start_command(), .in/.out/.err = -1: Callers must close the file descriptor
[gitweb.git] / setup.c
diff --git a/setup.c b/setup.c
index b59dbe7f51e8ffcbf2721d2ec7201400830e6830..dc247a84c49709d2bff00440e5ac976df83acd2e 100644 (file)
--- a/setup.c
+++ b/setup.c
 static int inside_git_dir = -1;
 static int inside_work_tree = -1;
 
-const char *prefix_path(const char *prefix, int len, const char *path)
+static int sanitary_path_copy(char *dst, const char *src)
 {
-       const char *orig = path;
+       char *dst0 = dst;
+
+       if (*src == '/') {
+               *dst++ = '/';
+               while (*src == '/')
+                       src++;
+       }
+
        for (;;) {
-               char c;
-               if (*path != '.')
-                       break;
-               c = path[1];
-               /* "." */
-               if (!c) {
-                       path++;
-                       break;
+               char c = *src;
+
+               /*
+                * A path component that begins with . could be
+                * special:
+                * (1) "." and ends   -- ignore and terminate.
+                * (2) "./"           -- ignore them, eat slash and continue.
+                * (3) ".." and ends  -- strip one and terminate.
+                * (4) "../"          -- strip one, eat slash and continue.
+                */
+               if (c == '.') {
+                       switch (src[1]) {
+                       case '\0':
+                               /* (1) */
+                               src++;
+                               break;
+                       case '/':
+                               /* (2) */
+                               src += 2;
+                               while (*src == '/')
+                                       src++;
+                               continue;
+                       case '.':
+                               switch (src[2]) {
+                               case '\0':
+                                       /* (3) */
+                                       src += 2;
+                                       goto up_one;
+                               case '/':
+                                       /* (4) */
+                                       src += 3;
+                                       while (*src == '/')
+                                               src++;
+                                       goto up_one;
+                               }
+                       }
                }
-               /* "./" */
+
+               /* copy up to the next '/', and eat all '/' */
+               while ((c = *src++) != '\0' && c != '/')
+                       *dst++ = c;
                if (c == '/') {
-                       path += 2;
-                       continue;
-               }
-               if (c != '.')
+                       *dst++ = c;
+                       while (c == '/')
+                               c = *src++;
+                       src--;
+               } else if (!c)
                        break;
-               c = path[2];
-               if (!c)
-                       path += 2;
-               else if (c == '/')
-                       path += 3;
-               else
-                       break;
-               /* ".." and "../" */
-               /* Remove last component of the prefix */
-               do {
-                       if (!len)
-                               die("'%s' is outside repository", orig);
-                       len--;
-               } while (len && prefix[len-1] != '/');
                continue;
+
+       up_one:
+               /*
+                * dst0..dst is prefix portion, and dst[-1] is '/';
+                * go up one level.
+                */
+               dst -= 2; /* go past trailing '/' if any */
+               if (dst < dst0)
+                       return -1;
+               while (1) {
+                       if (dst <= dst0)
+                               break;
+                       c = *dst--;
+                       if (c == '/') {
+                               dst += 2;
+                               break;
+                       }
+               }
        }
-       if (len) {
-               int speclen = strlen(path);
-               char *n = xmalloc(speclen + len + 1);
+       *dst = '\0';
+       return 0;
+}
 
-               memcpy(n, prefix, len);
-               memcpy(n + len, path, speclen+1);
-               path = n;
+const char *prefix_path(const char *prefix, int len, const char *path)
+{
+       const char *orig = path;
+       char *sanitized = xmalloc(len + strlen(path) + 1);
+       if (is_absolute_path(orig))
+               strcpy(sanitized, path);
+       else {
+               if (len)
+                       memcpy(sanitized, prefix, len);
+               strcpy(sanitized + len, path);
        }
-       return path;
+       if (sanitary_path_copy(sanitized, sanitized))
+               goto error_out;
+       if (is_absolute_path(orig)) {
+               const char *work_tree = get_git_work_tree();
+               size_t len = strlen(work_tree);
+               size_t total = strlen(sanitized) + 1;
+               if (strncmp(sanitized, work_tree, len) ||
+                   (sanitized[len] != '\0' && sanitized[len] != '/')) {
+               error_out:
+                       error("'%s' is outside repository", orig);
+                       free(sanitized);
+                       return NULL;
+               }
+               if (sanitized[len] == '/')
+                       len++;
+               memmove(sanitized, sanitized + len, total - len);
+       }
+       return sanitized;
 }
 
 /*
@@ -114,7 +181,7 @@ void verify_non_filename(const char *prefix, const char *arg)
 const char **get_pathspec(const char *prefix, const char **pathspec)
 {
        const char *entry = *pathspec;
-       const char **p;
+       const char **src, **dst;
        int prefixlen;
 
        if (!prefix && !entry)
@@ -128,19 +195,26 @@ const char **get_pathspec(const char *prefix, const char **pathspec)
        }
 
        /* Otherwise we have to re-write the entries.. */
-       p = pathspec;
+       src = pathspec;
+       dst = pathspec;
        prefixlen = prefix ? strlen(prefix) : 0;
-       do {
-               *p = prefix_path(prefix, prefixlen, entry);
-       } while ((entry = *++p) != NULL);
-       return (const char **) pathspec;
+       while (*src) {
+               const char *p = prefix_path(prefix, prefixlen, *src);
+               if (p)
+                       *(dst++) = p;
+               src++;
+       }
+       *dst = NULL;
+       if (!*pathspec)
+               return NULL;
+       return pathspec;
 }
 
 /*
  * Test if it looks like we're at a git directory.
  * We want to see:
  *
- *  - either a objects/ directory _or_ the proper
+ *  - either an objects/ directory _or_ the proper
  *    GIT_OBJECT_DIRECTORY environment variable
  *  - a refs/ directory
  *  - either a HEAD symlink or a HEAD file that is formatted as
@@ -372,6 +446,8 @@ int check_repository_format_version(const char *var, const char *value)
                if (is_bare_repository_cfg == 1)
                        inside_work_tree = -1;
        } else if (strcmp(var, "core.worktree") == 0) {
+               if (!value)
+                       return config_error_nonbool(var);
                if (git_work_tree_cfg)
                        free(git_work_tree_cfg);
                git_work_tree_cfg = xstrdup(value);