# algorithm. This is slower, but may detect attempted collision attacks.
# Takes priority over other *_SHA1 knobs.
#
+# Define DC_SHA1_EXTERNAL in addition to DC_SHA1 if you want to build / link
+# git with the external SHA1 collision-detect library.
+# Without this option, i.e. the default behavior is to build git with its
+# own built-in code (or submodule).
+#
# Define DC_SHA1_SUBMODULE in addition to DC_SHA1 to use the
# sha1collisiondetection shipped as a submodule instead of the
# non-submodule copy in sha1dc/. This is an experimental option used
BASIC_CFLAGS += -DSHA1_APPLE
else
DC_SHA1 := YesPlease
+ BASIC_CFLAGS += -DSHA1_DC
+ LIB_OBJS += sha1dc_git.o
+ifdef DC_SHA1_EXTERNAL
+ ifdef DC_SHA1_SUBMODULE
+$(error Only set DC_SHA1_EXTERNAL or DC_SHA1_SUBMODULE, not both)
+ endif
+ BASIC_CFLAGS += -DDC_SHA1_EXTERNAL
+ EXTLIBS += -lsha1detectcoll
+else
ifdef DC_SHA1_SUBMODULE
LIB_OBJS += sha1collisiondetection/lib/sha1.o
LIB_OBJS += sha1collisiondetection/lib/ubc_check.o
LIB_OBJS += sha1dc/ubc_check.o
endif
BASIC_CFLAGS += \
- -DSHA1_DC \
-DSHA1DC_NO_STANDARD_INCLUDES \
-DSHA1DC_INIT_SAFE_HASH_DEFAULT=0 \
-DSHA1DC_CUSTOM_INCLUDE_SHA1_C="\"cache.h\"" \
- -DSHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_C="\"sha1dc_git.c\"" \
- -DSHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_H="\"sha1dc_git.h\"" \
-DSHA1DC_CUSTOM_INCLUDE_UBC_CHECK_C="\"git-compat-util.h\""
endif
endif
endif
endif
+endif
ifdef SHA1_MAX_BLOCK_SIZE
LIB_OBJS += compat/sha1-chunked.o
struct commit *commit = (struct commit *)o;
int from_tag = starts_with(path, "refs/tags/");
- if (taggerdate == ULONG_MAX)
+ if (taggerdate == TIME_MAX)
taggerdate = ((struct commit *)o)->date;
path = name_ref_abbrev(path, can_abbreviate_output);
name_rev(commit, xstrdup(path), taggerdate, 0, 0,
{
int fd = -1, in_fd = -1;
int ret;
- struct lock_file *lock = NULL;
+ static struct lock_file lock;
char *filename_buf = NULL;
char *contents = NULL;
size_t contents_sz;
* The lock serves a purpose in addition to locking: the new
* contents of .git/config will be written into it.
*/
- lock = xcalloc(1, sizeof(struct lock_file));
- fd = hold_lock_file_for_update(lock, config_filename, 0);
+ fd = hold_lock_file_for_update(&lock, config_filename, 0);
if (fd < 0) {
error_errno("could not lock config file %s", config_filename);
free(store.key);
close(in_fd);
in_fd = -1;
- if (chmod(get_lock_file_path(lock), st.st_mode & 07777) < 0) {
- error_errno("chmod on %s failed", get_lock_file_path(lock));
+ if (chmod(get_lock_file_path(&lock), st.st_mode & 07777) < 0) {
+ error_errno("chmod on %s failed", get_lock_file_path(&lock));
ret = CONFIG_NO_WRITE;
goto out_free;
}
contents = NULL;
}
- if (commit_lock_file(lock) < 0) {
+ if (commit_lock_file(&lock) < 0) {
error_errno("could not write config file %s", config_filename);
ret = CONFIG_NO_WRITE;
- lock = NULL;
goto out_free;
}
- /*
- * lock is committed, so don't try to roll it back below.
- * NOTE: Since lockfile.c keeps a linked list of all created
- * lock_file structures, it isn't safe to free(lock). It's
- * better to just leave it hanging around.
- */
- lock = NULL;
ret = 0;
/* Invalidate the config cache */
git_config_clear();
out_free:
- if (lock)
- rollback_lock_file(lock);
+ rollback_lock_file(&lock);
free(filename_buf);
if (contents)
munmap(contents, contents_sz);
return ret;
write_err_out:
- ret = write_error(get_lock_file_path(lock));
+ ret = write_error(get_lock_file_path(&lock));
goto out_free;
}
test: all
$(MAKE) -C t
+clean:
+ $(RM) diff-highlight
+
.PHONY: FORCE
#elif defined(SHA1_OPENSSL)
#include <openssl/sha.h>
#elif defined(SHA1_DC)
-#ifdef DC_SHA1_SUBMODULE
-#include "sha1collisiondetection/lib/sha1.h"
-#else
-#include "sha1dc/sha1.h"
-#endif
+#include "sha1dc_git.h"
#else /* SHA1_BLK */
#include "block-sha1/sha1.h"
#endif
#define CLR_PTR_TYPE(ptr) ((void *) ((uintptr_t) (ptr) & ~3))
#define SET_PTR_TYPE(ptr, type) ((void *) ((uintptr_t) (ptr) | (type)))
-#define GET_NIBBLE(n, sha1) (((sha1[(n) >> 1]) >> ((~(n) & 0x01) << 2)) & 0x0f)
+#define GET_NIBBLE(n, sha1) ((((sha1)[(n) >> 1]) >> ((~(n) & 0x01) << 2)) & 0x0f)
#define KEY_INDEX (GIT_SHA1_RAWSZ - 1)
#define FANOUT_PATH_SEPARATORS ((GIT_SHA1_HEXSZ / 2) - 1)
}
/*
- * Convert a partial SHA1 hex string to the corresponding partial SHA1 value.
- * - hex - Partial SHA1 segment in ASCII hex format
- * - hex_len - Length of above segment. Must be multiple of 2 between 0 and 40
- * - sha1 - Partial SHA1 value is written here
- * - sha1_len - Max #bytes to store in sha1, Must be >= hex_len / 2, and < 20
- * Returns -1 on error (invalid arguments or invalid SHA1 (not in hex format)).
- * Otherwise, returns number of bytes written to sha1 (i.e. hex_len / 2).
- * Pads sha1 with NULs up to sha1_len (not included in returned length).
+ * Read `len` pairs of hexadecimal digits from `hex` and write the
+ * values to `binary` as `len` bytes. Return 0 on success, or -1 if
+ * the input does not consist of hex digits).
*/
-static int get_oid_hex_segment(const char *hex, unsigned int hex_len,
- unsigned char *oid, unsigned int oid_len)
+static int hex_to_bytes(unsigned char *binary, const char *hex, size_t len)
{
- unsigned int i, len = hex_len >> 1;
- if (hex_len % 2 != 0 || len > oid_len)
- return -1;
- for (i = 0; i < len; i++) {
+ for (; len; len--, hex += 2) {
unsigned int val = (hexval(hex[0]) << 4) | hexval(hex[1]);
+
if (val & ~0xff)
return -1;
- *oid++ = val;
- hex += 2;
+ *binary++ = val;
}
- for (; i < oid_len; i++)
- *oid++ = 0;
- return len;
+ return 0;
}
static int non_note_cmp(const struct non_note *a, const struct non_note *b)
struct int_node *node, unsigned int n)
{
struct object_id object_oid;
- unsigned int prefix_len;
+ size_t prefix_len;
void *buf;
struct tree_desc desc;
struct name_entry entry;
- int len, path_len;
- unsigned char type;
- struct leaf_node *l;
buf = fill_tree_descriptor(&desc, &subtree->val_oid);
if (!buf)
oid_to_hex(&subtree->val_oid));
prefix_len = subtree->key_oid.hash[KEY_INDEX];
- assert(prefix_len * 2 >= n);
+ if (prefix_len >= GIT_SHA1_RAWSZ)
+ BUG("prefix_len (%"PRIuMAX") is out of range", (uintmax_t)prefix_len);
+ if (prefix_len * 2 < n)
+ BUG("prefix_len (%"PRIuMAX") is too small", (uintmax_t)prefix_len);
memcpy(object_oid.hash, subtree->key_oid.hash, prefix_len);
while (tree_entry(&desc, &entry)) {
- path_len = strlen(entry.path);
- len = get_oid_hex_segment(entry.path, path_len,
- object_oid.hash + prefix_len, GIT_SHA1_RAWSZ - prefix_len);
- if (len < 0)
- goto handle_non_note; /* entry.path is not a SHA1 */
- len += prefix_len;
+ unsigned char type;
+ struct leaf_node *l;
+ size_t path_len = strlen(entry.path);
+
+ if (path_len == 2 * (GIT_SHA1_RAWSZ - prefix_len)) {
+ /* This is potentially the remainder of the SHA-1 */
+
+ if (!S_ISREG(entry.mode))
+ /* notes must be blobs */
+ goto handle_non_note;
+
+ if (hex_to_bytes(object_oid.hash + prefix_len, entry.path,
+ GIT_SHA1_RAWSZ - prefix_len))
+ goto handle_non_note; /* entry.path is not a SHA1 */
- /*
- * If object SHA1 is complete (len == 20), assume note object
- * If object SHA1 is incomplete (len < 20), and current
- * component consists of 2 hex chars, assume note subtree
- */
- if (len <= GIT_SHA1_RAWSZ) {
type = PTR_TYPE_NOTE;
- l = (struct leaf_node *)
- xcalloc(1, sizeof(struct leaf_node));
- oidcpy(&l->key_oid, &object_oid);
- oidcpy(&l->val_oid, entry.oid);
- if (len < GIT_SHA1_RAWSZ) {
- if (!S_ISDIR(entry.mode) || path_len != 2)
- goto handle_non_note; /* not subtree */
- l->key_oid.hash[KEY_INDEX] = (unsigned char) len;
- type = PTR_TYPE_SUBTREE;
- }
- if (note_tree_insert(t, node, n, l, type,
- combine_notes_concatenate))
- die("Failed to load %s %s into notes tree "
- "from %s",
- type == PTR_TYPE_NOTE ? "note" : "subtree",
- oid_to_hex(&l->key_oid), t->ref);
+ } else if (path_len == 2) {
+ /* This is potentially an internal node */
+ size_t len = prefix_len;
+
+ if (!S_ISDIR(entry.mode))
+ /* internal nodes must be trees */
+ goto handle_non_note;
+
+ if (hex_to_bytes(object_oid.hash + len++, entry.path, 1))
+ goto handle_non_note; /* entry.path is not a SHA1 */
+
+ /*
+ * Pad the rest of the SHA-1 with zeros,
+ * except for the last byte, where we write
+ * the length:
+ */
+ memset(object_oid.hash + len, 0, GIT_SHA1_RAWSZ - len - 1);
+ object_oid.hash[KEY_INDEX] = (unsigned char)len;
+
+ type = PTR_TYPE_SUBTREE;
+ } else {
+ /* This can't be part of a note */
+ goto handle_non_note;
}
+
+ l = xcalloc(1, sizeof(*l));
+ oidcpy(&l->key_oid, &object_oid);
+ oidcpy(&l->val_oid, entry.oid);
+ if (note_tree_insert(t, node, n, l, type,
+ combine_notes_concatenate))
+ die("Failed to load %s %s into notes tree "
+ "from %s",
+ type == PTR_TYPE_NOTE ? "note" : "subtree",
+ oid_to_hex(&l->key_oid), t->ref);
+
continue;
handle_non_note:
/*
- * Determine full path for this non-note entry:
- * The filename is already found in entry.path, but the
- * directory part of the path must be deduced from the subtree
- * containing this entry. We assume here that the overall notes
- * tree follows a strict byte-based progressive fanout
- * structure (i.e. using 2/38, 2/2/36, etc. fanouts, and not
- * e.g. 4/36 fanout). This means that if a non-note is found at
- * path "dead/beef", the following code will register it as
- * being found on "de/ad/beef".
- * On the other hand, if you use such non-obvious non-note
- * paths in the middle of a notes tree, you deserve what's
- * coming to you ;). Note that for non-notes that are not
- * SHA1-like at the top level, there will be no problems.
- *
- * To conclude, it is strongly advised to make sure non-notes
- * have at least one non-hex character in the top-level path
- * component.
+ * Determine full path for this non-note entry. The
+ * filename is already found in entry.path, but the
+ * directory part of the path must be deduced from the
+ * subtree containing this entry based on our
+ * knowledge that the overall notes tree follows a
+ * strict byte-based progressive fanout structure
+ * (i.e. using 2/38, 2/2/36, etc. fanouts).
*/
{
struct strbuf non_note_path = STRBUF_INIT;
const char *q = oid_to_hex(&subtree->key_oid);
- int i;
+ size_t i;
for (i = 0; i < prefix_len; i++) {
strbuf_addch(&non_note_path, *q++);
strbuf_addch(&non_note_path, *q++);
{
struct pathspec_item *item;
const char *entry = argv ? *argv : NULL;
- int i, n, prefixlen, warn_empty_string, nr_exclude = 0;
+ int i, n, prefixlen, nr_exclude = 0;
memset(pathspec, 0, sizeof(*pathspec));
}
n = 0;
- warn_empty_string = 1;
while (argv[n]) {
- if (*argv[n] == '\0' && warn_empty_string) {
- warning(_("empty strings as pathspecs will be made invalid in upcoming releases. "
- "please use . instead if you meant to match all paths"));
- warn_empty_string = 0;
- }
+ if (*argv[n] == '\0')
+ die("empty string is not a valid pathspec. "
+ "please use . instead if you meant to match all paths");
n++;
}
static int packet_write_fmt_1(int fd, int gently,
const char *fmt, va_list args)
{
- struct strbuf buf = STRBUF_INIT;
+ static struct strbuf buf = STRBUF_INIT;
ssize_t count;
+ strbuf_reset(&buf);
format_packet(&buf, fmt, args);
count = write_in_full(fd, buf.buf, buf.len);
if (count == buf.len)
/*
* First make sure that HEAD is not already in the
- * transaction. This insertion is O(N) in the transaction
+ * transaction. This check is O(lg N) in the transaction
* size, but it happens at most once per transaction.
*/
- item = string_list_insert(affected_refnames, "HEAD");
- if (item->util) {
+ if (string_list_has_string(affected_refnames, "HEAD")) {
/* An entry already existed */
strbuf_addf(err,
"multiple updates for 'HEAD' (including one "
update->new_oid.hash, update->old_oid.hash,
update->msg);
+ /*
+ * Add "HEAD". This insertion is O(N) in the transaction
+ * size, but it happens at most once per transaction.
+ * Add new_update->refname instead of a literal "HEAD".
+ */
+ if (strcmp(new_update->refname, "HEAD"))
+ BUG("%s unexpectedly not 'HEAD'", new_update->refname);
+ item = string_list_insert(affected_refnames, new_update->refname);
item->util = new_update;
return 0;
/*
* First make sure that referent is not already in the
- * transaction. This insertion is O(N) in the transaction
+ * transaction. This check is O(lg N) in the transaction
* size, but it happens at most once per symref in a
* transaction.
*/
- item = string_list_insert(affected_refnames, referent);
- if (item->util) {
- /* An entry already existed */
+ if (string_list_has_string(affected_refnames, referent)) {
+ /* An entry already exists */
strbuf_addf(err,
"multiple updates for '%s' (including one "
"via symref '%s') are not allowed",
update->flags |= REF_LOG_ONLY | REF_NODEREF;
update->flags &= ~REF_HAVE_OLD;
+ /*
+ * Add the referent. This insertion is O(N) in the transaction
+ * size, but it happens at most once per symref in a
+ * transaction. Make sure to add new_update->refname, which will
+ * be valid as long as affected_refnames is in use, and NOT
+ * referent, which might soon be freed by our caller.
+ */
+ item = string_list_insert(affected_refnames, new_update->refname);
+ if (item->util)
+ BUG("%s unexpectedly found in affected_refnames",
+ new_update->refname);
item->util = new_update;
return 0;
struct strbuf referent = STRBUF_INIT;
int mustexist = (update->flags & REF_HAVE_OLD) &&
!is_null_oid(&update->old_oid);
- int ret;
+ int ret = 0;
struct ref_lock *lock;
files_assert_main_repository(refs, "lock_ref_for_update");
ret = split_head_update(update, transaction, head_ref,
affected_refnames, err);
if (ret)
- return ret;
+ goto out;
}
ret = lock_raw_ref(refs, update->refname, mustexist,
strbuf_addf(err, "cannot lock ref '%s': %s",
original_update_refname(update), reason);
free(reason);
- return ret;
+ goto out;
}
update->backend_data = lock;
strbuf_addf(err, "cannot lock ref '%s': "
"error reading reference",
original_update_refname(update));
- return -1;
+ ret = TRANSACTION_GENERIC_ERROR;
+ goto out;
}
} else if (check_old_oid(update, &lock->old_oid, err)) {
- return TRANSACTION_GENERIC_ERROR;
+ ret = TRANSACTION_GENERIC_ERROR;
+ goto out;
}
} else {
/*
referent.buf, transaction,
affected_refnames, err);
if (ret)
- return ret;
+ goto out;
}
} else {
struct ref_update *parent_update;
- if (check_old_oid(update, &lock->old_oid, err))
- return TRANSACTION_GENERIC_ERROR;
+ if (check_old_oid(update, &lock->old_oid, err)) {
+ ret = TRANSACTION_GENERIC_ERROR;
+ goto out;
+ }
/*
* If this update is happening indirectly because of a
"cannot update ref '%s': %s",
update->refname, write_err);
free(write_err);
- return TRANSACTION_GENERIC_ERROR;
+ ret = TRANSACTION_GENERIC_ERROR;
+ goto out;
} else {
update->flags |= REF_NEEDS_COMMIT;
}
if (close_ref(lock)) {
strbuf_addf(err, "couldn't close '%s.lock'",
update->refname);
- return TRANSACTION_GENERIC_ERROR;
+ ret = TRANSACTION_GENERIC_ERROR;
+ goto out;
}
}
- return 0;
+
+out:
+ strbuf_release(&referent);
+ return ret;
}
/*
+#include "cache.h"
+
+#ifdef DC_SHA1_EXTERNAL
/*
- * This code is included at the end of sha1dc/sha1.c with the
- * SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_C macro.
+ * Same as SHA1DCInit, but with default save_hash=0
*/
+void git_SHA1DCInit(SHA1_CTX *ctx)
+{
+ SHA1DCInit(ctx);
+ SHA1DCSetSafeHash(ctx, 0);
+}
+#endif
+/*
+ * Same as SHA1DCFinal, but convert collision attack case into a verbose die().
+ */
void git_SHA1DCFinal(unsigned char hash[20], SHA1_CTX *ctx)
{
if (!SHA1DCFinal(hash, ctx))
sha1_to_hex(hash));
}
+/*
+ * Same as SHA1DCUpdate, but adjust types to match git's usual interface.
+ */
void git_SHA1DCUpdate(SHA1_CTX *ctx, const void *vdata, unsigned long len)
{
const char *data = vdata;
-/*
- * This code is included at the end of sha1dc/sha1.h with the
- * SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_H macro.
- */
+/* Plumbing with collition-detecting SHA1 code */
-/*
- * Same as SHA1DCFinal, but convert collision attack case into a verbose die().
- */
-void git_SHA1DCFinal(unsigned char [20], SHA1_CTX *);
+#ifdef DC_SHA1_SUBMODULE
+#include "sha1collisiondetection/lib/sha1.h"
+#elif defined(DC_SHA1_EXTERNAL)
+#include <sha1dc/sha1.h>
+#else
+#include "sha1dc/sha1.h"
+#endif
+
+#ifdef DC_SHA1_EXTERNAL
+void git_SHA1DCInit(SHA1_CTX *);
+#else
+#define git_SHA1DCInit SHA1DCInit
+#endif
-/*
- * Same as SHA1DCUpdate, but adjust types to match git's usual interface.
- */
+void git_SHA1DCFinal(unsigned char [20], SHA1_CTX *);
void git_SHA1DCUpdate(SHA1_CTX *ctx, const void *data, unsigned long len);
#define platform_SHA_CTX SHA1_CTX
-#define platform_SHA1_Init SHA1DCInit
+#define platform_SHA1_Init git_SHA1DCInit
#define platform_SHA1_Update git_SHA1DCUpdate
#define platform_SHA1_Final git_SHA1DCFinal
echo >.gitattributes &&
git checkout -b master &&
git add .gitattributes &&
- git commit -m "add .gitattributes" "" &&
+ git commit -m "add .gitattributes" . &&
printf "\$Id: 0000000000000000000000000000000000000000 \$\nLINEONE\nLINETWO\nLINETHREE" >LF &&
printf "\$Id: 0000000000000000000000000000000000000000 \$\r\nLINEONE\r\nLINETWO\r\nLINETHREE" >CRLF &&
printf "\$Id: 0000000000000000000000000000000000000000 \$\nLINEONE\r\nLINETWO\nLINETHREE" >CRLF_mix_LF &&
test_i18ncmp expect actual
'
-test_expect_success 'rm empty string should invoke warning' '
- git rm -rf "" 2>output &&
- test_i18ngrep "warning: empty strings" output
+test_expect_success 'rm empty string should fail' '
+ test_must_fail git rm -rf ""
'
test_done
test_i18ncmp expect.err actual.err
'
-test_expect_success 'git add empty string should invoke warning' '
- git add "" 2>output &&
- test_i18ngrep "warning: empty strings" output
+test_expect_success 'git add empty string should fail' '
+ test_must_fail git add ""
'
test_expect_success 'git add --chmod=[+-]x stages correctly' '