Merge branch 'tb/object-access-overflow-protection'
[git/debian.git] / bundle.c
blob8d5936c4212da4cfc3162aec8f83f15318ca002c
1 #include "git-compat-util.h"
2 #include "lockfile.h"
3 #include "bundle.h"
4 #include "environment.h"
5 #include "gettext.h"
6 #include "hex.h"
7 #include "object-store-ll.h"
8 #include "repository.h"
9 #include "object.h"
10 #include "commit.h"
11 #include "diff.h"
12 #include "revision.h"
13 #include "list-objects.h"
14 #include "run-command.h"
15 #include "refs.h"
16 #include "strvec.h"
17 #include "list-objects-filter-options.h"
18 #include "connected.h"
19 #include "write-or-die.h"
21 static const char v2_bundle_signature[] = "# v2 git bundle\n";
22 static const char v3_bundle_signature[] = "# v3 git bundle\n";
23 static struct {
24 int version;
25 const char *signature;
26 } bundle_sigs[] = {
27 { 2, v2_bundle_signature },
28 { 3, v3_bundle_signature },
31 void bundle_header_init(struct bundle_header *header)
33 struct bundle_header blank = BUNDLE_HEADER_INIT;
34 memcpy(header, &blank, sizeof(*header));
37 void bundle_header_release(struct bundle_header *header)
39 string_list_clear(&header->prerequisites, 1);
40 string_list_clear(&header->references, 1);
41 list_objects_filter_release(&header->filter);
44 static int parse_capability(struct bundle_header *header, const char *capability)
46 const char *arg;
47 if (skip_prefix(capability, "object-format=", &arg)) {
48 int algo = hash_algo_by_name(arg);
49 if (algo == GIT_HASH_UNKNOWN)
50 return error(_("unrecognized bundle hash algorithm: %s"), arg);
51 header->hash_algo = &hash_algos[algo];
52 return 0;
54 if (skip_prefix(capability, "filter=", &arg)) {
55 parse_list_objects_filter(&header->filter, arg);
56 return 0;
58 return error(_("unknown capability '%s'"), capability);
61 static int parse_bundle_signature(struct bundle_header *header, const char *line)
63 int i;
65 for (i = 0; i < ARRAY_SIZE(bundle_sigs); i++) {
66 if (!strcmp(line, bundle_sigs[i].signature)) {
67 header->version = bundle_sigs[i].version;
68 return 0;
71 return -1;
74 int read_bundle_header_fd(int fd, struct bundle_header *header,
75 const char *report_path)
77 struct strbuf buf = STRBUF_INIT;
78 int status = 0;
80 /* The bundle header begins with the signature */
81 if (strbuf_getwholeline_fd(&buf, fd, '\n') ||
82 parse_bundle_signature(header, buf.buf)) {
83 if (report_path)
84 error(_("'%s' does not look like a v2 or v3 bundle file"),
85 report_path);
86 status = -1;
87 goto abort;
90 header->hash_algo = the_hash_algo;
92 /* The bundle header ends with an empty line */
93 while (!strbuf_getwholeline_fd(&buf, fd, '\n') &&
94 buf.len && buf.buf[0] != '\n') {
95 struct object_id oid;
96 int is_prereq = 0;
97 const char *p;
99 strbuf_rtrim(&buf);
101 if (header->version == 3 && *buf.buf == '@') {
102 if (parse_capability(header, buf.buf + 1)) {
103 status = -1;
104 break;
106 continue;
109 if (*buf.buf == '-') {
110 is_prereq = 1;
111 strbuf_remove(&buf, 0, 1);
115 * Tip lines have object name, SP, and refname.
116 * Prerequisites have object name that is optionally
117 * followed by SP and subject line.
119 if (parse_oid_hex_algop(buf.buf, &oid, &p, header->hash_algo) ||
120 (*p && !isspace(*p)) ||
121 (!is_prereq && !*p)) {
122 if (report_path)
123 error(_("unrecognized header: %s%s (%d)"),
124 (is_prereq ? "-" : ""), buf.buf, (int)buf.len);
125 status = -1;
126 break;
127 } else {
128 struct object_id *dup = oiddup(&oid);
129 if (is_prereq)
130 string_list_append(&header->prerequisites, "")->util = dup;
131 else
132 string_list_append(&header->references, p + 1)->util = dup;
136 abort:
137 if (status) {
138 close(fd);
139 fd = -1;
141 strbuf_release(&buf);
142 return fd;
145 int read_bundle_header(const char *path, struct bundle_header *header)
147 int fd = open(path, O_RDONLY);
149 if (fd < 0)
150 return error(_("could not open '%s'"), path);
151 return read_bundle_header_fd(fd, header, path);
154 int is_bundle(const char *path, int quiet)
156 struct bundle_header header = BUNDLE_HEADER_INIT;
157 int fd = open(path, O_RDONLY);
159 if (fd < 0)
160 return 0;
161 fd = read_bundle_header_fd(fd, &header, quiet ? NULL : path);
162 if (fd >= 0)
163 close(fd);
164 bundle_header_release(&header);
165 return (fd >= 0);
168 static int list_refs(struct string_list *r, int argc, const char **argv)
170 int i;
172 for (i = 0; i < r->nr; i++) {
173 struct object_id *oid;
174 const char *name;
176 if (argc > 1) {
177 int j;
178 for (j = 1; j < argc; j++)
179 if (!strcmp(r->items[i].string, argv[j]))
180 break;
181 if (j == argc)
182 continue;
185 oid = r->items[i].util;
186 name = r->items[i].string;
187 printf("%s %s\n", oid_to_hex(oid), name);
189 return 0;
192 /* Remember to update object flag allocation in object.h */
193 #define PREREQ_MARK (1u<<16)
195 struct string_list_iterator {
196 struct string_list *list;
197 size_t cur;
200 static const struct object_id *iterate_ref_map(void *cb_data)
202 struct string_list_iterator *iter = cb_data;
204 if (iter->cur >= iter->list->nr)
205 return NULL;
207 return iter->list->items[iter->cur++].util;
210 int verify_bundle(struct repository *r,
211 struct bundle_header *header,
212 enum verify_bundle_flags flags)
215 * Do fast check, then if any prereqs are missing then go line by line
216 * to be verbose about the errors
218 struct string_list *p = &header->prerequisites;
219 int i, ret = 0;
220 const char *message = _("Repository lacks these prerequisite commits:");
221 struct string_list_iterator iter = {
222 .list = p,
224 struct check_connected_options opts = {
225 .quiet = 1,
228 if (!r || !r->objects || !r->objects->odb)
229 return error(_("need a repository to verify a bundle"));
231 for (i = 0; i < p->nr; i++) {
232 struct string_list_item *e = p->items + i;
233 const char *name = e->string;
234 struct object_id *oid = e->util;
235 struct object *o = parse_object(r, oid);
236 if (o)
237 continue;
238 ret++;
239 if (flags & VERIFY_BUNDLE_QUIET)
240 continue;
241 if (ret == 1)
242 error("%s", message);
243 error("%s %s", oid_to_hex(oid), name);
245 if (ret)
246 goto cleanup;
248 if ((ret = check_connected(iterate_ref_map, &iter, &opts)))
249 error(_("some prerequisite commits exist in the object store, "
250 "but are not connected to the repository's history"));
252 /* TODO: preserve this verbose language. */
253 if (flags & VERIFY_BUNDLE_VERBOSE) {
254 struct string_list *r;
256 r = &header->references;
257 printf_ln(Q_("The bundle contains this ref:",
258 "The bundle contains these %"PRIuMAX" refs:",
259 r->nr),
260 (uintmax_t)r->nr);
261 list_refs(r, 0, NULL);
263 r = &header->prerequisites;
264 if (!r->nr) {
265 printf_ln(_("The bundle records a complete history."));
266 } else {
267 printf_ln(Q_("The bundle requires this ref:",
268 "The bundle requires these %"PRIuMAX" refs:",
269 r->nr),
270 (uintmax_t)r->nr);
271 list_refs(r, 0, NULL);
274 printf_ln("The bundle uses this hash algorithm: %s",
275 header->hash_algo->name);
276 if (header->filter.choice)
277 printf_ln("The bundle uses this filter: %s",
278 list_objects_filter_spec(&header->filter));
280 cleanup:
281 return ret;
284 int list_bundle_refs(struct bundle_header *header, int argc, const char **argv)
286 return list_refs(&header->references, argc, argv);
289 static int is_tag_in_date_range(struct object *tag, struct rev_info *revs)
291 unsigned long size;
292 enum object_type type;
293 char *buf = NULL, *line, *lineend;
294 timestamp_t date;
295 int result = 1;
297 if (revs->max_age == -1 && revs->min_age == -1)
298 goto out;
300 buf = repo_read_object_file(the_repository, &tag->oid, &type, &size);
301 if (!buf)
302 goto out;
303 line = memmem(buf, size, "\ntagger ", 8);
304 if (!line++)
305 goto out;
306 lineend = memchr(line, '\n', buf + size - line);
307 line = memchr(line, '>', lineend ? lineend - line : buf + size - line);
308 if (!line++)
309 goto out;
310 date = parse_timestamp(line, NULL, 10);
311 result = (revs->max_age == -1 || revs->max_age < date) &&
312 (revs->min_age == -1 || revs->min_age > date);
313 out:
314 free(buf);
315 return result;
319 /* Write the pack data to bundle_fd */
320 static int write_pack_data(int bundle_fd, struct rev_info *revs, struct strvec *pack_options)
322 struct child_process pack_objects = CHILD_PROCESS_INIT;
323 int i;
325 strvec_pushl(&pack_objects.args,
326 "pack-objects",
327 "--stdout", "--thin", "--delta-base-offset",
328 NULL);
329 strvec_pushv(&pack_objects.args, pack_options->v);
330 if (revs->filter.choice)
331 strvec_pushf(&pack_objects.args, "--filter=%s",
332 list_objects_filter_spec(&revs->filter));
333 pack_objects.in = -1;
334 pack_objects.out = bundle_fd;
335 pack_objects.git_cmd = 1;
338 * start_command() will close our descriptor if it's >1. Duplicate it
339 * to avoid surprising the caller.
341 if (pack_objects.out > 1) {
342 pack_objects.out = dup(pack_objects.out);
343 if (pack_objects.out < 0) {
344 error_errno(_("unable to dup bundle descriptor"));
345 child_process_clear(&pack_objects);
346 return -1;
350 if (start_command(&pack_objects))
351 return error(_("Could not spawn pack-objects"));
353 for (i = 0; i < revs->pending.nr; i++) {
354 struct object *object = revs->pending.objects[i].item;
355 if (object->flags & UNINTERESTING)
356 write_or_die(pack_objects.in, "^", 1);
357 write_or_die(pack_objects.in, oid_to_hex(&object->oid), the_hash_algo->hexsz);
358 write_or_die(pack_objects.in, "\n", 1);
360 close(pack_objects.in);
361 if (finish_command(&pack_objects))
362 return error(_("pack-objects died"));
363 return 0;
367 * Write out bundle refs based on the tips already
368 * parsed into revs.pending. As a side effect, may
369 * manipulate revs.pending to include additional
370 * necessary objects (like tags).
372 * Returns the number of refs written, or negative
373 * on error.
375 static int write_bundle_refs(int bundle_fd, struct rev_info *revs)
377 int i;
378 int ref_count = 0;
380 for (i = 0; i < revs->pending.nr; i++) {
381 struct object_array_entry *e = revs->pending.objects + i;
382 struct object_id oid;
383 char *ref;
384 const char *display_ref;
385 int flag;
387 if (e->item->flags & UNINTERESTING)
388 continue;
389 if (repo_dwim_ref(the_repository, e->name, strlen(e->name),
390 &oid, &ref, 0) != 1)
391 goto skip_write_ref;
392 if (read_ref_full(e->name, RESOLVE_REF_READING, &oid, &flag))
393 flag = 0;
394 display_ref = (flag & REF_ISSYMREF) ? e->name : ref;
396 if (e->item->type == OBJ_TAG &&
397 !is_tag_in_date_range(e->item, revs)) {
398 e->item->flags |= UNINTERESTING;
399 goto skip_write_ref;
403 * Make sure the refs we wrote out is correct; --max-count and
404 * other limiting options could have prevented all the tips
405 * from getting output.
407 * Non commit objects such as tags and blobs do not have
408 * this issue as they are not affected by those extra
409 * constraints.
411 if (!(e->item->flags & SHOWN) && e->item->type == OBJ_COMMIT) {
412 warning(_("ref '%s' is excluded by the rev-list options"),
413 e->name);
414 goto skip_write_ref;
417 * If you run "git bundle create bndl v1.0..v2.0", the
418 * name of the positive ref is "v2.0" but that is the
419 * commit that is referenced by the tag, and not the tag
420 * itself.
422 if (!oideq(&oid, &e->item->oid)) {
424 * Is this the positive end of a range expressed
425 * in terms of a tag (e.g. v2.0 from the range
426 * "v1.0..v2.0")?
428 struct commit *one = lookup_commit_reference(revs->repo, &oid);
429 struct object *obj;
431 if (e->item == &(one->object)) {
433 * Need to include e->name as an
434 * independent ref to the pack-objects
435 * input, so that the tag is included
436 * in the output; otherwise we would
437 * end up triggering "empty bundle"
438 * error.
440 obj = parse_object_or_die(&oid, e->name);
441 obj->flags |= SHOWN;
442 add_pending_object(revs, obj, e->name);
444 goto skip_write_ref;
447 ref_count++;
448 write_or_die(bundle_fd, oid_to_hex(&e->item->oid), the_hash_algo->hexsz);
449 write_or_die(bundle_fd, " ", 1);
450 write_or_die(bundle_fd, display_ref, strlen(display_ref));
451 write_or_die(bundle_fd, "\n", 1);
452 skip_write_ref:
453 free(ref);
456 /* end header */
457 write_or_die(bundle_fd, "\n", 1);
458 return ref_count;
461 struct bundle_prerequisites_info {
462 struct object_array *pending;
463 int fd;
466 static void write_bundle_prerequisites(struct commit *commit, void *data)
468 struct bundle_prerequisites_info *bpi = data;
469 struct object *object;
470 struct pretty_print_context ctx = { 0 };
471 struct strbuf buf = STRBUF_INIT;
473 if (!(commit->object.flags & BOUNDARY))
474 return;
475 strbuf_addf(&buf, "-%s ", oid_to_hex(&commit->object.oid));
476 write_or_die(bpi->fd, buf.buf, buf.len);
478 ctx.fmt = CMIT_FMT_ONELINE;
479 ctx.output_encoding = get_log_output_encoding();
480 strbuf_reset(&buf);
481 pretty_print_commit(&ctx, commit, &buf);
482 strbuf_trim(&buf);
484 object = (struct object *)commit;
485 object->flags |= UNINTERESTING;
486 add_object_array_with_path(object, buf.buf, bpi->pending, S_IFINVALID,
487 NULL);
488 strbuf_addch(&buf, '\n');
489 write_or_die(bpi->fd, buf.buf, buf.len);
490 strbuf_release(&buf);
493 int create_bundle(struct repository *r, const char *path,
494 int argc, const char **argv, struct strvec *pack_options, int version)
496 struct lock_file lock = LOCK_INIT;
497 int bundle_fd = -1;
498 int bundle_to_stdout;
499 int ref_count = 0;
500 struct rev_info revs, revs_copy;
501 int min_version = 2;
502 struct bundle_prerequisites_info bpi;
503 int i;
505 /* init revs to list objects for pack-objects later */
506 save_commit_buffer = 0;
507 repo_init_revisions(r, &revs, NULL);
510 * Pre-initialize the '--objects' flag so we can parse a
511 * --filter option successfully.
513 revs.tree_objects = revs.blob_objects = 1;
515 argc = setup_revisions(argc, argv, &revs, NULL);
518 * Reasons to require version 3:
520 * 1. @object-format is required because our hash algorithm is not
521 * SHA1.
522 * 2. @filter is required because we parsed an object filter.
524 if (the_hash_algo != &hash_algos[GIT_HASH_SHA1] || revs.filter.choice)
525 min_version = 3;
527 if (argc > 1) {
528 error(_("unrecognized argument: %s"), argv[1]);
529 goto err;
532 bundle_to_stdout = !strcmp(path, "-");
533 if (bundle_to_stdout)
534 bundle_fd = 1;
535 else
536 bundle_fd = hold_lock_file_for_update(&lock, path,
537 LOCK_DIE_ON_ERROR);
539 if (version == -1)
540 version = min_version;
542 if (version < 2 || version > 3) {
543 die(_("unsupported bundle version %d"), version);
544 } else if (version < min_version) {
545 die(_("cannot write bundle version %d with algorithm %s"), version, the_hash_algo->name);
546 } else if (version == 2) {
547 write_or_die(bundle_fd, v2_bundle_signature, strlen(v2_bundle_signature));
548 } else {
549 const char *capability = "@object-format=";
550 write_or_die(bundle_fd, v3_bundle_signature, strlen(v3_bundle_signature));
551 write_or_die(bundle_fd, capability, strlen(capability));
552 write_or_die(bundle_fd, the_hash_algo->name, strlen(the_hash_algo->name));
553 write_or_die(bundle_fd, "\n", 1);
555 if (revs.filter.choice) {
556 const char *value = expand_list_objects_filter_spec(&revs.filter);
557 capability = "@filter=";
558 write_or_die(bundle_fd, capability, strlen(capability));
559 write_or_die(bundle_fd, value, strlen(value));
560 write_or_die(bundle_fd, "\n", 1);
564 /* save revs.pending in revs_copy for later use */
565 memcpy(&revs_copy, &revs, sizeof(revs));
566 revs_copy.pending.nr = 0;
567 revs_copy.pending.alloc = 0;
568 revs_copy.pending.objects = NULL;
569 for (i = 0; i < revs.pending.nr; i++) {
570 struct object_array_entry *e = revs.pending.objects + i;
571 if (e)
572 add_object_array_with_path(e->item, e->name,
573 &revs_copy.pending,
574 e->mode, e->path);
577 /* write prerequisites */
578 revs.boundary = 1;
579 if (prepare_revision_walk(&revs))
580 die("revision walk setup failed");
581 bpi.fd = bundle_fd;
582 bpi.pending = &revs_copy.pending;
585 * Remove any object walking here. We only care about commits and
586 * tags here. The revs_copy has the right instances of these values.
588 revs.blob_objects = revs.tree_objects = 0;
589 traverse_commit_list(&revs, write_bundle_prerequisites, NULL, &bpi);
590 object_array_remove_duplicates(&revs_copy.pending);
592 /* write bundle refs */
593 ref_count = write_bundle_refs(bundle_fd, &revs_copy);
594 if (!ref_count)
595 die(_("Refusing to create empty bundle."));
596 else if (ref_count < 0)
597 goto err;
599 /* write pack */
600 if (write_pack_data(bundle_fd, &revs_copy, pack_options))
601 goto err;
603 if (!bundle_to_stdout) {
604 if (commit_lock_file(&lock))
605 die_errno(_("cannot create '%s'"), path);
607 return 0;
608 err:
609 rollback_lock_file(&lock);
610 return -1;
613 int unbundle(struct repository *r, struct bundle_header *header,
614 int bundle_fd, struct strvec *extra_index_pack_args,
615 enum verify_bundle_flags flags)
617 struct child_process ip = CHILD_PROCESS_INIT;
619 if (verify_bundle(r, header, flags))
620 return -1;
622 strvec_pushl(&ip.args, "index-pack", "--fix-thin", "--stdin", NULL);
624 /* If there is a filter, then we need to create the promisor pack. */
625 if (header->filter.choice)
626 strvec_push(&ip.args, "--promisor=from-bundle");
628 if (extra_index_pack_args) {
629 strvec_pushv(&ip.args, extra_index_pack_args->v);
630 strvec_clear(extra_index_pack_args);
633 ip.in = bundle_fd;
634 ip.no_stdout = 1;
635 ip.git_cmd = 1;
636 if (run_command(&ip))
637 return error(_("index-pack died"));
638 return 0;