Fix potential command line overflow in hooks--update
[debian-git.git] / upload-pack.c
blob3648aae1a777aec4bba77b40b9cf6da484190441
1 #include "cache.h"
2 #include "refs.h"
3 #include "pkt-line.h"
4 #include "sideband.h"
5 #include "tag.h"
6 #include "object.h"
7 #include "commit.h"
8 #include "exec_cmd.h"
9 #include "diff.h"
10 #include "revision.h"
11 #include "list-objects.h"
13 static const char upload_pack_usage[] = "git-upload-pack [--strict] [--timeout=nn] <dir>";
15 /* bits #0..7 in revision.h, #8..10 in commit.c */
16 #define THEY_HAVE (1u << 11)
17 #define OUR_REF (1u << 12)
18 #define WANTED (1u << 13)
19 #define COMMON_KNOWN (1u << 14)
20 #define REACHABLE (1u << 15)
22 #define SHALLOW (1u << 16)
23 #define NOT_SHALLOW (1u << 17)
24 #define CLIENT_SHALLOW (1u << 18)
26 static unsigned long oldest_have;
28 static int multi_ack, nr_our_refs;
29 static int use_thin_pack, use_ofs_delta;
30 static struct object_array have_obj;
31 static struct object_array want_obj;
32 static unsigned int timeout;
33 /* 0 for no sideband,
34 * otherwise maximum packet size (up to 65520 bytes).
36 static int use_sideband;
38 static void reset_timeout(void)
40 alarm(timeout);
43 static int strip(char *line, int len)
45 if (len && line[len-1] == '\n')
46 line[--len] = 0;
47 return len;
50 static ssize_t send_client_data(int fd, const char *data, ssize_t sz)
52 if (use_sideband)
53 return send_sideband(1, fd, data, sz, use_sideband);
54 if (fd == 3)
55 /* emergency quit */
56 fd = 2;
57 if (fd == 2) {
58 /* XXX: are we happy to lose stuff here? */
59 xwrite(fd, data, sz);
60 return sz;
62 return safe_write(fd, data, sz);
65 FILE *pack_pipe = NULL;
66 static void show_commit(struct commit *commit)
68 if (commit->object.flags & BOUNDARY)
69 fputc('-', pack_pipe);
70 if (fputs(sha1_to_hex(commit->object.sha1), pack_pipe) < 0)
71 die("broken output pipe");
72 fputc('\n', pack_pipe);
73 fflush(pack_pipe);
74 free(commit->buffer);
75 commit->buffer = NULL;
78 static void show_object(struct object_array_entry *p)
80 /* An object with name "foo\n0000000..." can be used to
81 * confuse downstream git-pack-objects very badly.
83 const char *ep = strchr(p->name, '\n');
84 if (ep) {
85 fprintf(pack_pipe, "%s %.*s\n", sha1_to_hex(p->item->sha1),
86 (int) (ep - p->name),
87 p->name);
89 else
90 fprintf(pack_pipe, "%s %s\n",
91 sha1_to_hex(p->item->sha1), p->name);
94 static void show_edge(struct commit *commit)
96 fprintf(pack_pipe, "-%s\n", sha1_to_hex(commit->object.sha1));
99 static void create_pack_file(void)
101 /* Pipes between rev-list to pack-objects, pack-objects to us
102 * and pack-objects error stream for progress bar.
104 int lp_pipe[2], pu_pipe[2], pe_pipe[2];
105 pid_t pid_rev_list, pid_pack_objects;
106 int create_full_pack = (nr_our_refs == want_obj.nr && !have_obj.nr);
107 char data[8193], progress[128];
108 char abort_msg[] = "aborting due to possible repository "
109 "corruption on the remote side.";
110 int buffered = -1;
112 if (pipe(lp_pipe) < 0)
113 die("git-upload-pack: unable to create pipe");
114 pid_rev_list = fork();
115 if (pid_rev_list < 0)
116 die("git-upload-pack: unable to fork git-rev-list");
118 if (!pid_rev_list) {
119 int i;
120 struct rev_info revs;
122 pack_pipe = fdopen(lp_pipe[1], "w");
124 if (create_full_pack)
125 use_thin_pack = 0; /* no point doing it */
126 init_revisions(&revs, NULL);
127 revs.tag_objects = 1;
128 revs.tree_objects = 1;
129 revs.blob_objects = 1;
130 if (use_thin_pack)
131 revs.edge_hint = 1;
133 if (create_full_pack) {
134 const char *args[] = {"rev-list", "--all", NULL};
135 setup_revisions(2, args, &revs, NULL);
136 } else {
137 for (i = 0; i < want_obj.nr; i++) {
138 struct object *o = want_obj.objects[i].item;
139 /* why??? */
140 o->flags &= ~UNINTERESTING;
141 add_pending_object(&revs, o, NULL);
143 for (i = 0; i < have_obj.nr; i++) {
144 struct object *o = have_obj.objects[i].item;
145 o->flags |= UNINTERESTING;
146 add_pending_object(&revs, o, NULL);
148 setup_revisions(0, NULL, &revs, NULL);
150 prepare_revision_walk(&revs);
151 mark_edges_uninteresting(revs.commits, &revs, show_edge);
152 traverse_commit_list(&revs, show_commit, show_object);
153 exit(0);
156 if (pipe(pu_pipe) < 0)
157 die("git-upload-pack: unable to create pipe");
158 if (pipe(pe_pipe) < 0)
159 die("git-upload-pack: unable to create pipe");
160 pid_pack_objects = fork();
161 if (pid_pack_objects < 0) {
162 /* daemon sets things up to ignore TERM */
163 kill(pid_rev_list, SIGKILL);
164 die("git-upload-pack: unable to fork git-pack-objects");
166 if (!pid_pack_objects) {
167 dup2(lp_pipe[0], 0);
168 dup2(pu_pipe[1], 1);
169 dup2(pe_pipe[1], 2);
171 close(lp_pipe[0]);
172 close(lp_pipe[1]);
173 close(pu_pipe[0]);
174 close(pu_pipe[1]);
175 close(pe_pipe[0]);
176 close(pe_pipe[1]);
177 execl_git_cmd("pack-objects", "--stdout", "--progress",
178 use_ofs_delta ? "--delta-base-offset" : NULL,
179 NULL);
180 kill(pid_rev_list, SIGKILL);
181 die("git-upload-pack: unable to exec git-pack-objects");
184 close(lp_pipe[0]);
185 close(lp_pipe[1]);
187 /* We read from pe_pipe[0] to capture stderr output for
188 * progress bar, and pu_pipe[0] to capture the pack data.
190 close(pe_pipe[1]);
191 close(pu_pipe[1]);
193 while (1) {
194 const char *who;
195 struct pollfd pfd[2];
196 pid_t pid;
197 int status;
198 ssize_t sz;
199 int pe, pu, pollsize;
201 reset_timeout();
203 pollsize = 0;
204 pe = pu = -1;
206 if (0 <= pu_pipe[0]) {
207 pfd[pollsize].fd = pu_pipe[0];
208 pfd[pollsize].events = POLLIN;
209 pu = pollsize;
210 pollsize++;
212 if (0 <= pe_pipe[0]) {
213 pfd[pollsize].fd = pe_pipe[0];
214 pfd[pollsize].events = POLLIN;
215 pe = pollsize;
216 pollsize++;
219 if (pollsize) {
220 if (poll(pfd, pollsize, -1) < 0) {
221 if (errno != EINTR) {
222 error("poll failed, resuming: %s",
223 strerror(errno));
224 sleep(1);
226 continue;
228 if (0 <= pu && (pfd[pu].revents & (POLLIN|POLLHUP))) {
229 /* Data ready; we keep the last byte
230 * to ourselves in case we detect
231 * broken rev-list, so that we can
232 * leave the stream corrupted. This
233 * is unfortunate -- unpack-objects
234 * would happily accept a valid pack
235 * data with trailing garbage, so
236 * appending garbage after we pass all
237 * the pack data is not good enough to
238 * signal breakage to downstream.
240 char *cp = data;
241 ssize_t outsz = 0;
242 if (0 <= buffered) {
243 *cp++ = buffered;
244 outsz++;
246 sz = xread(pu_pipe[0], cp,
247 sizeof(data) - outsz);
248 if (0 < sz)
250 else if (sz == 0) {
251 close(pu_pipe[0]);
252 pu_pipe[0] = -1;
254 else
255 goto fail;
256 sz += outsz;
257 if (1 < sz) {
258 buffered = data[sz-1] & 0xFF;
259 sz--;
261 else
262 buffered = -1;
263 sz = send_client_data(1, data, sz);
264 if (sz < 0)
265 goto fail;
267 if (0 <= pe && (pfd[pe].revents & (POLLIN|POLLHUP))) {
268 /* Status ready; we ship that in the side-band
269 * or dump to the standard error.
271 sz = xread(pe_pipe[0], progress,
272 sizeof(progress));
273 if (0 < sz)
274 send_client_data(2, progress, sz);
275 else if (sz == 0) {
276 close(pe_pipe[0]);
277 pe_pipe[0] = -1;
279 else
280 goto fail;
284 /* See if the children are still there */
285 if (pid_rev_list || pid_pack_objects) {
286 pid = waitpid(-1, &status, WNOHANG);
287 if (!pid)
288 continue;
289 who = ((pid == pid_rev_list) ? "git-rev-list" :
290 (pid == pid_pack_objects) ? "git-pack-objects" :
291 NULL);
292 if (!who) {
293 if (pid < 0) {
294 error("git-upload-pack: %s",
295 strerror(errno));
296 goto fail;
298 error("git-upload-pack: we weren't "
299 "waiting for %d", pid);
300 continue;
302 if (!WIFEXITED(status) || WEXITSTATUS(status) > 0) {
303 error("git-upload-pack: %s died with error.",
304 who);
305 goto fail;
307 if (pid == pid_rev_list)
308 pid_rev_list = 0;
309 if (pid == pid_pack_objects)
310 pid_pack_objects = 0;
311 if (pid_rev_list || pid_pack_objects)
312 continue;
315 /* both died happily */
316 if (pollsize)
317 continue;
319 /* flush the data */
320 if (0 <= buffered) {
321 data[0] = buffered;
322 sz = send_client_data(1, data, 1);
323 if (sz < 0)
324 goto fail;
325 fprintf(stderr, "flushed.\n");
327 if (use_sideband)
328 packet_flush(1);
329 return;
331 fail:
332 if (pid_pack_objects)
333 kill(pid_pack_objects, SIGKILL);
334 if (pid_rev_list)
335 kill(pid_rev_list, SIGKILL);
336 send_client_data(3, abort_msg, sizeof(abort_msg));
337 die("git-upload-pack: %s", abort_msg);
340 static int got_sha1(char *hex, unsigned char *sha1)
342 struct object *o;
343 int we_knew_they_have = 0;
345 if (get_sha1_hex(hex, sha1))
346 die("git-upload-pack: expected SHA1 object, got '%s'", hex);
347 if (!has_sha1_file(sha1))
348 return -1;
350 o = lookup_object(sha1);
351 if (!(o && o->parsed))
352 o = parse_object(sha1);
353 if (!o)
354 die("oops (%s)", sha1_to_hex(sha1));
355 if (o->type == OBJ_COMMIT) {
356 struct commit_list *parents;
357 struct commit *commit = (struct commit *)o;
358 if (o->flags & THEY_HAVE)
359 we_knew_they_have = 1;
360 else
361 o->flags |= THEY_HAVE;
362 if (!oldest_have || (commit->date < oldest_have))
363 oldest_have = commit->date;
364 for (parents = commit->parents;
365 parents;
366 parents = parents->next)
367 parents->item->object.flags |= THEY_HAVE;
369 if (!we_knew_they_have) {
370 add_object_array(o, NULL, &have_obj);
371 return 1;
373 return 0;
376 static int reachable(struct commit *want)
378 struct commit_list *work = NULL;
380 insert_by_date(want, &work);
381 while (work) {
382 struct commit_list *list = work->next;
383 struct commit *commit = work->item;
384 free(work);
385 work = list;
387 if (commit->object.flags & THEY_HAVE) {
388 want->object.flags |= COMMON_KNOWN;
389 break;
391 if (!commit->object.parsed)
392 parse_object(commit->object.sha1);
393 if (commit->object.flags & REACHABLE)
394 continue;
395 commit->object.flags |= REACHABLE;
396 if (commit->date < oldest_have)
397 continue;
398 for (list = commit->parents; list; list = list->next) {
399 struct commit *parent = list->item;
400 if (!(parent->object.flags & REACHABLE))
401 insert_by_date(parent, &work);
404 want->object.flags |= REACHABLE;
405 clear_commit_marks(want, REACHABLE);
406 free_commit_list(work);
407 return (want->object.flags & COMMON_KNOWN);
410 static int ok_to_give_up(void)
412 int i;
414 if (!have_obj.nr)
415 return 0;
417 for (i = 0; i < want_obj.nr; i++) {
418 struct object *want = want_obj.objects[i].item;
420 if (want->flags & COMMON_KNOWN)
421 continue;
422 want = deref_tag(want, "a want line", 0);
423 if (!want || want->type != OBJ_COMMIT) {
424 /* no way to tell if this is reachable by
425 * looking at the ancestry chain alone, so
426 * leave a note to ourselves not to worry about
427 * this object anymore.
429 want_obj.objects[i].item->flags |= COMMON_KNOWN;
430 continue;
432 if (!reachable((struct commit *)want))
433 return 0;
435 return 1;
438 static int get_common_commits(void)
440 static char line[1000];
441 unsigned char sha1[20];
442 char hex[41], last_hex[41];
443 int len;
445 track_object_refs = 0;
446 save_commit_buffer = 0;
448 for(;;) {
449 len = packet_read_line(0, line, sizeof(line));
450 reset_timeout();
452 if (!len) {
453 if (have_obj.nr == 0 || multi_ack)
454 packet_write(1, "NAK\n");
455 continue;
457 len = strip(line, len);
458 if (!strncmp(line, "have ", 5)) {
459 switch (got_sha1(line+5, sha1)) {
460 case -1: /* they have what we do not */
461 if (multi_ack && ok_to_give_up())
462 packet_write(1, "ACK %s continue\n",
463 sha1_to_hex(sha1));
464 break;
465 default:
466 memcpy(hex, sha1_to_hex(sha1), 41);
467 if (multi_ack) {
468 const char *msg = "ACK %s continue\n";
469 packet_write(1, msg, hex);
470 memcpy(last_hex, hex, 41);
472 else if (have_obj.nr == 1)
473 packet_write(1, "ACK %s\n", hex);
474 break;
476 continue;
478 if (!strcmp(line, "done")) {
479 if (have_obj.nr > 0) {
480 if (multi_ack)
481 packet_write(1, "ACK %s\n", last_hex);
482 return 0;
484 packet_write(1, "NAK\n");
485 return -1;
487 die("git-upload-pack: expected SHA1 list, got '%s'", line);
491 static void receive_needs(void)
493 struct object_array shallows = {0, 0, NULL};
494 static char line[1000];
495 int len, depth = 0;
497 for (;;) {
498 struct object *o;
499 unsigned char sha1_buf[20];
500 len = packet_read_line(0, line, sizeof(line));
501 reset_timeout();
502 if (!len)
503 break;
505 if (!strncmp("shallow ", line, 8)) {
506 unsigned char sha1[20];
507 struct object *object;
508 use_thin_pack = 0;
509 if (get_sha1(line + 8, sha1))
510 die("invalid shallow line: %s", line);
511 object = parse_object(sha1);
512 if (!object)
513 die("did not find object for %s", line);
514 object->flags |= CLIENT_SHALLOW;
515 add_object_array(object, NULL, &shallows);
516 continue;
518 if (!strncmp("deepen ", line, 7)) {
519 char *end;
520 use_thin_pack = 0;
521 depth = strtol(line + 7, &end, 0);
522 if (end == line + 7 || depth <= 0)
523 die("Invalid deepen: %s", line);
524 continue;
526 if (strncmp("want ", line, 5) ||
527 get_sha1_hex(line+5, sha1_buf))
528 die("git-upload-pack: protocol error, "
529 "expected to get sha, not '%s'", line);
530 if (strstr(line+45, "multi_ack"))
531 multi_ack = 1;
532 if (strstr(line+45, "thin-pack"))
533 use_thin_pack = 1;
534 if (strstr(line+45, "ofs-delta"))
535 use_ofs_delta = 1;
536 if (strstr(line+45, "side-band-64k"))
537 use_sideband = LARGE_PACKET_MAX;
538 else if (strstr(line+45, "side-band"))
539 use_sideband = DEFAULT_PACKET_MAX;
541 /* We have sent all our refs already, and the other end
542 * should have chosen out of them; otherwise they are
543 * asking for nonsense.
545 * Hmph. We may later want to allow "want" line that
546 * asks for something like "master~10" (symbolic)...
547 * would it make sense? I don't know.
549 o = lookup_object(sha1_buf);
550 if (!o || !(o->flags & OUR_REF))
551 die("git-upload-pack: not our ref %s", line+5);
552 if (!(o->flags & WANTED)) {
553 o->flags |= WANTED;
554 add_object_array(o, NULL, &want_obj);
557 if (depth == 0 && shallows.nr == 0)
558 return;
559 if (depth > 0) {
560 struct commit_list *result, *backup;
561 int i;
562 backup = result = get_shallow_commits(&want_obj, depth,
563 SHALLOW, NOT_SHALLOW);
564 while (result) {
565 struct object *object = &result->item->object;
566 if (!(object->flags & (CLIENT_SHALLOW|NOT_SHALLOW))) {
567 packet_write(1, "shallow %s",
568 sha1_to_hex(object->sha1));
569 register_shallow(object->sha1);
571 result = result->next;
573 free_commit_list(backup);
574 for (i = 0; i < shallows.nr; i++) {
575 struct object *object = shallows.objects[i].item;
576 if (object->flags & NOT_SHALLOW) {
577 struct commit_list *parents;
578 packet_write(1, "unshallow %s",
579 sha1_to_hex(object->sha1));
580 object->flags &= ~CLIENT_SHALLOW;
581 /* make sure the real parents are parsed */
582 unregister_shallow(object->sha1);
583 object->parsed = 0;
584 parse_commit((struct commit *)object);
585 parents = ((struct commit *)object)->parents;
586 while (parents) {
587 add_object_array(&parents->item->object,
588 NULL, &want_obj);
589 parents = parents->next;
592 /* make sure commit traversal conforms to client */
593 register_shallow(object->sha1);
595 packet_flush(1);
596 } else
597 if (shallows.nr > 0) {
598 int i;
599 for (i = 0; i < shallows.nr; i++)
600 register_shallow(shallows.objects[i].item->sha1);
602 free(shallows.objects);
605 static int send_ref(const char *refname, const unsigned char *sha1, int flag, void *cb_data)
607 static const char *capabilities = "multi_ack thin-pack side-band"
608 " side-band-64k ofs-delta shallow";
609 struct object *o = parse_object(sha1);
611 if (!o)
612 die("git-upload-pack: cannot find object %s:", sha1_to_hex(sha1));
614 if (capabilities)
615 packet_write(1, "%s %s%c%s\n", sha1_to_hex(sha1), refname,
616 0, capabilities);
617 else
618 packet_write(1, "%s %s\n", sha1_to_hex(sha1), refname);
619 capabilities = NULL;
620 if (!(o->flags & OUR_REF)) {
621 o->flags |= OUR_REF;
622 nr_our_refs++;
624 if (o->type == OBJ_TAG) {
625 o = deref_tag(o, refname, 0);
626 packet_write(1, "%s %s^{}\n", sha1_to_hex(o->sha1), refname);
628 return 0;
631 static void upload_pack(void)
633 reset_timeout();
634 head_ref(send_ref, NULL);
635 for_each_ref(send_ref, NULL);
636 packet_flush(1);
637 receive_needs();
638 if (want_obj.nr) {
639 get_common_commits();
640 create_pack_file();
644 int main(int argc, char **argv)
646 char *dir;
647 int i;
648 int strict = 0;
650 for (i = 1; i < argc; i++) {
651 char *arg = argv[i];
653 if (arg[0] != '-')
654 break;
655 if (!strcmp(arg, "--strict")) {
656 strict = 1;
657 continue;
659 if (!strncmp(arg, "--timeout=", 10)) {
660 timeout = atoi(arg+10);
661 continue;
663 if (!strcmp(arg, "--")) {
664 i++;
665 break;
669 if (i != argc-1)
670 usage(upload_pack_usage);
671 dir = argv[i];
673 if (!enter_repo(dir, strict))
674 die("'%s': unable to chdir or not a git archive", dir);
675 if (is_repository_shallow())
676 die("attempt to fetch/clone from a shallow repository");
677 upload_pack();
678 return 0;