Make object creation in http fetch a bit safer.
[git/debian.git] / update-index.c
blob8fe015b49946173881bf73f5453a04468db93352
1 /*
2 * GIT - The information manager from hell
4 * Copyright (C) Linus Torvalds, 2005
5 */
6 #include "cache.h"
8 /*
9 * Default to not allowing changes to the list of files. The
10 * tool doesn't actually care, but this makes it harder to add
11 * files to the revision control by mistake by doing something
12 * like "git-update-index *" and suddenly having all the object
13 * files be revision controlled.
15 static int allow_add = 0, allow_remove = 0, allow_replace = 0, not_new = 0, quiet = 0, info_only = 0;
16 static int force_remove;
18 /* Three functions to allow overloaded pointer return; see linux/err.h */
19 static inline void *ERR_PTR(long error)
21 return (void *) error;
24 static inline long PTR_ERR(const void *ptr)
26 return (long) ptr;
29 static inline long IS_ERR(const void *ptr)
31 return (unsigned long)ptr > (unsigned long)-1000L;
34 static int add_file_to_cache(char *path)
36 int size, namelen, option, status;
37 struct cache_entry *ce;
38 struct stat st;
39 int fd;
40 char *target;
42 status = lstat(path, &st);
43 if (status < 0 || S_ISDIR(st.st_mode)) {
44 /* When we used to have "path" and now we want to add
45 * "path/file", we need a way to remove "path" before
46 * being able to add "path/file". However,
47 * "git-update-index --remove path" would not work.
48 * --force-remove can be used but this is more user
49 * friendly, especially since we can do the opposite
50 * case just fine without --force-remove.
52 if (status == 0 || (errno == ENOENT || errno == ENOTDIR)) {
53 if (allow_remove) {
54 if (remove_file_from_cache(path))
55 return error("%s: cannot remove from the index",
56 path);
57 else
58 return 0;
59 } else if (status < 0) {
60 return error("%s: does not exist and --remove not passed",
61 path);
64 if (0 == status)
65 return error("%s: is a directory - add files inside instead",
66 path);
67 else
68 return error("lstat(\"%s\"): %s", path,
69 strerror(errno));
71 namelen = strlen(path);
72 size = cache_entry_size(namelen);
73 ce = xmalloc(size);
74 memset(ce, 0, size);
75 memcpy(ce->name, path, namelen);
76 fill_stat_cache_info(ce, &st);
77 ce->ce_mode = create_ce_mode(st.st_mode);
78 ce->ce_flags = htons(namelen);
79 switch (st.st_mode & S_IFMT) {
80 case S_IFREG:
81 fd = open(path, O_RDONLY);
82 if (fd < 0)
83 return error("open(\"%s\"): %s", path, strerror(errno));
84 if (index_fd(ce->sha1, fd, &st, !info_only, NULL) < 0)
85 return error("%s: failed to insert into database", path);
86 break;
87 case S_IFLNK:
88 target = xmalloc(st.st_size+1);
89 if (readlink(path, target, st.st_size+1) != st.st_size) {
90 char *errstr = strerror(errno);
91 free(target);
92 return error("readlink(\"%s\"): %s", path,
93 errstr);
95 if (info_only) {
96 unsigned char hdr[50];
97 int hdrlen;
98 write_sha1_file_prepare(target, st.st_size, "blob",
99 ce->sha1, hdr, &hdrlen);
100 } else if (write_sha1_file(target, st.st_size, "blob", ce->sha1))
101 return error("%s: failed to insert into database", path);
102 free(target);
103 break;
104 default:
105 return error("%s: unsupported file type", path);
107 option = allow_add ? ADD_CACHE_OK_TO_ADD : 0;
108 option |= allow_replace ? ADD_CACHE_OK_TO_REPLACE : 0;
109 if (add_cache_entry(ce, option))
110 return error("%s: cannot add to the index - missing --add option?",
111 path);
112 return 0;
115 static int compare_data(struct cache_entry *ce, struct stat *st)
117 int match = -1;
118 int fd = open(ce->name, O_RDONLY);
120 if (fd >= 0) {
121 unsigned char sha1[20];
122 if (!index_fd(sha1, fd, st, 0, NULL))
123 match = memcmp(sha1, ce->sha1, 20);
124 close(fd);
126 return match;
129 static int compare_link(struct cache_entry *ce, unsigned long expected_size)
131 int match = -1;
132 char *target;
133 void *buffer;
134 unsigned long size;
135 char type[10];
136 int len;
138 target = xmalloc(expected_size);
139 len = readlink(ce->name, target, expected_size);
140 if (len != expected_size) {
141 free(target);
142 return -1;
144 buffer = read_sha1_file(ce->sha1, type, &size);
145 if (!buffer) {
146 free(target);
147 return -1;
149 if (size == expected_size)
150 match = memcmp(buffer, target, size);
151 free(buffer);
152 free(target);
153 return match;
157 * "refresh" does not calculate a new sha1 file or bring the
158 * cache up-to-date for mode/content changes. But what it
159 * _does_ do is to "re-match" the stat information of a file
160 * with the cache, so that you can refresh the cache for a
161 * file that hasn't been changed but where the stat entry is
162 * out of date.
164 * For example, you'd want to do this after doing a "git-read-tree",
165 * to link up the stat cache details with the proper files.
167 static struct cache_entry *refresh_entry(struct cache_entry *ce)
169 struct stat st;
170 struct cache_entry *updated;
171 int changed, size;
173 if (lstat(ce->name, &st) < 0)
174 return ERR_PTR(-errno);
176 changed = ce_match_stat(ce, &st);
177 if (!changed)
178 return ce;
181 * If the mode or type has changed, there's no point in trying
182 * to refresh the entry - it's not going to match
184 if (changed & (MODE_CHANGED | TYPE_CHANGED))
185 return ERR_PTR(-EINVAL);
187 switch (st.st_mode & S_IFMT) {
188 case S_IFREG:
189 if (compare_data(ce, &st))
190 return ERR_PTR(-EINVAL);
191 break;
192 case S_IFLNK:
193 if (compare_link(ce, st.st_size))
194 return ERR_PTR(-EINVAL);
195 break;
196 default:
197 return ERR_PTR(-EINVAL);
200 size = ce_size(ce);
201 updated = xmalloc(size);
202 memcpy(updated, ce, size);
203 fill_stat_cache_info(updated, &st);
204 return updated;
207 static int refresh_cache(void)
209 int i;
210 int has_errors = 0;
212 for (i = 0; i < active_nr; i++) {
213 struct cache_entry *ce, *new;
214 ce = active_cache[i];
215 if (ce_stage(ce)) {
216 printf("%s: needs merge\n", ce->name);
217 has_errors = 1;
218 while ((i < active_nr) &&
219 ! strcmp(active_cache[i]->name, ce->name))
220 i++;
221 i--;
222 continue;
225 new = refresh_entry(ce);
226 if (IS_ERR(new)) {
227 if (not_new && PTR_ERR(new) == -ENOENT)
228 continue;
229 if (quiet)
230 continue;
231 printf("%s: needs update\n", ce->name);
232 has_errors = 1;
233 continue;
235 active_cache_changed = 1;
236 /* You can NOT just free active_cache[i] here, since it
237 * might not be necessarily malloc()ed but can also come
238 * from mmap(). */
239 active_cache[i] = new;
241 return has_errors;
245 * We fundamentally don't like some paths: we don't want
246 * dot or dot-dot anywhere, and for obvious reasons don't
247 * want to recurse into ".git" either.
249 * Also, we don't want double slashes or slashes at the
250 * end that can make pathnames ambiguous.
252 static int verify_dotfile(const char *rest)
255 * The first character was '.', but that
256 * has already been discarded, we now test
257 * the rest.
259 switch (*rest) {
260 /* "." is not allowed */
261 case '\0': case '/':
262 return 0;
265 * ".git" followed by NUL or slash is bad. This
266 * shares the path end test with the ".." case.
268 case 'g':
269 if (rest[1] != 'i')
270 break;
271 if (rest[2] != 't')
272 break;
273 rest += 2;
274 /* fallthrough */
275 case '.':
276 if (rest[1] == '\0' || rest[1] == '/')
277 return 0;
279 return 1;
282 static int verify_path(char *path)
284 char c;
286 goto inside;
287 for (;;) {
288 if (!c)
289 return 1;
290 if (c == '/') {
291 inside:
292 c = *path++;
293 switch (c) {
294 default:
295 continue;
296 case '/': case '\0':
297 break;
298 case '.':
299 if (verify_dotfile(path))
300 continue;
302 return 0;
304 c = *path++;
308 static int add_cacheinfo(char *arg1, char *arg2, char *arg3)
310 int size, len, option;
311 unsigned int mode;
312 unsigned char sha1[20];
313 struct cache_entry *ce;
315 if (sscanf(arg1, "%o", &mode) != 1)
316 return -1;
317 if (get_sha1_hex(arg2, sha1))
318 return -1;
319 if (!verify_path(arg3))
320 return -1;
322 len = strlen(arg3);
323 size = cache_entry_size(len);
324 ce = xmalloc(size);
325 memset(ce, 0, size);
327 memcpy(ce->sha1, sha1, 20);
328 memcpy(ce->name, arg3, len);
329 ce->ce_flags = htons(len);
330 ce->ce_mode = create_ce_mode(mode);
331 option = allow_add ? ADD_CACHE_OK_TO_ADD : 0;
332 option |= allow_replace ? ADD_CACHE_OK_TO_REPLACE : 0;
333 return add_cache_entry(ce, option);
336 static struct cache_file cache_file;
338 int main(int argc, char **argv)
340 int i, newfd, entries, has_errors = 0;
341 int allow_options = 1;
342 const char *prefix = setup_git_directory();
344 newfd = hold_index_file_for_update(&cache_file, get_index_file());
345 if (newfd < 0)
346 die("unable to create new cachefile");
348 entries = read_cache();
349 if (entries < 0)
350 die("cache corrupted");
352 for (i = 1 ; i < argc; i++) {
353 char *path = argv[i];
355 if (allow_options && *path == '-') {
356 if (!strcmp(path, "--")) {
357 allow_options = 0;
358 continue;
360 if (!strcmp(path, "-q")) {
361 quiet = 1;
362 continue;
364 if (!strcmp(path, "--add")) {
365 allow_add = 1;
366 continue;
368 if (!strcmp(path, "--replace")) {
369 allow_replace = 1;
370 continue;
372 if (!strcmp(path, "--remove")) {
373 allow_remove = 1;
374 continue;
376 if (!strcmp(path, "--refresh")) {
377 has_errors |= refresh_cache();
378 continue;
380 if (!strcmp(path, "--cacheinfo")) {
381 if (i+3 >= argc)
382 die("git-update-index: --cacheinfo <mode> <sha1> <path>");
383 if (add_cacheinfo(argv[i+1], argv[i+2], argv[i+3]))
384 die("git-update-index: --cacheinfo cannot add %s", argv[i+3]);
385 i += 3;
386 continue;
388 if (!strcmp(path, "--info-only")) {
389 info_only = 1;
390 continue;
392 if (!strcmp(path, "--force-remove")) {
393 force_remove = 1;
394 continue;
397 if (!strcmp(path, "--ignore-missing")) {
398 not_new = 1;
399 continue;
401 die("unknown option %s", path);
403 path = prefix_path(prefix, prefix ? strlen(prefix) : 0, path);
404 if (!verify_path(path)) {
405 fprintf(stderr, "Ignoring path %s\n", argv[i]);
406 continue;
408 if (force_remove) {
409 if (remove_file_from_cache(path))
410 die("git-update-index: unable to remove %s", path);
411 continue;
413 if (add_file_to_cache(path))
414 die("Unable to process file %s", path);
416 if (write_cache(newfd, active_cache, active_nr) ||
417 commit_index_file(&cache_file))
418 die("Unable to write new cachefile");
420 return has_errors ? 1 : 0;