upload-pack: tighten request validation.
[git/git.git] / upload-pack.c
CommitLineData
def88e9a
LT
1#include "cache.h"
2#include "refs.h"
3#include "pkt-line.h"
f6b42a81
JH
4#include "tag.h"
5#include "object.h"
def88e9a 6
960deccb 7static const char upload_pack_usage[] = "git-upload-pack [--strict] [--timeout=nn] <dir>";
def88e9a 8
565ebbf7
JH
9#define OUR_REF (1U << 1)
10#define WANTED (1U << 2)
6b32884a
JH
11#define MAX_HAS 256
12#define MAX_NEEDS 256
565ebbf7 13static int nr_has = 0, nr_needs = 0, nr_our_refs = 0;
fb9040cc
LT
14static unsigned char has_sha1[MAX_HAS][20];
15static unsigned char needs_sha1[MAX_NEEDS][20];
960deccb
PA
16static unsigned int timeout = 0;
17
18static void reset_timeout(void)
19{
20 alarm(timeout);
21}
fb9040cc 22
75bfc6c2
LT
23static int strip(char *line, int len)
24{
25 if (len && line[len-1] == '\n')
26 line[--len] = 0;
27 return len;
28}
29
fb9040cc
LT
30static void create_pack_file(void)
31{
75bfc6c2
LT
32 int fd[2];
33 pid_t pid;
565ebbf7 34 int create_full_pack = (nr_our_refs == nr_needs && !nr_has);
75bfc6c2
LT
35
36 if (pipe(fd) < 0)
37 die("git-upload-pack: unable to create pipe");
38 pid = fork();
39 if (pid < 0)
40 die("git-upload-pack: unable to fork git-rev-list");
41
42 if (!pid) {
43 int i;
e091eb93
JH
44 int args;
45 char **argv;
46 char *buf;
47 char **p;
48
565ebbf7
JH
49 if (create_full_pack)
50 args = 10;
e091eb93
JH
51 else
52 args = nr_has + nr_needs + 5;
53 argv = xmalloc(args * sizeof(char *));
54 buf = xmalloc(args * 45);
55 p = argv;
75bfc6c2
LT
56
57 dup2(fd[1], 1);
58 close(0);
59 close(fd[0]);
60 close(fd[1]);
61 *p++ = "git-rev-list";
62 *p++ = "--objects";
e091eb93
JH
63 if (MAX_NEEDS <= nr_needs)
64 *p++ = "--all";
65 else {
66 for (i = 0; i < nr_needs; i++) {
67 *p++ = buf;
68 memcpy(buf, sha1_to_hex(needs_sha1[i]), 41);
69 buf += 41;
70 }
75bfc6c2
LT
71 }
72 for (i = 0; i < nr_has; i++) {
73 *p++ = buf;
74 *buf++ = '^';
75 memcpy(buf, sha1_to_hex(has_sha1[i]), 41);
76 buf += 41;
77 }
78 *p++ = NULL;
79 execvp("git-rev-list", argv);
80 die("git-upload-pack: unable to exec git-rev-list");
81 }
82 dup2(fd[0], 0);
83 close(fd[0]);
84 close(fd[1]);
85 execlp("git-pack-objects", "git-pack-objects", "--stdout", NULL);
86 die("git-upload-pack: unable to exec git-pack-objects");
fb9040cc
LT
87}
88
def88e9a
LT
89static int got_sha1(char *hex, unsigned char *sha1)
90{
af2d3aa4 91 int nr;
def88e9a
LT
92 if (get_sha1_hex(hex, sha1))
93 die("git-upload-pack: expected SHA1 object, got '%s'", hex);
fb9040cc
LT
94 if (!has_sha1_file(sha1))
95 return 0;
af2d3aa4
JH
96 nr = nr_has;
97 if (nr < MAX_HAS) {
98 memcpy(has_sha1[nr], sha1, 20);
99 nr_has = nr+1;
fb9040cc
LT
100 }
101 return 1;
def88e9a
LT
102}
103
104static int get_common_commits(void)
105{
106 static char line[1000];
107 unsigned char sha1[20];
108 int len;
109
110 for(;;) {
111 len = packet_read_line(0, line, sizeof(line));
960deccb 112 reset_timeout();
def88e9a
LT
113
114 if (!len) {
af2d3aa4 115 packet_write(1, "NAK\n");
def88e9a
LT
116 continue;
117 }
75bfc6c2 118 len = strip(line, len);
def88e9a 119 if (!strncmp(line, "have ", 5)) {
af2d3aa4
JH
120 if (got_sha1(line+5, sha1)) {
121 packet_write(1, "ACK %s\n", sha1_to_hex(sha1));
122 break;
123 }
def88e9a
LT
124 continue;
125 }
126 if (!strcmp(line, "done")) {
127 packet_write(1, "NAK\n");
128 return -1;
129 }
130 die("git-upload-pack: expected SHA1 list, got '%s'", line);
131 }
af2d3aa4
JH
132
133 for (;;) {
134 len = packet_read_line(0, line, sizeof(line));
135 reset_timeout();
136 if (!len)
137 continue;
138 len = strip(line, len);
139 if (!strncmp(line, "have ", 5)) {
140 got_sha1(line+5, sha1);
141 continue;
142 }
143 if (!strcmp(line, "done"))
144 break;
145 die("git-upload-pack: expected SHA1 list, got '%s'", line);
146 }
147 return 0;
def88e9a
LT
148}
149
fb9040cc
LT
150static int receive_needs(void)
151{
152 static char line[1000];
153 int len, needs;
154
155 needs = 0;
156 for (;;) {
565ebbf7 157 struct object *o;
e091eb93 158 unsigned char dummy[20], *sha1_buf;
fb9040cc 159 len = packet_read_line(0, line, sizeof(line));
960deccb 160 reset_timeout();
fb9040cc
LT
161 if (!len)
162 return needs;
163
e091eb93
JH
164 sha1_buf = dummy;
165 if (needs == MAX_NEEDS) {
166 fprintf(stderr,
167 "warning: supporting only a max of %d requests. "
168 "sending everything instead.\n",
169 MAX_NEEDS);
170 }
171 else if (needs < MAX_NEEDS)
172 sha1_buf = needs_sha1[needs];
173
174 if (strncmp("want ", line, 5) || get_sha1_hex(line+5, sha1_buf))
175 die("git-upload-pack: protocol error, "
176 "expected to get sha, not '%s'", line);
565ebbf7
JH
177
178 /* We have sent all our refs already, and the other end
179 * should have chosen out of them; otherwise they are
180 * asking for nonsense.
181 *
182 * Hmph. We may later want to allow "want" line that
183 * asks for something like "master~10" (symbolic)...
184 * would it make sense? I don't know.
185 */
186 o = lookup_object(sha1_buf);
187 if (!o || !(o->flags & OUR_REF))
188 die("git-upload-pack: not our ref %s", line+5);
189 if (!(o->flags & WANTED)) {
190 o->flags |= WANTED;
191 needs++;
192 }
fb9040cc
LT
193 }
194}
195
def88e9a
LT
196static int send_ref(const char *refname, const unsigned char *sha1)
197{
f6b42a81
JH
198 struct object *o = parse_object(sha1);
199
def88e9a 200 packet_write(1, "%s %s\n", sha1_to_hex(sha1), refname);
565ebbf7
JH
201 if (!(o->flags & OUR_REF)) {
202 o->flags |= OUR_REF;
203 nr_our_refs++;
204 }
f6b42a81
JH
205 if (o->type == tag_type) {
206 o = deref_tag(o);
207 packet_write(1, "%s %s^{}\n", sha1_to_hex(o->sha1), refname);
208 }
def88e9a
LT
209 return 0;
210}
211
212static int upload_pack(void)
213{
960deccb 214 reset_timeout();
723c31fe 215 head_ref(send_ref);
def88e9a
LT
216 for_each_ref(send_ref);
217 packet_flush(1);
fb9040cc
LT
218 nr_needs = receive_needs();
219 if (!nr_needs)
220 return 0;
def88e9a 221 get_common_commits();
fb9040cc 222 create_pack_file();
def88e9a
LT
223 return 0;
224}
225
226int main(int argc, char **argv)
227{
228 const char *dir;
960deccb
PA
229 int i;
230 int strict = 0;
231
232 for (i = 1; i < argc; i++) {
233 char *arg = argv[i];
234
235 if (arg[0] != '-')
236 break;
237 if (!strcmp(arg, "--strict")) {
238 strict = 1;
239 continue;
240 }
241 if (!strncmp(arg, "--timeout=", 10)) {
242 timeout = atoi(arg+10);
243 continue;
244 }
245 if (!strcmp(arg, "--")) {
246 i++;
247 break;
248 }
249 }
250
251 if (i != argc-1)
def88e9a 252 usage(upload_pack_usage);
960deccb 253 dir = argv[i];
113b9475
LT
254
255 /* chdir to the directory. If that fails, try appending ".git" */
256 if (chdir(dir) < 0) {
960deccb 257 if (strict || chdir(mkpath("%s.git", dir)) < 0)
113b9475
LT
258 die("git-upload-pack unable to chdir to %s", dir);
259 }
960deccb
PA
260 if (!strict)
261 chdir(".git");
262
def88e9a
LT
263 if (access("objects", X_OK) || access("refs", X_OK))
264 die("git-upload-pack: %s doesn't seem to be a git archive", dir);
960deccb 265
e72a7d45 266 putenv("GIT_DIR=.");
def88e9a
LT
267 upload_pack();
268 return 0;
269}