archive: don't let remote clients get unreachable commits

author Jeff King <peff@peff.net>
Thu, 17 Nov 2011 23:04:22 +0000 (18:04 -0500)

committer Junio C Hamano <gitster@pobox.com>
Mon, 21 Nov 2011 22:42:25 +0000 (14:42 -0800)
author: Jeff King <peff@peff.net>
Thu, 17 Nov 2011 23:04:22 +0000 (18:04 -0500)
committer: Junio C Hamano <gitster@pobox.com>
Mon, 21 Nov 2011 22:42:25 +0000 (14:42 -0800)
diff --git a/archive.c b/archive.c

index e6de0397cc82ae97018cbf4fc82d5697ec4d915d..251d69e153b2b548a9c41953652479c818fd81aa 100644 (file)
--- a/archive.c
+++ b/archive.c
@@ -196,7 +196,8 @@ static void parse_pathspec_arg(const char **pathspec,
  }
  
  static void parse_treeish_arg(const char **argv,
-               struct archiver_args *ar_args, const char *prefix)
+               struct archiver_args *ar_args, const char *prefix,
+               int remote)
  {
         const char *name = argv[0];
         const unsigned char *commit_sha1;
@@ -205,8 +206,17 @@ static void parse_treeish_arg(const char **argv,
         const struct commit *commit;
         unsigned char sha1[20];
  
-       if (get_sha1(name, sha1))
-               die("Not a valid object name");
+       /* Remotes are only allowed to fetch actual refs */
+       if (remote) {
+               char *ref = NULL;
+               if (!dwim_ref(name, strlen(name), sha1, &ref))
+                       die("no such ref: %s", name);
+               free(ref);
+       }
+       else {
+               if (get_sha1(name, sha1))
+                       die("Not a valid object name");
+       }
  
         commit = lookup_commit_reference_gently(sha1, 1);
         if (commit) {
@@ -324,7 +334,7 @@ static int parse_archive_args(int argc, const char **argv,
  }
  
  int write_archive(int argc, const char **argv, const char *prefix,
-               int setup_prefix)
+                 int setup_prefix, int remote)
  {
         const struct archiver *ar = NULL;
         struct archiver_args args;
@@ -333,7 +343,7 @@ int write_archive(int argc, const char **argv, const char *prefix,
         if (setup_prefix && prefix == NULL)
                 prefix = setup_git_directory();
  
-       parse_treeish_arg(argv, &args, prefix);
+       parse_treeish_arg(argv, &args, prefix, remote);
         parse_pathspec_arg(argv + 1, &args);
  
         git_config(git_default_config, NULL);
diff --git a/archive.h b/archive.h

index 0b15b35143fffcc13764e4e668ee452b191cc609..9375057d72bb732f999bdaa75a394d46accf6f2e 100644 (file)
--- a/archive.h
+++ b/archive.h
@@ -24,6 +24,7 @@ extern int write_tar_archive(struct archiver_args *);
  extern int write_zip_archive(struct archiver_args *);
  
  extern int write_archive_entries(struct archiver_args *args, write_archive_entry_fn_t write_entry);
-extern int write_archive(int argc, const char **argv, const char *prefix, int setup_prefix);
+extern int write_archive(int argc, const char **argv, const char *prefix,
+                        int setup_prefix, int remote);
  
  #endif /* ARCHIVE_H */
diff --git a/builtin-archive.c b/builtin-archive.c

index 5ceec433fd590e8bf6a51700ea69c37f9af30fa7..a081a6bf17b6dec41f0ba08f40cd71d365fba138 100644 (file)
--- a/builtin-archive.c
+++ b/builtin-archive.c
@@ -117,5 +117,5 @@ int cmd_archive(int argc, const char **argv, const char *prefix)
  
         setvbuf(stderr, NULL, _IOLBF, BUFSIZ);
  
-       return write_archive(argc, argv, prefix, 1);
+       return write_archive(argc, argv, prefix, 1, 0);
  }
diff --git a/builtin-upload-archive.c b/builtin-upload-archive.c

index a9b02fa32f372a6810867c10560a20d58b5b2a91..47efadc46554982f8b35029d8b0b6e45dcc0b60d 100644 (file)
--- a/builtin-upload-archive.c
+++ b/builtin-upload-archive.c
@@ -64,7 +64,7 @@ static int run_upload_archive(int argc, const char **argv, const char *prefix)
         sent_argv[sent_argc] = NULL;
  
         /* parse all options sent by the client */
-       return write_archive(sent_argc, sent_argv, prefix, 0);
+       return write_archive(sent_argc, sent_argv, prefix, 0, 1);
  }
  
  static void error_clnt(const char *fmt, ...)
diff --git a/t/t5000-tar-tree.sh b/t/t5000-tar-tree.sh

index c942c8be85339157e22f755d8fc94e64efaee4dd..1a2ee105a464ad007727cb2e4bd42de686c0d005 100755 (executable)
--- a/t/t5000-tar-tree.sh
+++ b/t/t5000-tar-tree.sh
@@ -213,4 +213,12 @@ test_expect_success \
      'git archive --list outside of a git repo' \
      'GIT_DIR=some/non-existing/directory git archive --list'
  
+test_expect_success 'clients cannot access unreachable commits' '
+       test_commit unreachable &&
+       sha1=`git rev-parse HEAD` &&
+       git reset --hard HEAD^ &&
+       git archive $sha1 >remote.tar &&
+       test_must_fail git archive --remote=. $sha1 >remote.tar
+'
+
  test_done
author	Jeff King <peff@peff.net>
author	Thu, 17 Nov 2011 23:04:22 +0000 (18:04 -0500)
committer	Junio C Hamano <gitster@pobox.com>
committer	Mon, 21 Nov 2011 22:42:25 +0000 (14:42 -0800)
archive.c		patch \| blob \| history
archive.h		patch \| blob \| history
builtin-archive.c		patch \| blob \| history
builtin-upload-archive.c		patch \| blob \| history
t/t5000-tar-tree.sh		patch \| blob \| history