Merge branch 'tb/object-access-overflow-protection'
[git/debian.git] / serve.c
bloba1d71134d49cc88ead5af690315b27ae23215e56
1 #include "git-compat-util.h"
2 #include "repository.h"
3 #include "config.h"
4 #include "hash-ll.h"
5 #include "pkt-line.h"
6 #include "version.h"
7 #include "ls-refs.h"
8 #include "protocol-caps.h"
9 #include "serve.h"
10 #include "upload-pack.h"
11 #include "bundle-uri.h"
12 #include "trace2.h"
14 static int advertise_sid = -1;
15 static int client_hash_algo = GIT_HASH_SHA1;
17 static int always_advertise(struct repository *r UNUSED,
18 struct strbuf *value UNUSED)
20 return 1;
23 static int agent_advertise(struct repository *r UNUSED,
24 struct strbuf *value)
26 if (value)
27 strbuf_addstr(value, git_user_agent_sanitized());
28 return 1;
31 static int object_format_advertise(struct repository *r,
32 struct strbuf *value)
34 if (value)
35 strbuf_addstr(value, r->hash_algo->name);
36 return 1;
39 static void object_format_receive(struct repository *r UNUSED,
40 const char *algo_name)
42 if (!algo_name)
43 die("object-format capability requires an argument");
45 client_hash_algo = hash_algo_by_name(algo_name);
46 if (client_hash_algo == GIT_HASH_UNKNOWN)
47 die("unknown object format '%s'", algo_name);
50 static int session_id_advertise(struct repository *r, struct strbuf *value)
52 if (advertise_sid == -1 &&
53 repo_config_get_bool(r, "transfer.advertisesid", &advertise_sid))
54 advertise_sid = 0;
55 if (!advertise_sid)
56 return 0;
57 if (value)
58 strbuf_addstr(value, trace2_session_id());
59 return 1;
62 static void session_id_receive(struct repository *r UNUSED,
63 const char *client_sid)
65 if (!client_sid)
66 client_sid = "";
67 trace2_data_string("transfer", NULL, "client-sid", client_sid);
70 struct protocol_capability {
72 * The name of the capability. The server uses this name when
73 * advertising this capability, and the client uses this name to
74 * specify this capability.
76 const char *name;
79 * Function queried to see if a capability should be advertised.
80 * Optionally a value can be specified by adding it to 'value'.
81 * If a value is added to 'value', the server will advertise this
82 * capability as "<name>=<value>" instead of "<name>".
84 int (*advertise)(struct repository *r, struct strbuf *value);
87 * Function called when a client requests the capability as a command.
88 * Will be provided a struct packet_reader 'request' which it should
89 * use to read the command specific part of the request. Every command
90 * MUST read until a flush packet is seen before sending a response.
92 * This field should be NULL for capabilities which are not commands.
94 int (*command)(struct repository *r, struct packet_reader *request);
97 * Function called when a client requests the capability as a
98 * non-command. This may be NULL if the capability does nothing.
100 * For a capability of the form "foo=bar", the value string points to
101 * the content after the "=" (i.e., "bar"). For simple capabilities
102 * (just "foo"), it is NULL.
104 void (*receive)(struct repository *r, const char *value);
107 static struct protocol_capability capabilities[] = {
109 .name = "agent",
110 .advertise = agent_advertise,
113 .name = "ls-refs",
114 .advertise = ls_refs_advertise,
115 .command = ls_refs,
118 .name = "fetch",
119 .advertise = upload_pack_advertise,
120 .command = upload_pack_v2,
123 .name = "server-option",
124 .advertise = always_advertise,
127 .name = "object-format",
128 .advertise = object_format_advertise,
129 .receive = object_format_receive,
132 .name = "session-id",
133 .advertise = session_id_advertise,
134 .receive = session_id_receive,
137 .name = "object-info",
138 .advertise = always_advertise,
139 .command = cap_object_info,
142 .name = "bundle-uri",
143 .advertise = bundle_uri_advertise,
144 .command = bundle_uri_command,
148 void protocol_v2_advertise_capabilities(void)
150 struct strbuf capability = STRBUF_INIT;
151 struct strbuf value = STRBUF_INIT;
152 int i;
154 /* serve by default supports v2 */
155 packet_write_fmt(1, "version 2\n");
157 for (i = 0; i < ARRAY_SIZE(capabilities); i++) {
158 struct protocol_capability *c = &capabilities[i];
160 if (c->advertise(the_repository, &value)) {
161 strbuf_addstr(&capability, c->name);
163 if (value.len) {
164 strbuf_addch(&capability, '=');
165 strbuf_addbuf(&capability, &value);
168 strbuf_addch(&capability, '\n');
169 packet_write(1, capability.buf, capability.len);
172 strbuf_reset(&capability);
173 strbuf_reset(&value);
176 packet_flush(1);
177 strbuf_release(&capability);
178 strbuf_release(&value);
181 static struct protocol_capability *get_capability(const char *key, const char **value)
183 int i;
185 if (!key)
186 return NULL;
188 for (i = 0; i < ARRAY_SIZE(capabilities); i++) {
189 struct protocol_capability *c = &capabilities[i];
190 const char *out;
191 if (!skip_prefix(key, c->name, &out))
192 continue;
193 if (!*out) {
194 *value = NULL;
195 return c;
197 if (*out++ == '=') {
198 *value = out;
199 return c;
203 return NULL;
206 static int receive_client_capability(const char *key)
208 const char *value;
209 const struct protocol_capability *c = get_capability(key, &value);
211 if (!c || c->command || !c->advertise(the_repository, NULL))
212 return 0;
214 if (c->receive)
215 c->receive(the_repository, value);
216 return 1;
219 static int parse_command(const char *key, struct protocol_capability **command)
221 const char *out;
223 if (skip_prefix(key, "command=", &out)) {
224 const char *value;
225 struct protocol_capability *cmd = get_capability(out, &value);
227 if (*command)
228 die("command '%s' requested after already requesting command '%s'",
229 out, (*command)->name);
230 if (!cmd || !cmd->advertise(the_repository, NULL) || !cmd->command || value)
231 die("invalid command '%s'", out);
233 *command = cmd;
234 return 1;
237 return 0;
240 enum request_state {
241 PROCESS_REQUEST_KEYS,
242 PROCESS_REQUEST_DONE,
245 static int process_request(void)
247 enum request_state state = PROCESS_REQUEST_KEYS;
248 struct packet_reader reader;
249 int seen_capability_or_command = 0;
250 struct protocol_capability *command = NULL;
252 packet_reader_init(&reader, 0, NULL, 0,
253 PACKET_READ_CHOMP_NEWLINE |
254 PACKET_READ_GENTLE_ON_EOF |
255 PACKET_READ_DIE_ON_ERR_PACKET);
258 * Check to see if the client closed their end before sending another
259 * request. If so we can terminate the connection.
261 if (packet_reader_peek(&reader) == PACKET_READ_EOF)
262 return 1;
263 reader.options &= ~PACKET_READ_GENTLE_ON_EOF;
265 while (state != PROCESS_REQUEST_DONE) {
266 switch (packet_reader_peek(&reader)) {
267 case PACKET_READ_EOF:
268 BUG("Should have already died when seeing EOF");
269 case PACKET_READ_NORMAL:
270 if (parse_command(reader.line, &command) ||
271 receive_client_capability(reader.line))
272 seen_capability_or_command = 1;
273 else
274 die("unknown capability '%s'", reader.line);
276 /* Consume the peeked line */
277 packet_reader_read(&reader);
278 break;
279 case PACKET_READ_FLUSH:
281 * If no command and no keys were given then the client
282 * wanted to terminate the connection.
284 if (!seen_capability_or_command)
285 return 1;
288 * The flush packet isn't consume here like it is in
289 * the other parts of this switch statement. This is
290 * so that the command can read the flush packet and
291 * see the end of the request in the same way it would
292 * if command specific arguments were provided after a
293 * delim packet.
295 state = PROCESS_REQUEST_DONE;
296 break;
297 case PACKET_READ_DELIM:
298 /* Consume the peeked line */
299 packet_reader_read(&reader);
301 state = PROCESS_REQUEST_DONE;
302 break;
303 case PACKET_READ_RESPONSE_END:
304 BUG("unexpected response end packet");
308 if (!command)
309 die("no command requested");
311 if (client_hash_algo != hash_algo_by_ptr(the_repository->hash_algo))
312 die("mismatched object format: server %s; client %s\n",
313 the_repository->hash_algo->name,
314 hash_algos[client_hash_algo].name);
316 command->command(the_repository, &reader);
318 return 0;
321 void protocol_v2_serve_loop(int stateless_rpc)
323 if (!stateless_rpc)
324 protocol_v2_advertise_capabilities();
327 * If stateless-rpc was requested then exit after
328 * a single request/response exchange
330 if (stateless_rpc) {
331 process_request();
332 } else {
333 for (;;)
334 if (process_request())
335 break;