quickfetch(): Prevent overflow of the rev-list command line
[git] / upload-pack.c
1 #include "cache.h"
2 #include "refs.h"
3 #include "pkt-line.h"
4 #include "sideband.h"
5 #include "tag.h"
6 #include "object.h"
7 #include "commit.h"
8 #include "exec_cmd.h"
9 #include "diff.h"
10 #include "revision.h"
11 #include "list-objects.h"
12 #include "run-command.h"
13
14 static const char upload_pack_usage[] = "git upload-pack [--strict] [--timeout=nn] <dir>";
15
16 /* bits #0..7 in revision.h, #8..10 in commit.c */
17 #define THEY_HAVE       (1u << 11)
18 #define OUR_REF         (1u << 12)
19 #define WANTED          (1u << 13)
20 #define COMMON_KNOWN    (1u << 14)
21 #define REACHABLE       (1u << 15)
22
23 #define SHALLOW         (1u << 16)
24 #define NOT_SHALLOW     (1u << 17)
25 #define CLIENT_SHALLOW  (1u << 18)
26
27 static unsigned long oldest_have;
28
29 static int multi_ack, nr_our_refs;
30 static int use_thin_pack, use_ofs_delta, use_include_tag;
31 static int no_progress, daemon_mode;
32 static struct object_array have_obj;
33 static struct object_array want_obj;
34 static unsigned int timeout;
35 /* 0 for no sideband,
36  * otherwise maximum packet size (up to 65520 bytes).
37  */
38 static int use_sideband;
39 static int debug_fd;
40
41 static void reset_timeout(void)
42 {
43         alarm(timeout);
44 }
45
46 static int strip(char *line, int len)
47 {
48         if (len && line[len-1] == '\n')
49                 line[--len] = 0;
50         return len;
51 }
52
53 static ssize_t send_client_data(int fd, const char *data, ssize_t sz)
54 {
55         if (use_sideband)
56                 return send_sideband(1, fd, data, sz, use_sideband);
57         if (fd == 3)
58                 /* emergency quit */
59                 fd = 2;
60         if (fd == 2) {
61                 /* XXX: are we happy to lose stuff here? */
62                 xwrite(fd, data, sz);
63                 return sz;
64         }
65         return safe_write(fd, data, sz);
66 }
67
68 static FILE *pack_pipe = NULL;
69 static void show_commit(struct commit *commit, void *data)
70 {
71         if (commit->object.flags & BOUNDARY)
72                 fputc('-', pack_pipe);
73         if (fputs(sha1_to_hex(commit->object.sha1), pack_pipe) < 0)
74                 die("broken output pipe");
75         fputc('\n', pack_pipe);
76         fflush(pack_pipe);
77         free(commit->buffer);
78         commit->buffer = NULL;
79 }
80
81 static void show_object(struct object *obj, const struct name_path *path, const char *component)
82 {
83         /* An object with name "foo\n0000000..." can be used to
84          * confuse downstream git-pack-objects very badly.
85          */
86         const char *name = path_name(path, component);
87         const char *ep = strchr(name, '\n');
88         if (ep) {
89                 fprintf(pack_pipe, "%s %.*s\n", sha1_to_hex(obj->sha1),
90                        (int) (ep - name),
91                        name);
92         }
93         else
94                 fprintf(pack_pipe, "%s %s\n",
95                                 sha1_to_hex(obj->sha1), name);
96         free((char *)name);
97 }
98
99 static void show_edge(struct commit *commit)
100 {
101         fprintf(pack_pipe, "-%s\n", sha1_to_hex(commit->object.sha1));
102 }
103
104 static int do_rev_list(int fd, void *create_full_pack)
105 {
106         int i;
107         struct rev_info revs;
108
109         pack_pipe = fdopen(fd, "w");
110         if (create_full_pack)
111                 use_thin_pack = 0; /* no point doing it */
112         init_revisions(&revs, NULL);
113         revs.tag_objects = 1;
114         revs.tree_objects = 1;
115         revs.blob_objects = 1;
116         if (use_thin_pack)
117                 revs.edge_hint = 1;
118
119         if (create_full_pack) {
120                 const char *args[] = {"rev-list", "--all", NULL};
121                 setup_revisions(2, args, &revs, NULL);
122         } else {
123                 for (i = 0; i < want_obj.nr; i++) {
124                         struct object *o = want_obj.objects[i].item;
125                         /* why??? */
126                         o->flags &= ~UNINTERESTING;
127                         add_pending_object(&revs, o, NULL);
128                 }
129                 for (i = 0; i < have_obj.nr; i++) {
130                         struct object *o = have_obj.objects[i].item;
131                         o->flags |= UNINTERESTING;
132                         add_pending_object(&revs, o, NULL);
133                 }
134                 setup_revisions(0, NULL, &revs, NULL);
135         }
136         if (prepare_revision_walk(&revs))
137                 die("revision walk setup failed");
138         mark_edges_uninteresting(revs.commits, &revs, show_edge);
139         traverse_commit_list(&revs, show_commit, show_object, NULL);
140         fflush(pack_pipe);
141         fclose(pack_pipe);
142         return 0;
143 }
144
145 static void create_pack_file(void)
146 {
147         struct async rev_list;
148         struct child_process pack_objects;
149         int create_full_pack = (nr_our_refs == want_obj.nr && !have_obj.nr);
150         char data[8193], progress[128];
151         char abort_msg[] = "aborting due to possible repository "
152                 "corruption on the remote side.";
153         int buffered = -1;
154         ssize_t sz;
155         const char *argv[10];
156         int arg = 0;
157
158         rev_list.proc = do_rev_list;
159         /* .data is just a boolean: any non-NULL value will do */
160         rev_list.data = create_full_pack ? &rev_list : NULL;
161         if (start_async(&rev_list))
162                 die("git upload-pack: unable to fork git-rev-list");
163
164         argv[arg++] = "pack-objects";
165         argv[arg++] = "--stdout";
166         if (!no_progress)
167                 argv[arg++] = "--progress";
168         if (use_ofs_delta)
169                 argv[arg++] = "--delta-base-offset";
170         if (use_include_tag)
171                 argv[arg++] = "--include-tag";
172         argv[arg++] = NULL;
173
174         memset(&pack_objects, 0, sizeof(pack_objects));
175         pack_objects.in = rev_list.out; /* start_command closes it */
176         pack_objects.out = -1;
177         pack_objects.err = -1;
178         pack_objects.git_cmd = 1;
179         pack_objects.argv = argv;
180
181         if (start_command(&pack_objects))
182                 die("git upload-pack: unable to fork git-pack-objects");
183
184         /* We read from pack_objects.err to capture stderr output for
185          * progress bar, and pack_objects.out to capture the pack data.
186          */
187
188         while (1) {
189                 struct pollfd pfd[2];
190                 int pe, pu, pollsize;
191
192                 reset_timeout();
193
194                 pollsize = 0;
195                 pe = pu = -1;
196
197                 if (0 <= pack_objects.out) {
198                         pfd[pollsize].fd = pack_objects.out;
199                         pfd[pollsize].events = POLLIN;
200                         pu = pollsize;
201                         pollsize++;
202                 }
203                 if (0 <= pack_objects.err) {
204                         pfd[pollsize].fd = pack_objects.err;
205                         pfd[pollsize].events = POLLIN;
206                         pe = pollsize;
207                         pollsize++;
208                 }
209
210                 if (!pollsize)
211                         break;
212
213                 if (poll(pfd, pollsize, -1) < 0) {
214                         if (errno != EINTR) {
215                                 error("poll failed, resuming: %s",
216                                       strerror(errno));
217                                 sleep(1);
218                         }
219                         continue;
220                 }
221                 if (0 <= pu && (pfd[pu].revents & (POLLIN|POLLHUP))) {
222                         /* Data ready; we keep the last byte to ourselves
223                          * in case we detect broken rev-list, so that we
224                          * can leave the stream corrupted.  This is
225                          * unfortunate -- unpack-objects would happily
226                          * accept a valid packdata with trailing garbage,
227                          * so appending garbage after we pass all the
228                          * pack data is not good enough to signal
229                          * breakage to downstream.
230                          */
231                         char *cp = data;
232                         ssize_t outsz = 0;
233                         if (0 <= buffered) {
234                                 *cp++ = buffered;
235                                 outsz++;
236                         }
237                         sz = xread(pack_objects.out, cp,
238                                   sizeof(data) - outsz);
239                         if (0 < sz)
240                                         ;
241                         else if (sz == 0) {
242                                 close(pack_objects.out);
243                                 pack_objects.out = -1;
244                         }
245                         else
246                                 goto fail;
247                         sz += outsz;
248                         if (1 < sz) {
249                                 buffered = data[sz-1] & 0xFF;
250                                 sz--;
251                         }
252                         else
253                                 buffered = -1;
254                         sz = send_client_data(1, data, sz);
255                         if (sz < 0)
256                                 goto fail;
257                 }
258                 if (0 <= pe && (pfd[pe].revents & (POLLIN|POLLHUP))) {
259                         /* Status ready; we ship that in the side-band
260                          * or dump to the standard error.
261                          */
262                         sz = xread(pack_objects.err, progress,
263                                   sizeof(progress));
264                         if (0 < sz)
265                                 send_client_data(2, progress, sz);
266                         else if (sz == 0) {
267                                 close(pack_objects.err);
268                                 pack_objects.err = -1;
269                         }
270                         else
271                                 goto fail;
272                 }
273         }
274
275         if (finish_command(&pack_objects)) {
276                 error("git upload-pack: git-pack-objects died with error.");
277                 goto fail;
278         }
279         if (finish_async(&rev_list))
280                 goto fail;      /* error was already reported */
281
282         /* flush the data */
283         if (0 <= buffered) {
284                 data[0] = buffered;
285                 sz = send_client_data(1, data, 1);
286                 if (sz < 0)
287                         goto fail;
288                 fprintf(stderr, "flushed.\n");
289         }
290         if (use_sideband)
291                 packet_flush(1);
292         return;
293
294  fail:
295         send_client_data(3, abort_msg, sizeof(abort_msg));
296         die("git upload-pack: %s", abort_msg);
297 }
298
299 static int got_sha1(char *hex, unsigned char *sha1)
300 {
301         struct object *o;
302         int we_knew_they_have = 0;
303
304         if (get_sha1_hex(hex, sha1))
305                 die("git upload-pack: expected SHA1 object, got '%s'", hex);
306         if (!has_sha1_file(sha1))
307                 return -1;
308
309         o = lookup_object(sha1);
310         if (!(o && o->parsed))
311                 o = parse_object(sha1);
312         if (!o)
313                 die("oops (%s)", sha1_to_hex(sha1));
314         if (o->type == OBJ_COMMIT) {
315                 struct commit_list *parents;
316                 struct commit *commit = (struct commit *)o;
317                 if (o->flags & THEY_HAVE)
318                         we_knew_they_have = 1;
319                 else
320                         o->flags |= THEY_HAVE;
321                 if (!oldest_have || (commit->date < oldest_have))
322                         oldest_have = commit->date;
323                 for (parents = commit->parents;
324                      parents;
325                      parents = parents->next)
326                         parents->item->object.flags |= THEY_HAVE;
327         }
328         if (!we_knew_they_have) {
329                 add_object_array(o, NULL, &have_obj);
330                 return 1;
331         }
332         return 0;
333 }
334
335 static int reachable(struct commit *want)
336 {
337         struct commit_list *work = NULL;
338
339         insert_by_date(want, &work);
340         while (work) {
341                 struct commit_list *list = work->next;
342                 struct commit *commit = work->item;
343                 free(work);
344                 work = list;
345
346                 if (commit->object.flags & THEY_HAVE) {
347                         want->object.flags |= COMMON_KNOWN;
348                         break;
349                 }
350                 if (!commit->object.parsed)
351                         parse_object(commit->object.sha1);
352                 if (commit->object.flags & REACHABLE)
353                         continue;
354                 commit->object.flags |= REACHABLE;
355                 if (commit->date < oldest_have)
356                         continue;
357                 for (list = commit->parents; list; list = list->next) {
358                         struct commit *parent = list->item;
359                         if (!(parent->object.flags & REACHABLE))
360                                 insert_by_date(parent, &work);
361                 }
362         }
363         want->object.flags |= REACHABLE;
364         clear_commit_marks(want, REACHABLE);
365         free_commit_list(work);
366         return (want->object.flags & COMMON_KNOWN);
367 }
368
369 static int ok_to_give_up(void)
370 {
371         int i;
372
373         if (!have_obj.nr)
374                 return 0;
375
376         for (i = 0; i < want_obj.nr; i++) {
377                 struct object *want = want_obj.objects[i].item;
378
379                 if (want->flags & COMMON_KNOWN)
380                         continue;
381                 want = deref_tag(want, "a want line", 0);
382                 if (!want || want->type != OBJ_COMMIT) {
383                         /* no way to tell if this is reachable by
384                          * looking at the ancestry chain alone, so
385                          * leave a note to ourselves not to worry about
386                          * this object anymore.
387                          */
388                         want_obj.objects[i].item->flags |= COMMON_KNOWN;
389                         continue;
390                 }
391                 if (!reachable((struct commit *)want))
392                         return 0;
393         }
394         return 1;
395 }
396
397 static int get_common_commits(void)
398 {
399         static char line[1000];
400         unsigned char sha1[20];
401         char hex[41], last_hex[41];
402
403         save_commit_buffer = 0;
404
405         for(;;) {
406                 int len = packet_read_line(0, line, sizeof(line));
407                 reset_timeout();
408
409                 if (!len) {
410                         if (have_obj.nr == 0 || multi_ack)
411                                 packet_write(1, "NAK\n");
412                         continue;
413                 }
414                 strip(line, len);
415                 if (!prefixcmp(line, "have ")) {
416                         switch (got_sha1(line+5, sha1)) {
417                         case -1: /* they have what we do not */
418                                 if (multi_ack && ok_to_give_up())
419                                         packet_write(1, "ACK %s continue\n",
420                                                      sha1_to_hex(sha1));
421                                 break;
422                         default:
423                                 memcpy(hex, sha1_to_hex(sha1), 41);
424                                 if (multi_ack) {
425                                         const char *msg = "ACK %s continue\n";
426                                         packet_write(1, msg, hex);
427                                         memcpy(last_hex, hex, 41);
428                                 }
429                                 else if (have_obj.nr == 1)
430                                         packet_write(1, "ACK %s\n", hex);
431                                 break;
432                         }
433                         continue;
434                 }
435                 if (!strcmp(line, "done")) {
436                         if (have_obj.nr > 0) {
437                                 if (multi_ack)
438                                         packet_write(1, "ACK %s\n", last_hex);
439                                 return 0;
440                         }
441                         packet_write(1, "NAK\n");
442                         return -1;
443                 }
444                 die("git upload-pack: expected SHA1 list, got '%s'", line);
445         }
446 }
447
448 static void receive_needs(void)
449 {
450         struct object_array shallows = {0, 0, NULL};
451         static char line[1000];
452         int len, depth = 0;
453
454         if (debug_fd)
455                 write_in_full(debug_fd, "#S\n", 3);
456         for (;;) {
457                 struct object *o;
458                 unsigned char sha1_buf[20];
459                 len = packet_read_line(0, line, sizeof(line));
460                 reset_timeout();
461                 if (!len)
462                         break;
463                 if (debug_fd)
464                         write_in_full(debug_fd, line, len);
465
466                 if (!prefixcmp(line, "shallow ")) {
467                         unsigned char sha1[20];
468                         struct object *object;
469                         use_thin_pack = 0;
470                         if (get_sha1(line + 8, sha1))
471                                 die("invalid shallow line: %s", line);
472                         object = parse_object(sha1);
473                         if (!object)
474                                 die("did not find object for %s", line);
475                         object->flags |= CLIENT_SHALLOW;
476                         add_object_array(object, NULL, &shallows);
477                         continue;
478                 }
479                 if (!prefixcmp(line, "deepen ")) {
480                         char *end;
481                         use_thin_pack = 0;
482                         depth = strtol(line + 7, &end, 0);
483                         if (end == line + 7 || depth <= 0)
484                                 die("Invalid deepen: %s", line);
485                         continue;
486                 }
487                 if (prefixcmp(line, "want ") ||
488                     get_sha1_hex(line+5, sha1_buf))
489                         die("git upload-pack: protocol error, "
490                             "expected to get sha, not '%s'", line);
491                 if (strstr(line+45, "multi_ack"))
492                         multi_ack = 1;
493                 if (strstr(line+45, "thin-pack"))
494                         use_thin_pack = 1;
495                 if (strstr(line+45, "ofs-delta"))
496                         use_ofs_delta = 1;
497                 if (strstr(line+45, "side-band-64k"))
498                         use_sideband = LARGE_PACKET_MAX;
499                 else if (strstr(line+45, "side-band"))
500                         use_sideband = DEFAULT_PACKET_MAX;
501                 if (strstr(line+45, "no-progress"))
502                         no_progress = 1;
503                 if (strstr(line+45, "include-tag"))
504                         use_include_tag = 1;
505
506                 /* We have sent all our refs already, and the other end
507                  * should have chosen out of them; otherwise they are
508                  * asking for nonsense.
509                  *
510                  * Hmph.  We may later want to allow "want" line that
511                  * asks for something like "master~10" (symbolic)...
512                  * would it make sense?  I don't know.
513                  */
514                 o = lookup_object(sha1_buf);
515                 if (!o || !(o->flags & OUR_REF))
516                         die("git upload-pack: not our ref %s", line+5);
517                 if (!(o->flags & WANTED)) {
518                         o->flags |= WANTED;
519                         add_object_array(o, NULL, &want_obj);
520                 }
521         }
522         if (debug_fd)
523                 write_in_full(debug_fd, "#E\n", 3);
524
525         if (!use_sideband && daemon_mode)
526                 no_progress = 1;
527
528         if (depth == 0 && shallows.nr == 0)
529                 return;
530         if (depth > 0) {
531                 struct commit_list *result, *backup;
532                 int i;
533                 backup = result = get_shallow_commits(&want_obj, depth,
534                         SHALLOW, NOT_SHALLOW);
535                 while (result) {
536                         struct object *object = &result->item->object;
537                         if (!(object->flags & (CLIENT_SHALLOW|NOT_SHALLOW))) {
538                                 packet_write(1, "shallow %s",
539                                                 sha1_to_hex(object->sha1));
540                                 register_shallow(object->sha1);
541                         }
542                         result = result->next;
543                 }
544                 free_commit_list(backup);
545                 for (i = 0; i < shallows.nr; i++) {
546                         struct object *object = shallows.objects[i].item;
547                         if (object->flags & NOT_SHALLOW) {
548                                 struct commit_list *parents;
549                                 packet_write(1, "unshallow %s",
550                                         sha1_to_hex(object->sha1));
551                                 object->flags &= ~CLIENT_SHALLOW;
552                                 /* make sure the real parents are parsed */
553                                 unregister_shallow(object->sha1);
554                                 object->parsed = 0;
555                                 if (parse_commit((struct commit *)object))
556                                         die("invalid commit");
557                                 parents = ((struct commit *)object)->parents;
558                                 while (parents) {
559                                         add_object_array(&parents->item->object,
560                                                         NULL, &want_obj);
561                                         parents = parents->next;
562                                 }
563                         }
564                         /* make sure commit traversal conforms to client */
565                         register_shallow(object->sha1);
566                 }
567                 packet_flush(1);
568         } else
569                 if (shallows.nr > 0) {
570                         int i;
571                         for (i = 0; i < shallows.nr; i++)
572                                 register_shallow(shallows.objects[i].item->sha1);
573                 }
574         free(shallows.objects);
575 }
576
577 static int send_ref(const char *refname, const unsigned char *sha1, int flag, void *cb_data)
578 {
579         static const char *capabilities = "multi_ack thin-pack side-band"
580                 " side-band-64k ofs-delta shallow no-progress"
581                 " include-tag";
582         struct object *o = parse_object(sha1);
583
584         if (!o)
585                 die("git upload-pack: cannot find object %s:", sha1_to_hex(sha1));
586
587         if (capabilities)
588                 packet_write(1, "%s %s%c%s\n", sha1_to_hex(sha1), refname,
589                         0, capabilities);
590         else
591                 packet_write(1, "%s %s\n", sha1_to_hex(sha1), refname);
592         capabilities = NULL;
593         if (!(o->flags & OUR_REF)) {
594                 o->flags |= OUR_REF;
595                 nr_our_refs++;
596         }
597         if (o->type == OBJ_TAG) {
598                 o = deref_tag(o, refname, 0);
599                 if (o)
600                         packet_write(1, "%s %s^{}\n", sha1_to_hex(o->sha1), refname);
601         }
602         return 0;
603 }
604
605 static void upload_pack(void)
606 {
607         reset_timeout();
608         head_ref(send_ref, NULL);
609         for_each_ref(send_ref, NULL);
610         packet_flush(1);
611         receive_needs();
612         if (want_obj.nr) {
613                 get_common_commits();
614                 create_pack_file();
615         }
616 }
617
618 int main(int argc, char **argv)
619 {
620         char *dir;
621         int i;
622         int strict = 0;
623
624         git_extract_argv0_path(argv[0]);
625
626         for (i = 1; i < argc; i++) {
627                 char *arg = argv[i];
628
629                 if (arg[0] != '-')
630                         break;
631                 if (!strcmp(arg, "--strict")) {
632                         strict = 1;
633                         continue;
634                 }
635                 if (!prefixcmp(arg, "--timeout=")) {
636                         timeout = atoi(arg+10);
637                         daemon_mode = 1;
638                         continue;
639                 }
640                 if (!strcmp(arg, "--")) {
641                         i++;
642                         break;
643                 }
644         }
645
646         if (i != argc-1)
647                 usage(upload_pack_usage);
648
649         setup_path();
650
651         dir = argv[i];
652
653         if (!enter_repo(dir, strict))
654                 die("'%s' does not appear to be a git repository", dir);
655         if (is_repository_shallow())
656                 die("attempt to fetch/clone from a shallow repository");
657         if (getenv("GIT_DEBUG_SEND_PACK"))
658                 debug_fd = atoi(getenv("GIT_DEBUG_SEND_PACK"));
659         upload_pack();
660         return 0;
661 }