diff options
Diffstat (limited to 'builtin/receive-pack.c')
| -rw-r--r-- | builtin/receive-pack.c | 208 |
1 files changed, 121 insertions, 87 deletions
diff --git a/builtin/receive-pack.c b/builtin/receive-pack.c index 411e0b4d99..439f29d6c7 100644 --- a/builtin/receive-pack.c +++ b/builtin/receive-pack.c @@ -13,9 +13,9 @@ #include "remote.h" #include "connect.h" #include "string-list.h" -#include "sha1-array.h" +#include "oid-array.h" #include "connected.h" -#include "argv-array.h" +#include "strvec.h" #include "version.h" #include "tag.h" #include "gpg-interface.h" @@ -27,6 +27,8 @@ #include "object-store.h" #include "protocol.h" #include "commit-reach.h" +#include "worktree.h" +#include "shallow.h" static const char * const receive_pack_usage[] = { N_("git receive-pack <git-dir>"), @@ -247,6 +249,7 @@ static void show_ref(const char *path, const struct object_id *oid) strbuf_addf(&cap, " push-cert=%s", push_cert_nonce); if (advertise_push_options) strbuf_addstr(&cap, " push-options"); + strbuf_addf(&cap, " object-format=%s", the_hash_algo->name); strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized()); packet_write_fmt(1, "%s %s%c%s\n", oid_to_hex(oid), path, 0, cap.buf); @@ -417,7 +420,7 @@ static int copy_to_sideband(int in, int out, void *arg) return 0; } -static void hmac(unsigned char *out, +static void hmac_hash(unsigned char *out, const char *key_in, size_t key_len, const char *text, size_t text_len) { @@ -462,10 +465,10 @@ static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp) unsigned char hash[GIT_MAX_RAWSZ]; strbuf_addf(&buf, "%s:%"PRItime, path, stamp); - hmac(hash, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed)); + hmac_hash(hash, buf.buf, buf.len, cert_nonce_seed, strlen(cert_nonce_seed)); strbuf_release(&buf); - /* RFC 2104 5. HMAC-SHA1-80 */ + /* RFC 2104 5. HMAC-SHA1 or HMAC-SHA256 */ strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, (int)the_hash_algo->hexsz, hash_to_hex(hash)); return strbuf_detach(&buf, NULL); } @@ -498,12 +501,27 @@ static char *find_header(const char *msg, size_t len, const char *key, return NULL; } +/* + * Return zero if a and b are equal up to n bytes and nonzero if they are not. + * This operation is guaranteed to run in constant time to avoid leaking data. + */ +static int constant_memequal(const char *a, const char *b, size_t n) +{ + int res = 0; + size_t i; + + for (i = 0; i < n; i++) + res |= a[i] ^ b[i]; + return res; +} + static const char *check_nonce(const char *buf, size_t len) { char *nonce = find_header(buf, len, "nonce", NULL); timestamp_t stamp, ostamp; char *bohmac, *expect = NULL; const char *retval = NONCE_BAD; + size_t noncelen; if (!nonce) { retval = NONCE_MISSING; @@ -545,8 +563,14 @@ static const char *check_nonce(const char *buf, size_t len) goto leave; } + noncelen = strlen(nonce); expect = prepare_push_cert_nonce(service_dir, stamp); - if (strcmp(expect, nonce)) { + if (noncelen != strlen(expect)) { + /* This is not even the right size. */ + retval = NONCE_BAD; + goto leave; + } + if (constant_memequal(expect, nonce, noncelen)) { /* Not what we would have signed earlier */ retval = NONCE_BAD; goto leave; @@ -643,25 +667,25 @@ static void prepare_push_cert_sha1(struct child_process *proc) nonce_status = check_nonce(push_cert.buf, bogs); } if (!is_null_oid(&push_cert_oid)) { - argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT=%s", - oid_to_hex(&push_cert_oid)); - argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s", - sigcheck.signer ? sigcheck.signer : ""); - argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s", - sigcheck.key ? sigcheck.key : ""); - argv_array_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c", - sigcheck.result); + strvec_pushf(&proc->env_array, "GIT_PUSH_CERT=%s", + oid_to_hex(&push_cert_oid)); + strvec_pushf(&proc->env_array, "GIT_PUSH_CERT_SIGNER=%s", + sigcheck.signer ? sigcheck.signer : ""); + strvec_pushf(&proc->env_array, "GIT_PUSH_CERT_KEY=%s", + sigcheck.key ? sigcheck.key : ""); + strvec_pushf(&proc->env_array, "GIT_PUSH_CERT_STATUS=%c", + sigcheck.result); if (push_cert_nonce) { - argv_array_pushf(&proc->env_array, - "GIT_PUSH_CERT_NONCE=%s", - push_cert_nonce); - argv_array_pushf(&proc->env_array, - "GIT_PUSH_CERT_NONCE_STATUS=%s", - nonce_status); + strvec_pushf(&proc->env_array, + "GIT_PUSH_CERT_NONCE=%s", + push_cert_nonce); + strvec_pushf(&proc->env_array, + "GIT_PUSH_CERT_NONCE_STATUS=%s", + nonce_status); if (nonce_status == NONCE_SLOP) - argv_array_pushf(&proc->env_array, - "GIT_PUSH_CERT_NONCE_SLOP=%ld", - nonce_stamp_slop); + strvec_pushf(&proc->env_array, + "GIT_PUSH_CERT_NONCE_SLOP=%ld", + nonce_stamp_slop); } } } @@ -696,16 +720,16 @@ static int run_and_feed_hook(const char *hook_name, feed_fn feed, if (feed_state->push_options) { int i; for (i = 0; i < feed_state->push_options->nr; i++) - argv_array_pushf(&proc.env_array, - "GIT_PUSH_OPTION_%d=%s", i, - feed_state->push_options->items[i].string); - argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d", - feed_state->push_options->nr); + strvec_pushf(&proc.env_array, + "GIT_PUSH_OPTION_%d=%s", i, + feed_state->push_options->items[i].string); + strvec_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT=%d", + feed_state->push_options->nr); } else - argv_array_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT"); + strvec_pushf(&proc.env_array, "GIT_PUSH_OPTION_COUNT"); if (tmp_objdir) - argv_array_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir)); + strvec_pushv(&proc.env_array, tmp_objdir_env(tmp_objdir)); if (use_sideband) { memset(&muxer, 0, sizeof(muxer)); @@ -816,16 +840,6 @@ static int run_update_hook(struct command *cmd) return finish_command(&proc); } -static int is_ref_checked_out(const char *ref) -{ - if (is_bare_repository()) - return 0; - - if (!head_name) - return 0; - return !strcmp(head_name, ref); -} - static char *refuse_unconfigured_deny_msg = N_("By default, updating the current branch in a non-bare repository\n" "is denied, because it will make the index and work tree inconsistent\n" @@ -864,7 +878,7 @@ static void refuse_unconfigured_deny_delete_current(void) static int command_singleton_iterator(void *cb_data, struct object_id *oid); static int update_shallow_ref(struct command *cmd, struct shallow_info *si) { - struct lock_file shallow_lock = LOCK_INIT; + struct shallow_lock shallow_lock = SHALLOW_LOCK_INIT; struct oid_array extra = OID_ARRAY_INIT; struct check_connected_options opt = CHECK_CONNECTED_INIT; uint32_t mask = 1 << (cmd->index % 32); @@ -881,12 +895,12 @@ static int update_shallow_ref(struct command *cmd, struct shallow_info *si) opt.env = tmp_objdir_env(tmp_objdir); setup_alternate_shallow(&shallow_lock, &opt.shallow_file, &extra); if (check_connected(command_singleton_iterator, cmd, &opt)) { - rollback_lock_file(&shallow_lock); + rollback_shallow_file(the_repository, &shallow_lock); oid_array_clear(&extra); return -1; } - commit_lock_file(&shallow_lock); + commit_shallow_file(the_repository, &shallow_lock); /* * Make sure setup_alternate_shallow() for the next ref does @@ -917,7 +931,7 @@ static int head_has_history(void) } static const char *push_to_deploy(unsigned char *sha1, - struct argv_array *env, + struct strvec *env, const char *work_tree) { const char *update_refresh[] = { @@ -936,7 +950,7 @@ static const char *push_to_deploy(unsigned char *sha1, struct child_process child = CHILD_PROCESS_INIT; child.argv = update_refresh; - child.env = env->argv; + child.env = env->v; child.dir = work_tree; child.no_stdin = 1; child.stdout_to_stderr = 1; @@ -947,7 +961,7 @@ static const char *push_to_deploy(unsigned char *sha1, /* run_command() does not clean up completely; reinitialize */ child_process_init(&child); child.argv = diff_files; - child.env = env->argv; + child.env = env->v; child.dir = work_tree; child.no_stdin = 1; child.stdout_to_stderr = 1; @@ -960,7 +974,7 @@ static const char *push_to_deploy(unsigned char *sha1, child_process_init(&child); child.argv = diff_index; - child.env = env->argv; + child.env = env->v; child.no_stdin = 1; child.no_stdout = 1; child.stdout_to_stderr = 0; @@ -971,7 +985,7 @@ static const char *push_to_deploy(unsigned char *sha1, read_tree[3] = hash_to_hex(sha1); child_process_init(&child); child.argv = read_tree; - child.env = env->argv; + child.env = env->v; child.dir = work_tree; child.no_stdin = 1; child.no_stdout = 1; @@ -986,34 +1000,44 @@ static const char *push_to_deploy(unsigned char *sha1, static const char *push_to_checkout_hook = "push-to-checkout"; static const char *push_to_checkout(unsigned char *hash, - struct argv_array *env, + struct strvec *env, const char *work_tree) { - argv_array_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree)); - if (run_hook_le(env->argv, push_to_checkout_hook, + strvec_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree)); + if (run_hook_le(env->v, push_to_checkout_hook, hash_to_hex(hash), NULL)) return "push-to-checkout hook declined"; else return NULL; } -static const char *update_worktree(unsigned char *sha1) +static const char *update_worktree(unsigned char *sha1, const struct worktree *worktree) { - const char *retval; - const char *work_tree = git_work_tree_cfg ? git_work_tree_cfg : ".."; - struct argv_array env = ARGV_ARRAY_INIT; + const char *retval, *work_tree, *git_dir = NULL; + struct strvec env = STRVEC_INIT; + + if (worktree && worktree->path) + work_tree = worktree->path; + else if (git_work_tree_cfg) + work_tree = git_work_tree_cfg; + else + work_tree = ".."; if (is_bare_repository()) return "denyCurrentBranch = updateInstead needs a worktree"; + if (worktree) + git_dir = get_worktree_git_dir(worktree); + if (!git_dir) + git_dir = get_git_dir(); - argv_array_pushf(&env, "GIT_DIR=%s", absolute_path(get_git_dir())); + strvec_pushf(&env, "GIT_DIR=%s", absolute_path(git_dir)); if (!find_hook(push_to_checkout_hook)) retval = push_to_deploy(sha1, &env, work_tree); else retval = push_to_checkout(sha1, &env, work_tree); - argv_array_clear(&env); + strvec_clear(&env); return retval; } @@ -1026,6 +1050,7 @@ static const char *update(struct command *cmd, struct shallow_info *si) struct object_id *old_oid = &cmd->old_oid; struct object_id *new_oid = &cmd->new_oid; int do_update_worktree = 0; + const struct worktree *worktree = is_bare_repository() ? NULL : find_shared_symref("HEAD", name); /* only refs/... are allowed */ if (!starts_with(name, "refs/") || check_refname_format(name + 5, 0)) { @@ -1037,7 +1062,7 @@ static const char *update(struct command *cmd, struct shallow_info *si) free(namespaced_name); namespaced_name = strbuf_detach(&namespaced_name_buf, NULL); - if (is_ref_checked_out(namespaced_name)) { + if (worktree) { switch (deny_current_branch) { case DENY_IGNORE: break; @@ -1069,7 +1094,7 @@ static const char *update(struct command *cmd, struct shallow_info *si) return "deletion prohibited"; } - if (head_name && !strcmp(namespaced_name, head_name)) { + if (worktree || (head_name && !strcmp(namespaced_name, head_name))) { switch (deny_delete_current) { case DENY_IGNORE: break; @@ -1118,7 +1143,7 @@ static const char *update(struct command *cmd, struct shallow_info *si) } if (do_update_worktree) { - ret = update_worktree(new_oid->hash); + ret = update_worktree(new_oid->hash, find_shared_symref("HEAD", name)); if (ret) return ret; } @@ -1180,11 +1205,11 @@ static void run_update_post_hook(struct command *commands) for (cmd = commands; cmd; cmd = cmd->next) { if (cmd->error_string || cmd->did_not_exist) continue; - if (!proc.args.argc) - argv_array_push(&proc.args, hook); - argv_array_push(&proc.args, cmd->ref_name); + if (!proc.args.nr) + strvec_push(&proc.args, hook); + strvec_push(&proc.args, cmd->ref_name); } - if (!proc.args.argc) + if (!proc.args.nr) return; proc.no_stdin = 1; @@ -1600,6 +1625,8 @@ static struct command *read_head_info(struct packet_reader *reader, linelen = strlen(reader->line); if (linelen < reader->pktlen) { const char *feature_list = reader->line + linelen + 1; + const char *hash = NULL; + int len = 0; if (parse_feature_request(feature_list, "report-status")) report_status = 1; if (parse_feature_request(feature_list, "side-band-64k")) @@ -1612,6 +1639,13 @@ static struct command *read_head_info(struct packet_reader *reader, if (advertise_push_options && parse_feature_request(feature_list, "push-options")) use_push_options = 1; + hash = parse_feature_value(feature_list, "object-format", &len, NULL); + if (!hash) { + hash = hash_algos[GIT_HASH_SHA1].name; + len = strlen(hash); + } + if (xstrncmpz(the_hash_algo->name, hash, len)) + die("error: unsupported object format '%s'", hash); } if (!strcmp(reader->line, "push-cert")) { @@ -1681,10 +1715,10 @@ static const char *parse_pack_header(struct pack_header *hdr) static const char *pack_lockfile; -static void push_header_arg(struct argv_array *args, struct pack_header *hdr) +static void push_header_arg(struct strvec *args, struct pack_header *hdr) { - argv_array_pushf(args, "--pack_header=%"PRIu32",%"PRIu32, - ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries)); + strvec_pushf(args, "--pack_header=%"PRIu32",%"PRIu32, + ntohl(hdr->hdr_version), ntohl(hdr->hdr_entries)); } static const char *unpack(int err_fd, struct shallow_info *si) @@ -1708,8 +1742,8 @@ static const char *unpack(int err_fd, struct shallow_info *si) if (si->nr_ours || si->nr_theirs) { alt_shallow_file = setup_temporary_shallow(si->shallow); - argv_array_push(&child.args, "--shallow-file"); - argv_array_push(&child.args, alt_shallow_file); + strvec_push(&child.args, "--shallow-file"); + strvec_push(&child.args, alt_shallow_file); } tmp_objdir = tmp_objdir_create(); @@ -1728,16 +1762,16 @@ static const char *unpack(int err_fd, struct shallow_info *si) tmp_objdir_add_as_alternate(tmp_objdir); if (ntohl(hdr.hdr_entries) < unpack_limit) { - argv_array_push(&child.args, "unpack-objects"); + strvec_push(&child.args, "unpack-objects"); push_header_arg(&child.args, &hdr); if (quiet) - argv_array_push(&child.args, "-q"); + strvec_push(&child.args, "-q"); if (fsck_objects) - argv_array_pushf(&child.args, "--strict%s", - fsck_msg_types.buf); + strvec_pushf(&child.args, "--strict%s", + fsck_msg_types.buf); if (max_input_size) - argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX, - (uintmax_t)max_input_size); + strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX, + (uintmax_t)max_input_size); child.no_stdout = 1; child.err = err_fd; child.git_cmd = 1; @@ -1747,28 +1781,28 @@ static const char *unpack(int err_fd, struct shallow_info *si) } else { char hostname[HOST_NAME_MAX + 1]; - argv_array_pushl(&child.args, "index-pack", "--stdin", NULL); + strvec_pushl(&child.args, "index-pack", "--stdin", NULL); push_header_arg(&child.args, &hdr); if (xgethostname(hostname, sizeof(hostname))) xsnprintf(hostname, sizeof(hostname), "localhost"); - argv_array_pushf(&child.args, - "--keep=receive-pack %"PRIuMAX" on %s", - (uintmax_t)getpid(), - hostname); + strvec_pushf(&child.args, + "--keep=receive-pack %"PRIuMAX" on %s", + (uintmax_t)getpid(), + hostname); if (!quiet && err_fd) - argv_array_push(&child.args, "--show-resolving-progress"); + strvec_push(&child.args, "--show-resolving-progress"); if (use_sideband) - argv_array_push(&child.args, "--report-end-of-input"); + strvec_push(&child.args, "--report-end-of-input"); if (fsck_objects) - argv_array_pushf(&child.args, "--strict%s", - fsck_msg_types.buf); + strvec_pushf(&child.args, "--strict%s", + fsck_msg_types.buf); if (!reject_thin) - argv_array_push(&child.args, "--fix-thin"); + strvec_push(&child.args, "--fix-thin"); if (max_input_size) - argv_array_pushf(&child.args, "--max-input-size=%"PRIuMAX, - (uintmax_t)max_input_size); + strvec_pushf(&child.args, "--max-input-size=%"PRIuMAX, + (uintmax_t)max_input_size); child.out = -1; child.err = err_fd; child.git_cmd = 1; |