Fix potential command line overflow in hooks--update
[debian-git.git] / connect.c
blob78448889da3f11fa28aacad17d3044a1c0df7e54
1 #include "git-compat-util.h"
2 #include "cache.h"
3 #include "pkt-line.h"
4 #include "quote.h"
5 #include "refs.h"
7 static char *server_capabilities;
9 static int check_ref(const char *name, int len, unsigned int flags)
11 if (!flags)
12 return 1;
14 if (len < 5 || memcmp(name, "refs/", 5))
15 return 0;
17 /* Skip the "refs/" part */
18 name += 5;
19 len -= 5;
21 /* REF_NORMAL means that we don't want the magic fake tag refs */
22 if ((flags & REF_NORMAL) && check_ref_format(name) < 0)
23 return 0;
25 /* REF_HEADS means that we want regular branch heads */
26 if ((flags & REF_HEADS) && !memcmp(name, "heads/", 6))
27 return 1;
29 /* REF_TAGS means that we want tags */
30 if ((flags & REF_TAGS) && !memcmp(name, "tags/", 5))
31 return 1;
33 /* All type bits clear means that we are ok with anything */
34 return !(flags & ~REF_NORMAL);
38 * Read all the refs from the other end
40 struct ref **get_remote_heads(int in, struct ref **list,
41 int nr_match, char **match,
42 unsigned int flags)
44 *list = NULL;
45 for (;;) {
46 struct ref *ref;
47 unsigned char old_sha1[20];
48 static char buffer[1000];
49 char *name;
50 int len, name_len;
52 len = packet_read_line(in, buffer, sizeof(buffer));
53 if (!len)
54 break;
55 if (buffer[len-1] == '\n')
56 buffer[--len] = 0;
58 if (len < 42 || get_sha1_hex(buffer, old_sha1) || buffer[40] != ' ')
59 die("protocol error: expected sha/ref, got '%s'", buffer);
60 name = buffer + 41;
62 name_len = strlen(name);
63 if (len != name_len + 41) {
64 if (server_capabilities)
65 free(server_capabilities);
66 server_capabilities = xstrdup(name + name_len + 1);
69 if (!check_ref(name, name_len, flags))
70 continue;
71 if (nr_match && !path_match(name, nr_match, match))
72 continue;
73 ref = xcalloc(1, sizeof(*ref) + len - 40);
74 hashcpy(ref->old_sha1, old_sha1);
75 memcpy(ref->name, buffer + 41, len - 40);
76 *list = ref;
77 list = &ref->next;
79 return list;
82 int server_supports(const char *feature)
84 return server_capabilities &&
85 strstr(server_capabilities, feature) != NULL;
88 int get_ack(int fd, unsigned char *result_sha1)
90 static char line[1000];
91 int len = packet_read_line(fd, line, sizeof(line));
93 if (!len)
94 die("git-fetch-pack: expected ACK/NAK, got EOF");
95 if (line[len-1] == '\n')
96 line[--len] = 0;
97 if (!strcmp(line, "NAK"))
98 return 0;
99 if (!strncmp(line, "ACK ", 4)) {
100 if (!get_sha1_hex(line+4, result_sha1)) {
101 if (strstr(line+45, "continue"))
102 return 2;
103 return 1;
106 die("git-fetch_pack: expected ACK/NAK, got '%s'", line);
109 int path_match(const char *path, int nr, char **match)
111 int i;
112 int pathlen = strlen(path);
114 for (i = 0; i < nr; i++) {
115 char *s = match[i];
116 int len = strlen(s);
118 if (!len || len > pathlen)
119 continue;
120 if (memcmp(path + pathlen - len, s, len))
121 continue;
122 if (pathlen > len && path[pathlen - len - 1] != '/')
123 continue;
124 *s = 0;
125 return (i + 1);
127 return 0;
130 struct refspec {
131 char *src;
132 char *dst;
133 char force;
137 * A:B means fast forward remote B with local A.
138 * +A:B means overwrite remote B with local A.
139 * +A is a shorthand for +A:A.
140 * A is a shorthand for A:A.
141 * :B means delete remote B.
143 static struct refspec *parse_ref_spec(int nr_refspec, char **refspec)
145 int i;
146 struct refspec *rs = xcalloc(sizeof(*rs), (nr_refspec + 1));
147 for (i = 0; i < nr_refspec; i++) {
148 char *sp, *dp, *ep;
149 sp = refspec[i];
150 if (*sp == '+') {
151 rs[i].force = 1;
152 sp++;
154 ep = strchr(sp, ':');
155 if (ep) {
156 dp = ep + 1;
157 *ep = 0;
159 else
160 dp = sp;
161 rs[i].src = sp;
162 rs[i].dst = dp;
164 rs[nr_refspec].src = rs[nr_refspec].dst = NULL;
165 return rs;
168 static int count_refspec_match(const char *pattern,
169 struct ref *refs,
170 struct ref **matched_ref)
172 int patlen = strlen(pattern);
173 struct ref *matched_weak = NULL;
174 struct ref *matched = NULL;
175 int weak_match = 0;
176 int match = 0;
178 for (weak_match = match = 0; refs; refs = refs->next) {
179 char *name = refs->name;
180 int namelen = strlen(name);
181 int weak_match;
183 if (namelen < patlen ||
184 memcmp(name + namelen - patlen, pattern, patlen))
185 continue;
186 if (namelen != patlen && name[namelen - patlen - 1] != '/')
187 continue;
189 /* A match is "weak" if it is with refs outside
190 * heads or tags, and did not specify the pattern
191 * in full (e.g. "refs/remotes/origin/master") or at
192 * least from the toplevel (e.g. "remotes/origin/master");
193 * otherwise "git push $URL master" would result in
194 * ambiguity between remotes/origin/master and heads/master
195 * at the remote site.
197 if (namelen != patlen &&
198 patlen != namelen - 5 &&
199 strncmp(name, "refs/heads/", 11) &&
200 strncmp(name, "refs/tags/", 10)) {
201 /* We want to catch the case where only weak
202 * matches are found and there are multiple
203 * matches, and where more than one strong
204 * matches are found, as ambiguous. One
205 * strong match with zero or more weak matches
206 * are acceptable as a unique match.
208 matched_weak = refs;
209 weak_match++;
211 else {
212 matched = refs;
213 match++;
216 if (!matched) {
217 *matched_ref = matched_weak;
218 return weak_match;
220 else {
221 *matched_ref = matched;
222 return match;
226 static void link_dst_tail(struct ref *ref, struct ref ***tail)
228 **tail = ref;
229 *tail = &ref->next;
230 **tail = NULL;
233 static struct ref *try_explicit_object_name(const char *name)
235 unsigned char sha1[20];
236 struct ref *ref;
237 int len;
239 if (!*name) {
240 ref = xcalloc(1, sizeof(*ref) + 20);
241 strcpy(ref->name, "(delete)");
242 hashclr(ref->new_sha1);
243 return ref;
245 if (get_sha1(name, sha1))
246 return NULL;
247 len = strlen(name) + 1;
248 ref = xcalloc(1, sizeof(*ref) + len);
249 memcpy(ref->name, name, len);
250 hashcpy(ref->new_sha1, sha1);
251 return ref;
254 static int match_explicit_refs(struct ref *src, struct ref *dst,
255 struct ref ***dst_tail, struct refspec *rs)
257 int i, errs;
258 for (i = errs = 0; rs[i].src; i++) {
259 struct ref *matched_src, *matched_dst;
261 matched_src = matched_dst = NULL;
262 switch (count_refspec_match(rs[i].src, src, &matched_src)) {
263 case 1:
264 break;
265 case 0:
266 /* The source could be in the get_sha1() format
267 * not a reference name. :refs/other is a
268 * way to delete 'other' ref at the remote end.
270 matched_src = try_explicit_object_name(rs[i].src);
271 if (matched_src)
272 break;
273 errs = 1;
274 error("src refspec %s does not match any.",
275 rs[i].src);
276 break;
277 default:
278 errs = 1;
279 error("src refspec %s matches more than one.",
280 rs[i].src);
281 break;
283 switch (count_refspec_match(rs[i].dst, dst, &matched_dst)) {
284 case 1:
285 break;
286 case 0:
287 if (!memcmp(rs[i].dst, "refs/", 5)) {
288 int len = strlen(rs[i].dst) + 1;
289 matched_dst = xcalloc(1, sizeof(*dst) + len);
290 memcpy(matched_dst->name, rs[i].dst, len);
291 link_dst_tail(matched_dst, dst_tail);
293 else if (!strcmp(rs[i].src, rs[i].dst) &&
294 matched_src) {
295 /* pushing "master:master" when
296 * remote does not have master yet.
298 int len = strlen(matched_src->name) + 1;
299 matched_dst = xcalloc(1, sizeof(*dst) + len);
300 memcpy(matched_dst->name, matched_src->name,
301 len);
302 link_dst_tail(matched_dst, dst_tail);
304 else {
305 errs = 1;
306 error("dst refspec %s does not match any "
307 "existing ref on the remote and does "
308 "not start with refs/.", rs[i].dst);
310 break;
311 default:
312 errs = 1;
313 error("dst refspec %s matches more than one.",
314 rs[i].dst);
315 break;
317 if (errs)
318 continue;
319 if (matched_dst->peer_ref) {
320 errs = 1;
321 error("dst ref %s receives from more than one src.",
322 matched_dst->name);
324 else {
325 matched_dst->peer_ref = matched_src;
326 matched_dst->force = rs[i].force;
329 return -errs;
332 static struct ref *find_ref_by_name(struct ref *list, const char *name)
334 for ( ; list; list = list->next)
335 if (!strcmp(list->name, name))
336 return list;
337 return NULL;
340 int match_refs(struct ref *src, struct ref *dst, struct ref ***dst_tail,
341 int nr_refspec, char **refspec, int all)
343 struct refspec *rs = parse_ref_spec(nr_refspec, refspec);
345 if (nr_refspec)
346 return match_explicit_refs(src, dst, dst_tail, rs);
348 /* pick the remainder */
349 for ( ; src; src = src->next) {
350 struct ref *dst_peer;
351 if (src->peer_ref)
352 continue;
353 dst_peer = find_ref_by_name(dst, src->name);
354 if ((dst_peer && dst_peer->peer_ref) || (!dst_peer && !all))
355 continue;
356 if (!dst_peer) {
357 /* Create a new one and link it */
358 int len = strlen(src->name) + 1;
359 dst_peer = xcalloc(1, sizeof(*dst_peer) + len);
360 memcpy(dst_peer->name, src->name, len);
361 hashcpy(dst_peer->new_sha1, src->new_sha1);
362 link_dst_tail(dst_peer, dst_tail);
364 dst_peer->peer_ref = src;
366 return 0;
369 enum protocol {
370 PROTO_LOCAL = 1,
371 PROTO_SSH,
372 PROTO_GIT,
375 static enum protocol get_protocol(const char *name)
377 if (!strcmp(name, "ssh"))
378 return PROTO_SSH;
379 if (!strcmp(name, "git"))
380 return PROTO_GIT;
381 if (!strcmp(name, "git+ssh"))
382 return PROTO_SSH;
383 if (!strcmp(name, "ssh+git"))
384 return PROTO_SSH;
385 die("I don't handle protocol '%s'", name);
388 #define STR_(s) # s
389 #define STR(s) STR_(s)
391 #ifndef NO_IPV6
394 * Returns a connected socket() fd, or else die()s.
396 static int git_tcp_connect_sock(char *host)
398 int sockfd = -1, saved_errno = 0;
399 char *colon, *end;
400 const char *port = STR(DEFAULT_GIT_PORT);
401 struct addrinfo hints, *ai0, *ai;
402 int gai;
404 if (host[0] == '[') {
405 end = strchr(host + 1, ']');
406 if (end) {
407 *end = 0;
408 end++;
409 host++;
410 } else
411 end = host;
412 } else
413 end = host;
414 colon = strchr(end, ':');
416 if (colon) {
417 *colon = 0;
418 port = colon + 1;
421 memset(&hints, 0, sizeof(hints));
422 hints.ai_socktype = SOCK_STREAM;
423 hints.ai_protocol = IPPROTO_TCP;
425 gai = getaddrinfo(host, port, &hints, &ai);
426 if (gai)
427 die("Unable to look up %s (%s)", host, gai_strerror(gai));
429 for (ai0 = ai; ai; ai = ai->ai_next) {
430 sockfd = socket(ai->ai_family,
431 ai->ai_socktype, ai->ai_protocol);
432 if (sockfd < 0) {
433 saved_errno = errno;
434 continue;
436 if (connect(sockfd, ai->ai_addr, ai->ai_addrlen) < 0) {
437 saved_errno = errno;
438 close(sockfd);
439 sockfd = -1;
440 continue;
442 break;
445 freeaddrinfo(ai0);
447 if (sockfd < 0)
448 die("unable to connect a socket (%s)", strerror(saved_errno));
450 return sockfd;
453 #else /* NO_IPV6 */
456 * Returns a connected socket() fd, or else die()s.
458 static int git_tcp_connect_sock(char *host)
460 int sockfd = -1, saved_errno = 0;
461 char *colon, *end;
462 char *port = STR(DEFAULT_GIT_PORT), *ep;
463 struct hostent *he;
464 struct sockaddr_in sa;
465 char **ap;
466 unsigned int nport;
468 if (host[0] == '[') {
469 end = strchr(host + 1, ']');
470 if (end) {
471 *end = 0;
472 end++;
473 host++;
474 } else
475 end = host;
476 } else
477 end = host;
478 colon = strchr(end, ':');
480 if (colon) {
481 *colon = 0;
482 port = colon + 1;
485 he = gethostbyname(host);
486 if (!he)
487 die("Unable to look up %s (%s)", host, hstrerror(h_errno));
488 nport = strtoul(port, &ep, 10);
489 if ( ep == port || *ep ) {
490 /* Not numeric */
491 struct servent *se = getservbyname(port,"tcp");
492 if ( !se )
493 die("Unknown port %s\n", port);
494 nport = se->s_port;
497 for (ap = he->h_addr_list; *ap; ap++) {
498 sockfd = socket(he->h_addrtype, SOCK_STREAM, 0);
499 if (sockfd < 0) {
500 saved_errno = errno;
501 continue;
504 memset(&sa, 0, sizeof sa);
505 sa.sin_family = he->h_addrtype;
506 sa.sin_port = htons(nport);
507 memcpy(&sa.sin_addr, *ap, he->h_length);
509 if (connect(sockfd, (struct sockaddr *)&sa, sizeof sa) < 0) {
510 saved_errno = errno;
511 close(sockfd);
512 sockfd = -1;
513 continue;
515 break;
518 if (sockfd < 0)
519 die("unable to connect a socket (%s)", strerror(saved_errno));
521 return sockfd;
524 #endif /* NO_IPV6 */
527 static void git_tcp_connect(int fd[2], char *host)
529 int sockfd = git_tcp_connect_sock(host);
531 fd[0] = sockfd;
532 fd[1] = dup(sockfd);
536 static char *git_proxy_command;
537 static const char *rhost_name;
538 static int rhost_len;
540 static int git_proxy_command_options(const char *var, const char *value)
542 if (!strcmp(var, "core.gitproxy")) {
543 const char *for_pos;
544 int matchlen = -1;
545 int hostlen;
547 if (git_proxy_command)
548 return 0;
549 /* [core]
550 * ;# matches www.kernel.org as well
551 * gitproxy = netcatter-1 for kernel.org
552 * gitproxy = netcatter-2 for sample.xz
553 * gitproxy = netcatter-default
555 for_pos = strstr(value, " for ");
556 if (!for_pos)
557 /* matches everybody */
558 matchlen = strlen(value);
559 else {
560 hostlen = strlen(for_pos + 5);
561 if (rhost_len < hostlen)
562 matchlen = -1;
563 else if (!strncmp(for_pos + 5,
564 rhost_name + rhost_len - hostlen,
565 hostlen) &&
566 ((rhost_len == hostlen) ||
567 rhost_name[rhost_len - hostlen -1] == '.'))
568 matchlen = for_pos - value;
569 else
570 matchlen = -1;
572 if (0 <= matchlen) {
573 /* core.gitproxy = none for kernel.org */
574 if (matchlen == 4 &&
575 !memcmp(value, "none", 4))
576 matchlen = 0;
577 git_proxy_command = xmalloc(matchlen + 1);
578 memcpy(git_proxy_command, value, matchlen);
579 git_proxy_command[matchlen] = 0;
581 return 0;
584 return git_default_config(var, value);
587 static int git_use_proxy(const char *host)
589 rhost_name = host;
590 rhost_len = strlen(host);
591 git_proxy_command = getenv("GIT_PROXY_COMMAND");
592 git_config(git_proxy_command_options);
593 rhost_name = NULL;
594 return (git_proxy_command && *git_proxy_command);
597 static void git_proxy_connect(int fd[2], char *host)
599 const char *port = STR(DEFAULT_GIT_PORT);
600 char *colon, *end;
601 int pipefd[2][2];
602 pid_t pid;
604 if (host[0] == '[') {
605 end = strchr(host + 1, ']');
606 if (end) {
607 *end = 0;
608 end++;
609 host++;
610 } else
611 end = host;
612 } else
613 end = host;
614 colon = strchr(end, ':');
616 if (colon) {
617 *colon = 0;
618 port = colon + 1;
621 if (pipe(pipefd[0]) < 0 || pipe(pipefd[1]) < 0)
622 die("unable to create pipe pair for communication");
623 pid = fork();
624 if (!pid) {
625 dup2(pipefd[1][0], 0);
626 dup2(pipefd[0][1], 1);
627 close(pipefd[0][0]);
628 close(pipefd[0][1]);
629 close(pipefd[1][0]);
630 close(pipefd[1][1]);
631 execlp(git_proxy_command, git_proxy_command, host, port, NULL);
632 die("exec failed");
634 if (pid < 0)
635 die("fork failed");
636 fd[0] = pipefd[0][0];
637 fd[1] = pipefd[1][1];
638 close(pipefd[0][1]);
639 close(pipefd[1][0]);
642 #define MAX_CMD_LEN 1024
645 * This returns 0 if the transport protocol does not need fork(2),
646 * or a process id if it does. Once done, finish the connection
647 * with finish_connect() with the value returned from this function
648 * (it is safe to call finish_connect() with 0 to support the former
649 * case).
651 * Does not return a negative value on error; it just dies.
653 pid_t git_connect(int fd[2], char *url, const char *prog)
655 char *host, *path = url;
656 char *end;
657 int c;
658 int pipefd[2][2];
659 pid_t pid;
660 enum protocol protocol = PROTO_LOCAL;
661 int free_path = 0;
663 /* Without this we cannot rely on waitpid() to tell
664 * what happened to our children.
666 signal(SIGCHLD, SIG_DFL);
668 host = strstr(url, "://");
669 if(host) {
670 *host = '\0';
671 protocol = get_protocol(url);
672 host += 3;
673 c = '/';
674 } else {
675 host = url;
676 c = ':';
679 if (host[0] == '[') {
680 end = strchr(host + 1, ']');
681 if (end) {
682 *end = 0;
683 end++;
684 host++;
685 } else
686 end = host;
687 } else
688 end = host;
690 path = strchr(end, c);
691 if (c == ':') {
692 if (path) {
693 protocol = PROTO_SSH;
694 *path++ = '\0';
695 } else
696 path = host;
699 if (!path || !*path)
700 die("No path specified. See 'man git-pull' for valid url syntax");
703 * null-terminate hostname and point path to ~ for URL's like this:
704 * ssh://host.xz/~user/repo
706 if (protocol != PROTO_LOCAL && host != url) {
707 char *ptr = path;
708 if (path[1] == '~')
709 path++;
710 else {
711 path = xstrdup(ptr);
712 free_path = 1;
715 *ptr = '\0';
718 if (protocol == PROTO_GIT) {
719 /* These underlying connection commands die() if they
720 * cannot connect.
722 char *target_host = xstrdup(host);
723 if (git_use_proxy(host))
724 git_proxy_connect(fd, host);
725 else
726 git_tcp_connect(fd, host);
728 * Separate original protocol components prog and path
729 * from extended components with a NUL byte.
731 packet_write(fd[1],
732 "%s %s%chost=%s%c",
733 prog, path, 0,
734 target_host, 0);
735 free(target_host);
736 if (free_path)
737 free(path);
738 return 0;
741 if (pipe(pipefd[0]) < 0 || pipe(pipefd[1]) < 0)
742 die("unable to create pipe pair for communication");
743 pid = fork();
744 if (pid < 0)
745 die("unable to fork");
746 if (!pid) {
747 char command[MAX_CMD_LEN];
748 char *posn = command;
749 int size = MAX_CMD_LEN;
750 int of = 0;
752 of |= add_to_string(&posn, &size, prog, 0);
753 of |= add_to_string(&posn, &size, " ", 0);
754 of |= add_to_string(&posn, &size, path, 1);
756 if (of)
757 die("command line too long");
759 dup2(pipefd[1][0], 0);
760 dup2(pipefd[0][1], 1);
761 close(pipefd[0][0]);
762 close(pipefd[0][1]);
763 close(pipefd[1][0]);
764 close(pipefd[1][1]);
765 if (protocol == PROTO_SSH) {
766 const char *ssh, *ssh_basename;
767 ssh = getenv("GIT_SSH");
768 if (!ssh) ssh = "ssh";
769 ssh_basename = strrchr(ssh, '/');
770 if (!ssh_basename)
771 ssh_basename = ssh;
772 else
773 ssh_basename++;
774 execlp(ssh, ssh_basename, host, command, NULL);
776 else {
777 unsetenv(ALTERNATE_DB_ENVIRONMENT);
778 unsetenv(DB_ENVIRONMENT);
779 unsetenv(GIT_DIR_ENVIRONMENT);
780 unsetenv(GRAFT_ENVIRONMENT);
781 unsetenv(INDEX_ENVIRONMENT);
782 execlp("sh", "sh", "-c", command, NULL);
784 die("exec failed");
786 fd[0] = pipefd[0][0];
787 fd[1] = pipefd[1][1];
788 close(pipefd[0][1]);
789 close(pipefd[1][0]);
790 if (free_path)
791 free(path);
792 return pid;
795 int finish_connect(pid_t pid)
797 if (pid == 0)
798 return 0;
800 while (waitpid(pid, NULL, 0) < 0) {
801 if (errno != EINTR)
802 return -1;
804 return 0;