+{
+       alarm(timeout);
+}
 
 static int strip(char *line, int len)
 {
@@ -21,6 +31,7 @@ static void create_pack_file(void)
 {
        int fd[2];
        pid_t pid;
+       int create_full_pack = (nr_our_refs == nr_needs && !nr_has);
 
        if (pipe(fd) < 0)
                die("git-upload-pack: unable to create pipe");
@@ -30,10 +41,18 @@ static void create_pack_file(void)
 
        if (!pid) {
                int i;
-               int args = nr_has + nr_needs + 5;
-               char **argv = xmalloc(args * sizeof(char *));
-               char *buf = xmalloc(args * 45);
-               char **p = argv;
+               int args;
+               char **argv;
+               char *buf;
+               char **p;
+
+               if (create_full_pack)
+                       args = 10;
+               else
+                       args = nr_has + nr_needs + 5;
+               argv = xmalloc(args * sizeof(char *));
+               buf = xmalloc(args * 45);
+               p = argv;
 
                dup2(fd[1], 1);
                close(0);
@@ -41,10 +60,14 @@ static void create_pack_file(void)
                close(fd[1]);
                *p++ = "git-rev-list";
                *p++ = "--objects";
-               for (i = 0; i < nr_needs; i++) {
-                       *p++ = buf;
-                       memcpy(buf, sha1_to_hex(needs_sha1[i]), 41);
-                       buf += 41;
+               if (MAX_NEEDS <= nr_needs)
+                       *p++ = "--all";
+               else {
+                       for (i = 0; i < nr_needs; i++) {
+                               *p++ = buf;
+                               memcpy(buf, sha1_to_hex(needs_sha1[i]), 41);
+                               buf += 41;
+                       }
                }
                for (i = 0; i < nr_has; i++) {
                        *p++ = buf;
@@ -86,6 +109,7 @@ static int get_common_commits(void)
 
        for(;;) {
                len = packet_read_line(0, line, sizeof(line));
+               reset_timeout();
 
                if (!len) {
                        packet_write(1, "NAK\n");
@@ -108,6 +132,7 @@ static int get_common_commits(void)
 
        for (;;) {
                len = packet_read_line(0, line, sizeof(line));
+               reset_timeout();
                if (!len)
                        continue;
                len = strip(line, len);
@@ -129,30 +154,65 @@ static int receive_needs(void)
 
        needs = 0;
        for (;;) {
+               struct object *o;
+               unsigned char dummy[20], *sha1_buf;
                len = packet_read_line(0, line, sizeof(line));
+               reset_timeout();
                if (!len)
                        return needs;
 
-               /*
-                * This is purely theoretical right now: git-fetch-pack only
-                * ever asks for a single HEAD
+               sha1_buf = dummy;
+               if (needs == MAX_NEEDS) {
+                       fprintf(stderr,
+                               "warning: supporting only a max of %d requests. "
+                               "sending everything instead.\n",
+                               MAX_NEEDS);
+               }
+               else if (needs < MAX_NEEDS)
+                       sha1_buf = needs_sha1[needs];
+
+               if (strncmp("want ", line, 5) || get_sha1_hex(line+5, sha1_buf))
+                       die("git-upload-pack: protocol error, "
+                           "expected to get sha, not '%s'", line);
+
+               /* We have sent all our refs already, and the other end
+                * should have chosen out of them; otherwise they are
+                * asking for nonsense.
+                *
+                * Hmph.  We may later want to allow "want" line that
+                * asks for something like "master~10" (symbolic)...
+                * would it make sense?  I don't know.
                 */
-               if (needs >= MAX_NEEDS)
-                       die("I'm only doing a max of %d requests", MAX_NEEDS);
-               if (strncmp("want ", line, 5) || get_sha1_hex(line+5, needs_sha1[needs]))
-                       die("git-upload-pack: protocol error, expected to get sha, not '%s'", line);
-               needs++;
+               o = lookup_object(sha1_buf);
+               if (!o || !(o->flags & OUR_REF))
+                       die("git-upload-pack: not our ref %s", line+5);
+               if (!(o->flags & WANTED)) {
+                       o->flags |= WANTED;
+                       needs++;
+               }
        }
 }
 
 static int send_ref(const char *refname, const unsigned char *sha1)
 {
+       struct object *o = parse_object(sha1);
+
        packet_write(1, "%s %s\n", sha1_to_hex(sha1), refname);
+       if (!(o->flags & OUR_REF)) {
+               o->flags |= OUR_REF;
+               nr_our_refs++;
+       }
+       if (o->type == tag_type) {
+               o = deref_tag(o);
+               packet_write(1, "%s %s^{}\n", sha1_to_hex(o->sha1), refname);
+       }
        return 0;
 }
 
 static int upload_pack(void)
 {
+       reset_timeout();
+       head_ref(send_ref);
        for_each_ref(send_ref);
        packet_flush(1);
        nr_needs = receive_needs();
@@ -166,15 +226,44 @@ static int upload_pack(void)
 int main(int argc, char **argv)
 {
        const char *dir;
-       if (argc != 2)
+       int i;
+       int strict = 0;
+
+       for (i = 1; i < argc; i++) {
+               char *arg = argv[i];
+
+               if (arg[0] != '-')
+                       break;
+               if (!strcmp(arg, "--strict")) {
+                       strict = 1;
+                       continue;
+               }
+               if (!strncmp(arg, "--timeout=", 10)) {
+                       timeout = atoi(arg+10);
+                       continue;
+               }
+               if (!strcmp(arg, "--")) {
+                       i++;
+                       break;
+               }
+       }
+       
+       if (i != argc-1)
                usage(upload_pack_usage);
-       dir = argv[1];
-       if (chdir(dir))
-               die("git-upload-pack unable to chdir to %s", dir);
-       chdir(".git");
+       dir = argv[i];
+
+       /* chdir to the directory. If that fails, try appending ".git" */
+       if (chdir(dir) < 0) {
+               if (strict || chdir(mkpath("%s.git", dir)) < 0)
+                       die("git-upload-pack unable to chdir to %s", dir);
+       }
+       if (!strict)
+               chdir(".git");
+
        if (access("objects", X_OK) || access("refs", X_OK))
                die("git-upload-pack: %s doesn't seem to be a git archive", dir);
-       setenv("GIT_DIR", ".", 1);
+
+       putenv("GIT_DIR=.");
        upload_pack();
        return 0;
 }