}
/*
- * Check if a refname is safe.
- * For refs that start with "refs/" we consider it safe as long they do
- * not try to resolve to outside of refs/.
+ * Return true iff refname is minimally safe. "Safe" here means that
+ * deleting a loose reference by this name will not do any damage, for
+ * example by causing a file that is not a reference to be deleted.
+ * This function does not check that the reference name is legal; for
+ * that, use check_refname_format().
*
- * For all other refs we only consider them safe iff they only contain
- * upper case characters and '_' (like "HEAD" AND "MERGE_HEAD", and not like
- * "config").
+ * We consider a refname that starts with "refs/" to be safe as long
+ * as any ".." components that it might contain do not escape "refs/".
+ * Names that do not start with "refs/" are considered safe iff they
+ * consist entirely of upper case characters and '_' (like "HEAD" and
+ * "MERGE_HEAD" but not "config" or "FOO/BAR").
*/
static int refname_is_safe(const char *refname)
{
/*
* Return 0 if a reference named refname could be created without
* conflicting with the name of an existing reference in dir.
- * Otherwise, return a negative value and write an explanation to err.
- * If extras is non-NULL, it is a list of additional refnames with
- * which refname is not allowed to conflict. If skip is non-NULL,
- * ignore potential conflicts with refs in skip (e.g., because they
- * are scheduled for deletion in the same operation). Behavior is
- * undefined if the same name is listed in both extras and skip.
- *
- * Two reference names conflict if one of them exactly matches the
- * leading components of the other; e.g., "refs/foo/bar" conflicts
- * with both "refs/foo" and with "refs/foo/bar/baz" but not with
- * "refs/foo/bar" or "refs/foo/barbados".
- *
- * extras and skip must be sorted.
+ * See verify_refname_available for more information.
*/
-static int verify_refname_available(const char *refname,
- const struct string_list *extras,
- const struct string_list *skip,
- struct ref_dir *dir,
- struct strbuf *err)
+static int verify_refname_available_dir(const char *refname,
+ const struct string_list *extras,
+ const struct string_list *skip,
+ struct ref_dir *dir,
+ struct strbuf *err)
{
const char *slash;
int pos;
}
/* This function needs to return a meaningful errno on failure */
-static const char *resolve_ref_unsafe_1(const char *refname,
- int resolve_flags,
- unsigned char *sha1,
- int *flags,
- struct strbuf *sb_path)
+static const char *resolve_ref_1(const char *refname,
+ int resolve_flags,
+ unsigned char *sha1,
+ int *flags,
+ struct strbuf *sb_refname,
+ struct strbuf *sb_path,
+ struct strbuf *sb_contents)
{
int depth = MAXDEPTH;
- ssize_t len;
- char buffer[256];
- static char refname_buffer[256];
int bad_name = 0;
if (flags)
/* Follow "normalized" - ie "refs/.." symlinks by hand */
if (S_ISLNK(st.st_mode)) {
- len = readlink(path, buffer, sizeof(buffer)-1);
- if (len < 0) {
+ strbuf_reset(sb_contents);
+ if (strbuf_readlink(sb_contents, path, 0) < 0) {
if (errno == ENOENT || errno == EINVAL)
/* inconsistent with lstat; retry */
goto stat_ref;
else
return NULL;
}
- buffer[len] = 0;
- if (starts_with(buffer, "refs/") &&
- !check_refname_format(buffer, 0)) {
- strcpy(refname_buffer, buffer);
- refname = refname_buffer;
+ if (starts_with(sb_contents->buf, "refs/") &&
+ !check_refname_format(sb_contents->buf, 0)) {
+ strbuf_swap(sb_refname, sb_contents);
+ refname = sb_refname->buf;
if (flags)
*flags |= REF_ISSYMREF;
if (resolve_flags & RESOLVE_REF_NO_RECURSE) {
else
return NULL;
}
- len = read_in_full(fd, buffer, sizeof(buffer)-1);
- if (len < 0) {
+ strbuf_reset(sb_contents);
+ if (strbuf_read(sb_contents, fd, 256) < 0) {
int save_errno = errno;
close(fd);
errno = save_errno;
return NULL;
}
close(fd);
- while (len && isspace(buffer[len-1]))
- len--;
- buffer[len] = '\0';
+ strbuf_rtrim(sb_contents);
/*
* Is it a symbolic ref?
*/
- if (!starts_with(buffer, "ref:")) {
+ if (!starts_with(sb_contents->buf, "ref:")) {
/*
* Please note that FETCH_HEAD has a second
* line containing other data.
*/
- if (get_sha1_hex(buffer, sha1) ||
- (buffer[40] != '\0' && !isspace(buffer[40]))) {
+ if (get_sha1_hex(sb_contents->buf, sha1) ||
+ (sb_contents->buf[40] != '\0' && !isspace(sb_contents->buf[40]))) {
if (flags)
*flags |= REF_ISBROKEN;
errno = EINVAL;
}
if (flags)
*flags |= REF_ISSYMREF;
- buf = buffer + 4;
+ buf = sb_contents->buf + 4;
while (isspace(*buf))
buf++;
- refname = strcpy(refname_buffer, buf);
+ strbuf_reset(sb_refname);
+ strbuf_addstr(sb_refname, buf);
+ refname = sb_refname->buf;
if (resolve_flags & RESOLVE_REF_NO_RECURSE) {
hashclr(sha1);
return refname;
const char *resolve_ref_unsafe(const char *refname, int resolve_flags,
unsigned char *sha1, int *flags)
{
+ static struct strbuf sb_refname = STRBUF_INIT;
+ struct strbuf sb_contents = STRBUF_INIT;
struct strbuf sb_path = STRBUF_INIT;
- const char *ret = resolve_ref_unsafe_1(refname, resolve_flags,
- sha1, flags, &sb_path);
+ const char *ret;
+
+ ret = resolve_ref_1(refname, resolve_flags, sha1, flags,
+ &sb_refname, &sb_path, &sb_contents);
strbuf_release(&sb_path);
+ strbuf_release(&sb_contents);
return ret;
}
if (!has_glob_specials(pattern)) {
/* Append implied '/' '*' if not present. */
- if (real_pattern.buf[real_pattern.len - 1] != '/')
- strbuf_addch(&real_pattern, '/');
+ strbuf_complete(&real_pattern, '/');
/* No need to check for '*', there is none. */
strbuf_addch(&real_pattern, '*');
}
strbuf_git_path(&orig_ref_file, "%s", orig_refname);
if (remove_empty_directories(&orig_ref_file)) {
last_errno = errno;
- if (!verify_refname_available(orig_refname, extras, skip,
- get_loose_refs(&ref_cache), err))
+ if (!verify_refname_available_dir(orig_refname, extras, skip,
+ get_loose_refs(&ref_cache), err))
strbuf_addf(err, "there are still refs under '%s'",
orig_refname);
goto error_return;
if (!refname) {
last_errno = errno;
if (last_errno != ENOTDIR ||
- !verify_refname_available(orig_refname, extras, skip,
- get_loose_refs(&ref_cache), err))
+ !verify_refname_available_dir(orig_refname, extras, skip,
+ get_loose_refs(&ref_cache), err))
strbuf_addf(err, "unable to resolve reference %s: %s",
orig_refname, strerror(last_errno));
* our refname.
*/
if (is_null_oid(&lock->old_oid) &&
- verify_refname_available(refname, extras, skip,
- get_packed_refs(&ref_cache), err)) {
+ verify_refname_available_dir(refname, extras, skip,
+ get_packed_refs(&ref_cache), err)) {
last_errno = ENOTDIR;
goto error_return;
}
struct ref_to_prune *ref_to_prune;
};
-static int is_per_worktree_ref(const char *refname);
-
/*
* An each_ref_entry_fn that is run over loose references only. If
* the loose reference can be packed, add an entry in the packed ref
int is_tag_ref = starts_with(entry->name, "refs/tags/");
/* Do not pack per-worktree refs: */
- if (is_per_worktree_ref(entry->name))
+ if (ref_type(entry->name) != REF_TYPE_NORMAL)
return 0;
/* ALWAYS pack tags */
int namelen = strlen(entry->name) + 1;
struct ref_to_prune *n = xcalloc(1, sizeof(*n) + namelen);
hashcpy(n->sha1, entry->u.value.oid.hash);
- strcpy(n->name, entry->name);
+ memcpy(n->name, entry->name, namelen); /* includes NUL */
n->next = cb->ref_to_prune;
cb->ref_to_prune = n;
}
return ret;
}
+/*
+ * Return 0 if a reference named refname could be created without
+ * conflicting with the name of an existing reference. Otherwise,
+ * return a negative value and write an explanation to err. If extras
+ * is non-NULL, it is a list of additional refnames with which refname
+ * is not allowed to conflict. If skip is non-NULL, ignore potential
+ * conflicts with refs in skip (e.g., because they are scheduled for
+ * deletion in the same operation). Behavior is undefined if the same
+ * name is listed in both extras and skip.
+ *
+ * Two reference names conflict if one of them exactly matches the
+ * leading components of the other; e.g., "foo/bar" conflicts with
+ * both "foo" and with "foo/bar/baz" but not with "foo/bar" or
+ * "foo/barbados".
+ *
+ * extras and skip must be sorted.
+ */
+static int verify_refname_available(const char *newname,
+ struct string_list *extras,
+ struct string_list *skip,
+ struct strbuf *err)
+{
+ struct ref_dir *packed_refs = get_packed_refs(&ref_cache);
+ struct ref_dir *loose_refs = get_loose_refs(&ref_cache);
+
+ if (verify_refname_available_dir(newname, extras, skip,
+ packed_refs, err) ||
+ verify_refname_available_dir(newname, extras, skip,
+ loose_refs, err))
+ return -1;
+
+ return 0;
+}
+
static int rename_ref_available(const char *oldname, const char *newname)
{
struct string_list skip = STRING_LIST_INIT_NODUP;
int ret;
string_list_insert(&skip, oldname);
- ret = !verify_refname_available(newname, NULL, &skip,
- get_packed_refs(&ref_cache), &err)
- && !verify_refname_available(newname, NULL, &skip,
- get_loose_refs(&ref_cache), &err);
+ ret = !verify_refname_available(newname, NULL, &skip, &err);
if (!ret)
error("%s", err.buf);
* large, while cleaning up the whitespaces. Especially, convert LF to space,
* because reflog file is one line per entry.
*/
-static int copy_msg(char *buf, const char *msg)
+static int copy_reflog_msg(char *buf, const char *msg)
{
char *cp = buf;
char c;
msglen = msg ? strlen(msg) : 0;
maxlen = strlen(committer) + msglen + 100;
logrec = xmalloc(maxlen);
- len = sprintf(logrec, "%s %s %s\n",
- sha1_to_hex(old_sha1),
- sha1_to_hex(new_sha1),
- committer);
+ len = xsnprintf(logrec, maxlen, "%s %s %s\n",
+ sha1_to_hex(old_sha1),
+ sha1_to_hex(new_sha1),
+ committer);
if (msglen)
- len += copy_msg(logrec + len - 1, msg) - 1;
+ len += copy_reflog_msg(logrec + len - 1, msg) - 1;
written = len <= maxlen ? write_in_full(fd, logrec, len) : -1;
free(logrec);
static struct ref_update *add_update(struct ref_transaction *transaction,
const char *refname)
{
- size_t len = strlen(refname);
- struct ref_update *update = xcalloc(1, sizeof(*update) + len + 1);
+ size_t len = strlen(refname) + 1;
+ struct ref_update *update = xcalloc(1, sizeof(*update) + len);
- strcpy((char *)update->refname, refname);
+ memcpy((char *)update->refname, refname, len); /* includes NUL */
ALLOC_GROW(transaction->updates, transaction->nr + 1, transaction->alloc);
transaction->updates[transaction->nr++] = update;
return update;
int initial_ref_transaction_commit(struct ref_transaction *transaction,
struct strbuf *err)
{
- struct ref_dir *loose_refs = get_loose_refs(&ref_cache);
- struct ref_dir *packed_refs = get_packed_refs(&ref_cache);
int ret = 0, i;
int n = transaction->nr;
struct ref_update **updates = transaction->updates;
die("BUG: initial ref transaction with old_sha1 set");
if (verify_refname_available(update->refname,
&affected_refnames, NULL,
- loose_refs, err) ||
- verify_refname_available(update->refname,
- &affected_refnames, NULL,
- packed_refs, err)) {
+ err)) {
ret = TRANSACTION_NAME_CONFLICT;
goto cleanup;
}