gitweb: Secure against commit-ish/tree-ish with the same name as path
[gitweb.git] / http-push.c
index e281f70e544d1e59c47f61ce14a728ba5ef44a44..ecefdfd4f8c9c17282f5cec10640343359278028 100644 (file)
@@ -70,18 +70,18 @@ enum XML_Status {
 /* We allow "recursive" symbolic refs. Only within reason, though */
 #define MAXDEPTH 5
 
-static int pushing = 0;
-static int aborted = 0;
+static int pushing;
+static int aborted;
 static signed char remote_dir_exists[256];
 
 static struct curl_slist *no_pragma_header;
 static struct curl_slist *default_headers;
 
-static int push_verbosely = 0;
-static int push_all = 0;
-static int force_all = 0;
+static int push_verbosely;
+static int push_all;
+static int force_all;
 
-static struct object_list *objects = NULL;
+static struct object_list *objects;
 
 struct repo
 {
@@ -94,7 +94,7 @@ struct repo
        struct remote_lock *locks;
 };
 
-static struct repo *remote = NULL;
+static struct repo *remote;
 
 enum transfer_state {
        NEED_FETCH,
@@ -134,7 +134,7 @@ struct transfer_request
        struct transfer_request *next;
 };
 
-static struct transfer_request *request_queue_head = NULL;
+static struct transfer_request *request_queue_head;
 
 struct xml_ctx
 {
@@ -492,7 +492,7 @@ static void start_put(struct transfer_request *request)
 
        /* Set it up */
        memset(&stream, 0, sizeof(stream));
-       deflateInit(&stream, Z_BEST_COMPRESSION);
+       deflateInit(&stream, zlib_compression_level);
        size = deflateBound(&stream, len + hdrlen);
        request->buffer.buffer = xmalloc(size);
 
@@ -530,7 +530,7 @@ static void start_put(struct transfer_request *request)
        request->dest = xmalloc(strlen(request->url) + 14);
        sprintf(request->dest, "Destination: %s", request->url);
        posn += 38;
-       *(posn++) = '.';
+       *(posn++) = '_';
        strcpy(posn, request->lock->token);
 
        slot = get_active_slot();
@@ -745,7 +745,7 @@ static void finish_request(struct transfer_request *request)
                        SHA1_Final(request->real_sha1, &request->c);
                        if (request->zret != Z_STREAM_END) {
                                unlink(request->tmpfile);
-                       } else if (memcmp(request->obj->sha1, request->real_sha1, 20)) {
+                       } else if (hashcmp(request->obj->sha1, request->real_sha1)) {
                                unlink(request->tmpfile);
                        } else {
                                request->rename =
@@ -1238,10 +1238,8 @@ xml_start_tag(void *userData, const char *name, const char **atts)
        strcat(ctx->name, ".");
        strcat(ctx->name, c);
 
-       if (ctx->cdata) {
-               free(ctx->cdata);
-               ctx->cdata = NULL;
-       }
+       free(ctx->cdata);
+       ctx->cdata = NULL;
 
        ctx->userFunc(ctx, 0);
 }
@@ -1268,8 +1266,7 @@ static void
 xml_cdata(void *userData, const XML_Char *s, int len)
 {
        struct xml_ctx *ctx = (struct xml_ctx *)userData;
-       if (ctx->cdata)
-               free(ctx->cdata);
+       free(ctx->cdata);
        ctx->cdata = xmalloc(len + 1);
        strlcpy(ctx->cdata, s, len + 1);
 }
@@ -1518,9 +1515,7 @@ static void handle_remote_ls_ctx(struct xml_ctx *ctx, int tag_closed)
                        ls->dentry_flags |= IS_DIR;
                }
        } else if (!strcmp(ctx->name, DAV_PROPFIND_RESP)) {
-               if (ls->dentry_name) {
-                       free(ls->dentry_name);
-               }
+               free(ls->dentry_name);
                ls->dentry_name = NULL;
                ls->dentry_flags = 0;
        }
@@ -1544,7 +1539,7 @@ static void remote_ls(const char *path, int flags,
        struct remote_ls_ctx ls;
 
        ls.flags = flags;
-       ls.path = strdup(path);
+       ls.path = xstrdup(path);
        ls.dentry_name = NULL;
        ls.dentry_flags = 0;
        ls.userData = userData;
@@ -1700,7 +1695,7 @@ static int locking_available(void)
        return lock_flags;
 }
 
-struct object_list **add_one_object(struct object *obj, struct object_list **p)
+static struct object_list **add_one_object(struct object *obj, struct object_list **p)
 {
        struct object_list *entry = xmalloc(sizeof(struct object_list));
        entry->item = obj;
@@ -1743,7 +1738,7 @@ static struct object_list **process_tree(struct tree *tree,
                die("bad tree object %s", sha1_to_hex(obj->sha1));
 
        obj->flags |= SEEN;
-       name = strdup(name);
+       name = xstrdup(name);
        p = add_one_object(obj, p);
        me.up = path;
        me.elem = name;
@@ -1784,16 +1779,16 @@ static int get_delta(struct rev_info *revs, struct remote_lock *lock)
 
                if (obj->flags & (UNINTERESTING | SEEN))
                        continue;
-               if (obj->type == TYPE_TAG) {
+               if (obj->type == OBJ_TAG) {
                        obj->flags |= SEEN;
                        p = add_one_object(obj, p);
                        continue;
                }
-               if (obj->type == TYPE_TREE) {
+               if (obj->type == OBJ_TREE) {
                        p = process_tree((struct tree *)obj, p, NULL, name);
                        continue;
                }
-               if (obj->type == TYPE_BLOB) {
+               if (obj->type == OBJ_BLOB) {
                        p = process_blob((struct blob *)obj, p, NULL, name);
                        continue;
                }
@@ -1869,12 +1864,12 @@ static int update_remote(unsigned char *sha1, struct remote_lock *lock)
 static struct ref *local_refs, **local_tail;
 static struct ref *remote_refs, **remote_tail;
 
-static int one_local_ref(const char *refname, const unsigned char *sha1)
+static int one_local_ref(const char *refname, const unsigned char *sha1, int flag, void *cb_data)
 {
        struct ref *ref;
        int len = strlen(refname) + 1;
        ref = xcalloc(1, sizeof(*ref) + len);
-       memcpy(ref->new_sha1, sha1, 20);
+       hashcpy(ref->new_sha1, sha1);
        memcpy(ref->name, refname, len);
        *local_tail = ref;
        local_tail = &ref->next;
@@ -1909,7 +1904,7 @@ static void one_remote_ref(char *refname)
        }
 
        ref = xcalloc(1, sizeof(*ref) + len);
-       memcpy(ref->old_sha1, remote_sha1, 20);
+       hashcpy(ref->old_sha1, remote_sha1);
        memcpy(ref->name, refname, len);
        *remote_tail = ref;
        remote_tail = &ref->next;
@@ -1918,7 +1913,7 @@ static void one_remote_ref(char *refname)
 static void get_local_heads(void)
 {
        local_tail = &local_refs;
-       for_each_ref(one_local_ref);
+       for_each_ref(one_local_ref, NULL);
 }
 
 static void get_dav_remote_heads(void)
@@ -1960,12 +1955,12 @@ static int ref_newer(const unsigned char *new_sha1,
         * old.  Otherwise we require --force.
         */
        o = deref_tag(parse_object(old_sha1), NULL, 0);
-       if (!o || o->type != TYPE_COMMIT)
+       if (!o || o->type != OBJ_COMMIT)
                return 0;
        old = (struct commit *) o;
 
        o = deref_tag(parse_object(new_sha1), NULL, 0);
-       if (!o || o->type != TYPE_COMMIT)
+       if (!o || o->type != OBJ_COMMIT)
                return 0;
        new = (struct commit *) o;
 
@@ -2044,7 +2039,7 @@ static void add_remote_info_ref(struct remote_ls_ctx *ls)
        fwrite_buffer(ref_info, 1, len, buf);
        free(ref_info);
 
-       if (o->type == TYPE_TAG) {
+       if (o->type == OBJ_TAG) {
                o = deref_tag(o, ls->dentry_name, 0);
                if (o) {
                        len = strlen(ls->dentry_name) + 45;
@@ -2164,7 +2159,7 @@ static void fetch_symref(const char *path, char **symref, unsigned char *sha1)
        if (*symref != NULL)
                free(*symref);
        *symref = NULL;
-       memset(sha1, 0, 20);
+       hashclr(sha1);
 
        if (buffer.posn == 0)
                return;
@@ -2182,49 +2177,11 @@ static void fetch_symref(const char *path, char **symref, unsigned char *sha1)
 
 static int verify_merge_base(unsigned char *head_sha1, unsigned char *branch_sha1)
 {
-       int pipe_fd[2];
-       pid_t merge_base_pid;
-       char line[PATH_MAX + 20];
-       unsigned char merge_sha1[20];
-       int verified = 0;
-
-       if (pipe(pipe_fd) < 0)
-               die("Verify merge base: pipe failed");
-
-       merge_base_pid = fork();
-       if (!merge_base_pid) {
-               static const char *args[] = {
-                       "merge-base",
-                       "-a",
-                       NULL,
-                       NULL,
-                       NULL
-               };
-               args[2] = strdup(sha1_to_hex(head_sha1));
-               args[3] = sha1_to_hex(branch_sha1);
-
-               dup2(pipe_fd[1], 1);
-               close(pipe_fd[0]);
-               close(pipe_fd[1]);
-               execv_git_cmd(args);
-               die("merge-base setup failed");
-       }
-       if (merge_base_pid < 0)
-               die("merge-base fork failed");
-
-       dup2(pipe_fd[0], 0);
-       close(pipe_fd[0]);
-       close(pipe_fd[1]);
-       while (fgets(line, sizeof(line), stdin) != NULL) {
-               if (get_sha1_hex(line, merge_sha1))
-                       die("expected sha1, got garbage:\n %s", line);
-               if (!memcmp(branch_sha1, merge_sha1, 20)) {
-                       verified = 1;
-                       break;
-               }
-       }
+       struct commit *head = lookup_commit(head_sha1);
+       struct commit *branch = lookup_commit(branch_sha1);
+       struct commit_list *merge_bases = get_merge_bases(head, branch, 1);
 
-       return verified;
+       return (merge_bases && !merge_bases->next && merge_bases->item == branch);
 }
 
 static int delete_remote_branch(char *pattern, int force)
@@ -2454,7 +2411,7 @@ int main(int argc, char **argv)
 
                if (!ref->peer_ref)
                        continue;
-               if (!memcmp(ref->old_sha1, ref->peer_ref->new_sha1, 20)) {
+               if (!hashcmp(ref->old_sha1, ref->peer_ref->new_sha1)) {
                        if (push_verbosely || 1)
                                fprintf(stderr, "'%s': up-to-date\n", ref->name);
                        continue;
@@ -2483,7 +2440,7 @@ int main(int argc, char **argv)
                                continue;
                        }
                }
-               memcpy(ref->new_sha1, ref->peer_ref->new_sha1, 20);
+               hashcpy(ref->new_sha1, ref->peer_ref->new_sha1);
                if (is_zero_sha1(ref->new_sha1)) {
                        error("cannot happen anymore");
                        rc = -3;
@@ -2510,7 +2467,7 @@ int main(int argc, char **argv)
 
                /* Set up revision info for this refspec */
                commit_argc = 3;
-               new_sha1_hex = strdup(sha1_to_hex(ref->new_sha1));
+               new_sha1_hex = xstrdup(sha1_to_hex(ref->new_sha1));
                old_sha1_hex = NULL;
                commit_argv[1] = "--objects";
                commit_argv[2] = new_sha1_hex;
@@ -2521,7 +2478,7 @@ int main(int argc, char **argv)
                        commit_argv[3] = old_sha1_hex;
                        commit_argc++;
                }
-               init_revisions(&revs);
+               init_revisions(&revs, setup_git_directory());
                setup_revisions(commit_argc, commit_argv, &revs, NULL);
                free(new_sha1_hex);
                if (old_sha1_hex) {