Disallow dubiously-nested submodule git directories
[git] / archive-zip.c
1 /*
2  * Copyright (c) 2006 Rene Scharfe
3  */
4 #include "cache.h"
5 #include "config.h"
6 #include "archive.h"
7 #include "streaming.h"
8 #include "utf8.h"
9 #include "userdiff.h"
10 #include "xdiff-interface.h"
11
12 static int zip_date;
13 static int zip_time;
14
15 /* We only care about the "buf" part here. */
16 static struct strbuf zip_dir;
17
18 static uintmax_t zip_offset;
19 static uint64_t zip_dir_entries;
20
21 static unsigned int max_creator_version;
22
23 #define ZIP_STREAM      (1 <<  3)
24 #define ZIP_UTF8        (1 << 11)
25
26 struct zip_local_header {
27         unsigned char magic[4];
28         unsigned char version[2];
29         unsigned char flags[2];
30         unsigned char compression_method[2];
31         unsigned char mtime[2];
32         unsigned char mdate[2];
33         unsigned char crc32[4];
34         unsigned char compressed_size[4];
35         unsigned char size[4];
36         unsigned char filename_length[2];
37         unsigned char extra_length[2];
38         unsigned char _end[1];
39 };
40
41 struct zip_data_desc {
42         unsigned char magic[4];
43         unsigned char crc32[4];
44         unsigned char compressed_size[4];
45         unsigned char size[4];
46         unsigned char _end[1];
47 };
48
49 struct zip64_data_desc {
50         unsigned char magic[4];
51         unsigned char crc32[4];
52         unsigned char compressed_size[8];
53         unsigned char size[8];
54         unsigned char _end[1];
55 };
56
57 struct zip_dir_trailer {
58         unsigned char magic[4];
59         unsigned char disk[2];
60         unsigned char directory_start_disk[2];
61         unsigned char entries_on_this_disk[2];
62         unsigned char entries[2];
63         unsigned char size[4];
64         unsigned char offset[4];
65         unsigned char comment_length[2];
66         unsigned char _end[1];
67 };
68
69 struct zip_extra_mtime {
70         unsigned char magic[2];
71         unsigned char extra_size[2];
72         unsigned char flags[1];
73         unsigned char mtime[4];
74         unsigned char _end[1];
75 };
76
77 struct zip64_extra {
78         unsigned char magic[2];
79         unsigned char extra_size[2];
80         unsigned char size[8];
81         unsigned char compressed_size[8];
82         unsigned char _end[1];
83 };
84
85 struct zip64_dir_trailer {
86         unsigned char magic[4];
87         unsigned char record_size[8];
88         unsigned char creator_version[2];
89         unsigned char version[2];
90         unsigned char disk[4];
91         unsigned char directory_start_disk[4];
92         unsigned char entries_on_this_disk[8];
93         unsigned char entries[8];
94         unsigned char size[8];
95         unsigned char offset[8];
96         unsigned char _end[1];
97 };
98
99 struct zip64_dir_trailer_locator {
100         unsigned char magic[4];
101         unsigned char disk[4];
102         unsigned char offset[8];
103         unsigned char number_of_disks[4];
104         unsigned char _end[1];
105 };
106
107 /*
108  * On ARM, padding is added at the end of the struct, so a simple
109  * sizeof(struct ...) reports two bytes more than the payload size
110  * we're interested in.
111  */
112 #define ZIP_LOCAL_HEADER_SIZE   offsetof(struct zip_local_header, _end)
113 #define ZIP_DATA_DESC_SIZE      offsetof(struct zip_data_desc, _end)
114 #define ZIP64_DATA_DESC_SIZE    offsetof(struct zip64_data_desc, _end)
115 #define ZIP_DIR_HEADER_SIZE     offsetof(struct zip_dir_header, _end)
116 #define ZIP_DIR_TRAILER_SIZE    offsetof(struct zip_dir_trailer, _end)
117 #define ZIP_EXTRA_MTIME_SIZE    offsetof(struct zip_extra_mtime, _end)
118 #define ZIP_EXTRA_MTIME_PAYLOAD_SIZE \
119         (ZIP_EXTRA_MTIME_SIZE - offsetof(struct zip_extra_mtime, flags))
120 #define ZIP64_EXTRA_SIZE        offsetof(struct zip64_extra, _end)
121 #define ZIP64_EXTRA_PAYLOAD_SIZE \
122         (ZIP64_EXTRA_SIZE - offsetof(struct zip64_extra, size))
123 #define ZIP64_DIR_TRAILER_SIZE  offsetof(struct zip64_dir_trailer, _end)
124 #define ZIP64_DIR_TRAILER_RECORD_SIZE \
125         (ZIP64_DIR_TRAILER_SIZE - \
126          offsetof(struct zip64_dir_trailer, creator_version))
127 #define ZIP64_DIR_TRAILER_LOCATOR_SIZE \
128         offsetof(struct zip64_dir_trailer_locator, _end)
129
130 static void copy_le16(unsigned char *dest, unsigned int n)
131 {
132         dest[0] = 0xff & n;
133         dest[1] = 0xff & (n >> 010);
134 }
135
136 static void copy_le32(unsigned char *dest, unsigned int n)
137 {
138         dest[0] = 0xff & n;
139         dest[1] = 0xff & (n >> 010);
140         dest[2] = 0xff & (n >> 020);
141         dest[3] = 0xff & (n >> 030);
142 }
143
144 static void copy_le64(unsigned char *dest, uint64_t n)
145 {
146         dest[0] = 0xff & n;
147         dest[1] = 0xff & (n >> 010);
148         dest[2] = 0xff & (n >> 020);
149         dest[3] = 0xff & (n >> 030);
150         dest[4] = 0xff & (n >> 040);
151         dest[5] = 0xff & (n >> 050);
152         dest[6] = 0xff & (n >> 060);
153         dest[7] = 0xff & (n >> 070);
154 }
155
156 static uint64_t clamp_max(uint64_t n, uint64_t max, int *clamped)
157 {
158         if (n <= max)
159                 return n;
160         *clamped = 1;
161         return max;
162 }
163
164 static void copy_le16_clamp(unsigned char *dest, uint64_t n, int *clamped)
165 {
166         copy_le16(dest, clamp_max(n, 0xffff, clamped));
167 }
168
169 static void copy_le32_clamp(unsigned char *dest, uint64_t n, int *clamped)
170 {
171         copy_le32(dest, clamp_max(n, 0xffffffff, clamped));
172 }
173
174 static int strbuf_add_le(struct strbuf *sb, size_t size, uintmax_t n)
175 {
176         while (size-- > 0) {
177                 strbuf_addch(sb, n & 0xff);
178                 n >>= 8;
179         }
180         return -!!n;
181 }
182
183 static uint32_t clamp32(uintmax_t n)
184 {
185         const uintmax_t max = 0xffffffff;
186         return (n < max) ? n : max;
187 }
188
189 static void *zlib_deflate_raw(void *data, unsigned long size,
190                               int compression_level,
191                               unsigned long *compressed_size)
192 {
193         git_zstream stream;
194         unsigned long maxsize;
195         void *buffer;
196         int result;
197
198         git_deflate_init_raw(&stream, compression_level);
199         maxsize = git_deflate_bound(&stream, size);
200         buffer = xmalloc(maxsize);
201
202         stream.next_in = data;
203         stream.avail_in = size;
204         stream.next_out = buffer;
205         stream.avail_out = maxsize;
206
207         do {
208                 result = git_deflate(&stream, Z_FINISH);
209         } while (result == Z_OK);
210
211         if (result != Z_STREAM_END) {
212                 free(buffer);
213                 return NULL;
214         }
215
216         git_deflate_end(&stream);
217         *compressed_size = stream.total_out;
218
219         return buffer;
220 }
221
222 static void write_zip_data_desc(unsigned long size,
223                                 unsigned long compressed_size,
224                                 unsigned long crc)
225 {
226         if (size >= 0xffffffff || compressed_size >= 0xffffffff) {
227                 struct zip64_data_desc trailer;
228                 copy_le32(trailer.magic, 0x08074b50);
229                 copy_le32(trailer.crc32, crc);
230                 copy_le64(trailer.compressed_size, compressed_size);
231                 copy_le64(trailer.size, size);
232                 write_or_die(1, &trailer, ZIP64_DATA_DESC_SIZE);
233                 zip_offset += ZIP64_DATA_DESC_SIZE;
234         } else {
235                 struct zip_data_desc trailer;
236                 copy_le32(trailer.magic, 0x08074b50);
237                 copy_le32(trailer.crc32, crc);
238                 copy_le32(trailer.compressed_size, compressed_size);
239                 copy_le32(trailer.size, size);
240                 write_or_die(1, &trailer, ZIP_DATA_DESC_SIZE);
241                 zip_offset += ZIP_DATA_DESC_SIZE;
242         }
243 }
244
245 static void set_zip_header_data_desc(struct zip_local_header *header,
246                                      unsigned long size,
247                                      unsigned long compressed_size,
248                                      unsigned long crc)
249 {
250         copy_le32(header->crc32, crc);
251         copy_le32(header->compressed_size, compressed_size);
252         copy_le32(header->size, size);
253 }
254
255 static int has_only_ascii(const char *s)
256 {
257         for (;;) {
258                 int c = *s++;
259                 if (c == '\0')
260                         return 1;
261                 if (!isascii(c))
262                         return 0;
263         }
264 }
265
266 static int entry_is_binary(const char *path, const void *buffer, size_t size)
267 {
268         struct userdiff_driver *driver = userdiff_find_by_path(path);
269         if (!driver)
270                 driver = userdiff_find_by_name("default");
271         if (driver->binary != -1)
272                 return driver->binary;
273         return buffer_is_binary(buffer, size);
274 }
275
276 #define STREAM_BUFFER_SIZE (1024 * 16)
277
278 static int write_zip_entry(struct archiver_args *args,
279                            const unsigned char *sha1,
280                            const char *path, size_t pathlen,
281                            unsigned int mode)
282 {
283         struct zip_local_header header;
284         uintmax_t offset = zip_offset;
285         struct zip_extra_mtime extra;
286         struct zip64_extra extra64;
287         size_t header_extra_size = ZIP_EXTRA_MTIME_SIZE;
288         int need_zip64_extra = 0;
289         unsigned long attr2;
290         unsigned long compressed_size;
291         unsigned long crc;
292         int method;
293         unsigned char *out;
294         void *deflated = NULL;
295         void *buffer;
296         struct git_istream *stream = NULL;
297         unsigned long flags = 0;
298         unsigned long size;
299         int is_binary = -1;
300         const char *path_without_prefix = path + args->baselen;
301         unsigned int creator_version = 0;
302         unsigned int version_needed = 10;
303         size_t zip_dir_extra_size = ZIP_EXTRA_MTIME_SIZE;
304         size_t zip64_dir_extra_payload_size = 0;
305
306         crc = crc32(0, NULL, 0);
307
308         if (!has_only_ascii(path)) {
309                 if (is_utf8(path))
310                         flags |= ZIP_UTF8;
311                 else
312                         warning("Path is not valid UTF-8: %s", path);
313         }
314
315         if (pathlen > 0xffff) {
316                 return error("path too long (%d chars, SHA1: %s): %s",
317                                 (int)pathlen, sha1_to_hex(sha1), path);
318         }
319
320         if (S_ISDIR(mode) || S_ISGITLINK(mode)) {
321                 method = 0;
322                 attr2 = 16;
323                 out = NULL;
324                 size = 0;
325                 compressed_size = 0;
326                 buffer = NULL;
327         } else if (S_ISREG(mode) || S_ISLNK(mode)) {
328                 enum object_type type = sha1_object_info(sha1, &size);
329
330                 method = 0;
331                 attr2 = S_ISLNK(mode) ? ((mode | 0777) << 16) :
332                         (mode & 0111) ? ((mode) << 16) : 0;
333                 if (S_ISLNK(mode) || (mode & 0111))
334                         creator_version = 0x0317;
335                 if (S_ISREG(mode) && args->compression_level != 0 && size > 0)
336                         method = 8;
337
338                 if (S_ISREG(mode) && type == OBJ_BLOB && !args->convert &&
339                     size > big_file_threshold) {
340                         stream = open_istream(sha1, &type, &size, NULL);
341                         if (!stream)
342                                 return error("cannot stream blob %s",
343                                              sha1_to_hex(sha1));
344                         flags |= ZIP_STREAM;
345                         out = buffer = NULL;
346                 } else {
347                         buffer = sha1_file_to_archive(args, path, sha1, mode,
348                                                       &type, &size);
349                         if (!buffer)
350                                 return error("cannot read %s",
351                                              sha1_to_hex(sha1));
352                         crc = crc32(crc, buffer, size);
353                         is_binary = entry_is_binary(path_without_prefix,
354                                                     buffer, size);
355                         out = buffer;
356                 }
357                 compressed_size = (method == 0) ? size : 0;
358         } else {
359                 return error("unsupported file mode: 0%o (SHA1: %s)", mode,
360                                 sha1_to_hex(sha1));
361         }
362
363         if (creator_version > max_creator_version)
364                 max_creator_version = creator_version;
365
366         if (buffer && method == 8) {
367                 out = deflated = zlib_deflate_raw(buffer, size,
368                                                   args->compression_level,
369                                                   &compressed_size);
370                 if (!out || compressed_size >= size) {
371                         out = buffer;
372                         method = 0;
373                         compressed_size = size;
374                 }
375         }
376
377         copy_le16(extra.magic, 0x5455);
378         copy_le16(extra.extra_size, ZIP_EXTRA_MTIME_PAYLOAD_SIZE);
379         extra.flags[0] = 1;     /* just mtime */
380         copy_le32(extra.mtime, args->time);
381
382         if (size > 0xffffffff || compressed_size > 0xffffffff)
383                 need_zip64_extra = 1;
384         if (stream && size > 0x7fffffff)
385                 need_zip64_extra = 1;
386
387         if (need_zip64_extra)
388                 version_needed = 45;
389
390         copy_le32(header.magic, 0x04034b50);
391         copy_le16(header.version, version_needed);
392         copy_le16(header.flags, flags);
393         copy_le16(header.compression_method, method);
394         copy_le16(header.mtime, zip_time);
395         copy_le16(header.mdate, zip_date);
396         if (need_zip64_extra) {
397                 set_zip_header_data_desc(&header, 0xffffffff, 0xffffffff, crc);
398                 header_extra_size += ZIP64_EXTRA_SIZE;
399         } else {
400                 set_zip_header_data_desc(&header, size, compressed_size, crc);
401         }
402         copy_le16(header.filename_length, pathlen);
403         copy_le16(header.extra_length, header_extra_size);
404         write_or_die(1, &header, ZIP_LOCAL_HEADER_SIZE);
405         zip_offset += ZIP_LOCAL_HEADER_SIZE;
406         write_or_die(1, path, pathlen);
407         zip_offset += pathlen;
408         write_or_die(1, &extra, ZIP_EXTRA_MTIME_SIZE);
409         zip_offset += ZIP_EXTRA_MTIME_SIZE;
410         if (need_zip64_extra) {
411                 copy_le16(extra64.magic, 0x0001);
412                 copy_le16(extra64.extra_size, ZIP64_EXTRA_PAYLOAD_SIZE);
413                 copy_le64(extra64.size, size);
414                 copy_le64(extra64.compressed_size, compressed_size);
415                 write_or_die(1, &extra64, ZIP64_EXTRA_SIZE);
416                 zip_offset += ZIP64_EXTRA_SIZE;
417         }
418
419         if (stream && method == 0) {
420                 unsigned char buf[STREAM_BUFFER_SIZE];
421                 ssize_t readlen;
422
423                 for (;;) {
424                         readlen = read_istream(stream, buf, sizeof(buf));
425                         if (readlen <= 0)
426                                 break;
427                         crc = crc32(crc, buf, readlen);
428                         if (is_binary == -1)
429                                 is_binary = entry_is_binary(path_without_prefix,
430                                                             buf, readlen);
431                         write_or_die(1, buf, readlen);
432                 }
433                 close_istream(stream);
434                 if (readlen)
435                         return readlen;
436
437                 compressed_size = size;
438                 zip_offset += compressed_size;
439
440                 write_zip_data_desc(size, compressed_size, crc);
441         } else if (stream && method == 8) {
442                 unsigned char buf[STREAM_BUFFER_SIZE];
443                 ssize_t readlen;
444                 git_zstream zstream;
445                 int result;
446                 size_t out_len;
447                 unsigned char compressed[STREAM_BUFFER_SIZE * 2];
448
449                 git_deflate_init_raw(&zstream, args->compression_level);
450
451                 compressed_size = 0;
452                 zstream.next_out = compressed;
453                 zstream.avail_out = sizeof(compressed);
454
455                 for (;;) {
456                         readlen = read_istream(stream, buf, sizeof(buf));
457                         if (readlen <= 0)
458                                 break;
459                         crc = crc32(crc, buf, readlen);
460                         if (is_binary == -1)
461                                 is_binary = entry_is_binary(path_without_prefix,
462                                                             buf, readlen);
463
464                         zstream.next_in = buf;
465                         zstream.avail_in = readlen;
466                         result = git_deflate(&zstream, 0);
467                         if (result != Z_OK)
468                                 die("deflate error (%d)", result);
469                         out_len = zstream.next_out - compressed;
470
471                         if (out_len > 0) {
472                                 write_or_die(1, compressed, out_len);
473                                 compressed_size += out_len;
474                                 zstream.next_out = compressed;
475                                 zstream.avail_out = sizeof(compressed);
476                         }
477
478                 }
479                 close_istream(stream);
480                 if (readlen)
481                         return readlen;
482
483                 zstream.next_in = buf;
484                 zstream.avail_in = 0;
485                 result = git_deflate(&zstream, Z_FINISH);
486                 if (result != Z_STREAM_END)
487                         die("deflate error (%d)", result);
488
489                 git_deflate_end(&zstream);
490                 out_len = zstream.next_out - compressed;
491                 write_or_die(1, compressed, out_len);
492                 compressed_size += out_len;
493                 zip_offset += compressed_size;
494
495                 write_zip_data_desc(size, compressed_size, crc);
496         } else if (compressed_size > 0) {
497                 write_or_die(1, out, compressed_size);
498                 zip_offset += compressed_size;
499         }
500
501         free(deflated);
502         free(buffer);
503
504         if (compressed_size > 0xffffffff || size > 0xffffffff ||
505             offset > 0xffffffff) {
506                 if (compressed_size >= 0xffffffff)
507                         zip64_dir_extra_payload_size += 8;
508                 if (size >= 0xffffffff)
509                         zip64_dir_extra_payload_size += 8;
510                 if (offset >= 0xffffffff)
511                         zip64_dir_extra_payload_size += 8;
512                 zip_dir_extra_size += 2 + 2 + zip64_dir_extra_payload_size;
513         }
514
515         strbuf_add_le(&zip_dir, 4, 0x02014b50); /* magic */
516         strbuf_add_le(&zip_dir, 2, creator_version);
517         strbuf_add_le(&zip_dir, 2, version_needed);
518         strbuf_add_le(&zip_dir, 2, flags);
519         strbuf_add_le(&zip_dir, 2, method);
520         strbuf_add_le(&zip_dir, 2, zip_time);
521         strbuf_add_le(&zip_dir, 2, zip_date);
522         strbuf_add_le(&zip_dir, 4, crc);
523         strbuf_add_le(&zip_dir, 4, clamp32(compressed_size));
524         strbuf_add_le(&zip_dir, 4, clamp32(size));
525         strbuf_add_le(&zip_dir, 2, pathlen);
526         strbuf_add_le(&zip_dir, 2, zip_dir_extra_size);
527         strbuf_add_le(&zip_dir, 2, 0);          /* comment length */
528         strbuf_add_le(&zip_dir, 2, 0);          /* disk */
529         strbuf_add_le(&zip_dir, 2, !is_binary);
530         strbuf_add_le(&zip_dir, 4, attr2);
531         strbuf_add_le(&zip_dir, 4, clamp32(offset));
532         strbuf_add(&zip_dir, path, pathlen);
533         strbuf_add(&zip_dir, &extra, ZIP_EXTRA_MTIME_SIZE);
534         if (zip64_dir_extra_payload_size) {
535                 strbuf_add_le(&zip_dir, 2, 0x0001);     /* magic */
536                 strbuf_add_le(&zip_dir, 2, zip64_dir_extra_payload_size);
537                 if (size >= 0xffffffff)
538                         strbuf_add_le(&zip_dir, 8, size);
539                 if (compressed_size >= 0xffffffff)
540                         strbuf_add_le(&zip_dir, 8, compressed_size);
541                 if (offset >= 0xffffffff)
542                         strbuf_add_le(&zip_dir, 8, offset);
543         }
544         zip_dir_entries++;
545
546         return 0;
547 }
548
549 static void write_zip64_trailer(void)
550 {
551         struct zip64_dir_trailer trailer64;
552         struct zip64_dir_trailer_locator locator64;
553
554         copy_le32(trailer64.magic, 0x06064b50);
555         copy_le64(trailer64.record_size, ZIP64_DIR_TRAILER_RECORD_SIZE);
556         copy_le16(trailer64.creator_version, max_creator_version);
557         copy_le16(trailer64.version, 45);
558         copy_le32(trailer64.disk, 0);
559         copy_le32(trailer64.directory_start_disk, 0);
560         copy_le64(trailer64.entries_on_this_disk, zip_dir_entries);
561         copy_le64(trailer64.entries, zip_dir_entries);
562         copy_le64(trailer64.size, zip_dir.len);
563         copy_le64(trailer64.offset, zip_offset);
564
565         copy_le32(locator64.magic, 0x07064b50);
566         copy_le32(locator64.disk, 0);
567         copy_le64(locator64.offset, zip_offset + zip_dir.len);
568         copy_le32(locator64.number_of_disks, 1);
569
570         write_or_die(1, &trailer64, ZIP64_DIR_TRAILER_SIZE);
571         write_or_die(1, &locator64, ZIP64_DIR_TRAILER_LOCATOR_SIZE);
572 }
573
574 static void write_zip_trailer(const unsigned char *sha1)
575 {
576         struct zip_dir_trailer trailer;
577         int clamped = 0;
578
579         copy_le32(trailer.magic, 0x06054b50);
580         copy_le16(trailer.disk, 0);
581         copy_le16(trailer.directory_start_disk, 0);
582         copy_le16_clamp(trailer.entries_on_this_disk, zip_dir_entries,
583                         &clamped);
584         copy_le16_clamp(trailer.entries, zip_dir_entries, &clamped);
585         copy_le32(trailer.size, zip_dir.len);
586         copy_le32_clamp(trailer.offset, zip_offset, &clamped);
587         copy_le16(trailer.comment_length, sha1 ? GIT_SHA1_HEXSZ : 0);
588
589         write_or_die(1, zip_dir.buf, zip_dir.len);
590         if (clamped)
591                 write_zip64_trailer();
592         write_or_die(1, &trailer, ZIP_DIR_TRAILER_SIZE);
593         if (sha1)
594                 write_or_die(1, sha1_to_hex(sha1), GIT_SHA1_HEXSZ);
595 }
596
597 static void dos_time(timestamp_t *timestamp, int *dos_date, int *dos_time)
598 {
599         time_t time;
600         struct tm *t;
601
602         if (date_overflows(*timestamp))
603                 die("timestamp too large for this system: %"PRItime,
604                     *timestamp);
605         time = (time_t)*timestamp;
606         t = localtime(&time);
607         *timestamp = time;
608
609         *dos_date = t->tm_mday + (t->tm_mon + 1) * 32 +
610                     (t->tm_year + 1900 - 1980) * 512;
611         *dos_time = t->tm_sec / 2 + t->tm_min * 32 + t->tm_hour * 2048;
612 }
613
614 static int archive_zip_config(const char *var, const char *value, void *data)
615 {
616         return userdiff_config(var, value);
617 }
618
619 static int write_zip_archive(const struct archiver *ar,
620                              struct archiver_args *args)
621 {
622         int err;
623
624         git_config(archive_zip_config, NULL);
625
626         dos_time(&args->time, &zip_date, &zip_time);
627
628         strbuf_init(&zip_dir, 0);
629
630         err = write_archive_entries(args, write_zip_entry);
631         if (!err)
632                 write_zip_trailer(args->commit_sha1);
633
634         strbuf_release(&zip_dir);
635
636         return err;
637 }
638
639 static struct archiver zip_archiver = {
640         "zip",
641         write_zip_archive,
642         ARCHIVER_WANT_COMPRESSION_LEVELS|ARCHIVER_REMOTE
643 };
644
645 void init_zip_archiver(void)
646 {
647         register_archiver(&zip_archiver);
648 }