static char *server_capabilities;
static const char *parse_feature_value(const char *, const char *, int *);
-static int check_ref(const char *name, int len, unsigned int flags)
+static int check_ref(const char *name, unsigned int flags)
{
if (!flags)
return 1;
- if (len < 5 || memcmp(name, "refs/", 5))
+ if (!skip_prefix(name, "refs/", &name))
return 0;
- /* Skip the "refs/" part */
- name += 5;
- len -= 5;
-
/* REF_NORMAL means that we don't want the magic fake tag refs */
if ((flags & REF_NORMAL) && check_refname_format(name, 0))
return 0;
/* REF_HEADS means that we want regular branch heads */
- if ((flags & REF_HEADS) && !memcmp(name, "heads/", 6))
+ if ((flags & REF_HEADS) && starts_with(name, "heads/"))
return 1;
/* REF_TAGS means that we want tags */
- if ((flags & REF_TAGS) && !memcmp(name, "tags/", 5))
+ if ((flags & REF_TAGS) && starts_with(name, "tags/"))
return 1;
/* All type bits clear means that we are ok with anything */
int check_ref_type(const struct ref *ref, int flags)
{
- return check_ref(ref->name, strlen(ref->name), flags);
+ return check_ref(ref->name, flags);
}
static void die_initial_contact(int got_at_least_one_head)
parse_one_symref_info(&symref, val, len);
feature_list = val + 1;
}
- sort_string_list(&symref);
+ string_list_sort(&symref);
for (; ref; ref = ref->next) {
struct string_list_item *item;
server_capabilities = xstrdup(name + name_len + 1);
}
- if (extra_have &&
- name_len == 5 && !memcmp(".have", name, 5)) {
+ if (extra_have && !strcmp(name, ".have")) {
sha1_array_append(extra_have, old_sha1);
continue;
}
- if (!check_ref(name, name_len, flags))
+ if (!check_ref(name, flags))
continue;
ref = alloc_ref(buffer + 41);
hashcpy(ref->old_sha1, old_sha1);
get_host_and_port(&host, &port);
- proxy = xcalloc(1, sizeof(*proxy));
+ proxy = xmalloc(sizeof(*proxy));
+ child_process_init(proxy);
argv_array_push(&proxy->args, git_proxy_command);
argv_array_push(&proxy->args, host);
argv_array_push(&proxy->args, port);
return protocol;
}
-static struct child_process no_fork;
+static struct child_process no_fork = CHILD_PROCESS_INIT;
/*
* This returns a dummy child_process if the transport protocol does not
printf("Diag: path=%s\n", path ? path : "NULL");
conn = NULL;
} else if (protocol == PROTO_GIT) {
+ /*
+ * Set up virtual host information based on where we will
+ * connect, unless the user has overridden us in
+ * the environment.
+ */
+ char *target_host = getenv("GIT_OVERRIDE_VIRTUAL_HOST");
+ if (target_host)
+ target_host = xstrdup(target_host);
+ else
+ target_host = xstrdup(hostandport);
+
/* These underlying connection commands die() if they
* cannot connect.
*/
- char *target_host = xstrdup(hostandport);
if (git_use_proxy(hostandport))
conn = git_proxy_connect(fd, hostandport);
else
target_host, 0);
free(target_host);
} else {
- conn = xcalloc(1, sizeof(*conn));
+ conn = xmalloc(sizeof(*conn));
+ child_process_init(conn);
strbuf_addstr(&cmd, prog);
strbuf_addch(&cmd, ' ');
conn->in = conn->out = -1;
if (protocol == PROTO_SSH) {
- const char *ssh = getenv("GIT_SSH");
- int putty = ssh && strcasestr(ssh, "plink");
+ const char *ssh;
+ int putty;
char *ssh_host = hostandport;
const char *port = NULL;
get_host_and_port(&ssh_host, &port);
port = get_port_numeric(port);
- if (!ssh) ssh = "ssh";
+ ssh = getenv("GIT_SSH_COMMAND");
+ if (ssh) {
+ conn->use_shell = 1;
+ putty = 0;
+ } else {
+ ssh = getenv("GIT_SSH");
+ if (!ssh)
+ ssh = "ssh";
+ putty = !!strcasestr(ssh, "plink");
+ }
argv_array_push(&conn->args, ssh);
if (putty && !strcasestr(ssh, "tortoiseplink"))
int overridable;
};
-static struct daemon_service *service_looking_at;
-static int service_enabled;
-
-static int git_daemon_config(const char *var, const char *value, void *cb)
-{
- const char *service;
-
- if (skip_prefix(var, "daemon.", &service) &&
- !strcmp(service, service_looking_at->config_name)) {
- service_enabled = git_config_bool(var, value);
- return 0;
- }
-
- /* we are not interested in parsing any other configuration here */
- return 0;
-}
-
static int daemon_error(const char *dir, const char *msg)
{
if (!informative_errors)
static int run_access_hook(struct daemon_service *service, const char *dir, const char *path)
{
- struct child_process child;
+ struct child_process child = CHILD_PROCESS_INIT;
struct strbuf buf = STRBUF_INIT;
const char *argv[8];
const char **arg = argv;
*arg = NULL;
#undef STRARG
- memset(&child, 0, sizeof(child));
child.use_shell = 1;
child.argv = argv;
child.no_stdin = 1;
{
const char *path;
int enabled = service->enabled;
+ struct strbuf var = STRBUF_INIT;
loginfo("Request %s for '%s'", service->name, dir);
}
if (service->overridable) {
- service_looking_at = service;
- service_enabled = -1;
- git_config(git_daemon_config, NULL);
- if (0 <= service_enabled)
- enabled = service_enabled;
+ strbuf_addf(&var, "daemon.%s", service->config_name);
+ git_config_get_bool(var.buf, &enabled);
+ strbuf_release(&var);
}
if (!enabled) {
logerror("'%s': service not enabled for '%s'",
static int run_service_command(const char **argv)
{
- struct child_process cld;
+ struct child_process cld = CHILD_PROCESS_INIT;
- memset(&cld, 0, sizeof(cld));
cld.argv = argv;
cld.git_cmd = 1;
cld.err = -1;
}
}
+ /*
+ * Sanitize a string from the client so that it's OK to be inserted into a
+ * filesystem path. Specifically, we disallow slashes, runs of "..", and
+ * trailing and leading dots, which means that the client cannot escape
+ * our base path via ".." traversal.
+ */
+ static void sanitize_client_strbuf(struct strbuf *out, const char *in)
+ {
+ for (; *in; in++) {
+ if (*in == '/')
+ continue;
+ if (*in == '.' && (!out->len || out->buf[out->len - 1] == '.'))
+ continue;
+ strbuf_addch(out, *in);
+ }
+
+ while (out->len && out->buf[out->len - 1] == '.')
+ strbuf_setlen(out, out->len - 1);
+ }
+
+ static char *sanitize_client(const char *in)
+ {
+ struct strbuf out = STRBUF_INIT;
+ sanitize_client_strbuf(&out, in);
+ return strbuf_detach(&out, NULL);
+ }
+
+ /*
+ * Like sanitize_client, but we also perform any canonicalization
+ * to make life easier on the admin.
+ */
+ static char *canonicalize_client(const char *in)
+ {
+ struct strbuf out = STRBUF_INIT;
+ sanitize_client_strbuf(&out, in);
+ strbuf_tolower(&out);
+ return strbuf_detach(&out, NULL);
+ }
+
/*
* Read the host as supplied by the client connection.
*/
parse_host_and_port(val, &host, &port);
if (port) {
free(tcp_port);
- tcp_port = xstrdup(port);
+ tcp_port = sanitize_client(port);
}
free(hostname);
- hostname = xstrdup_tolower(host);
+ hostname = canonicalize_client(host);
}
/* On to the next one */
ip_address = xstrdup(addrbuf);
free(canon_hostname);
- canon_hostname = xstrdup(ai->ai_canonname ?
- ai->ai_canonname : ip_address);
+ canon_hostname = ai->ai_canonname ?
+ sanitize_client(ai->ai_canonname) :
+ xstrdup(ip_address);
freeaddrinfo(ai);
}
addrbuf, sizeof(addrbuf));
free(canon_hostname);
- canon_hostname = xstrdup(hent->h_name);
+ canon_hostname = sanitize_client(hent->h_name);
free(ip_address);
ip_address = xstrdup(addrbuf);
}
static char **cld_argv;
static void handle(int incoming, struct sockaddr *addr, socklen_t addrlen)
{
- struct child_process cld = { NULL };
+ struct child_process cld = CHILD_PROCESS_INIT;
char addrbuf[300] = "REMOTE_ADDR=", portbuf[300];
char *env[] = { addrbuf, portbuf, NULL };