X-Git-Url: https://git.octo.it/?a=blobdiff_plain;f=refs.c;h=97506a4ebdfbd164abad6be76d7160db171d9148;hb=69779a562a171d9b70bbb17b89e076bd6b16ae6c;hp=a5c894661090549e1676c7dd26fd2f72eb330d9f;hpb=f69714c38c6f3296a4bfba0d057e0f1605373f49;p=git.git diff --git a/refs.c b/refs.c index a5c89466..97506a4e 100644 --- a/refs.c +++ b/refs.c @@ -3,18 +3,155 @@ #include -static int read_ref(const char *refname, unsigned char *sha1) +/* We allow "recursive" symbolic refs. Only within reason, though */ +#define MAXDEPTH 5 + +#ifndef USE_SYMLINK_HEAD +#define USE_SYMLINK_HEAD 1 +#endif + +int validate_symref(const char *path) +{ + struct stat st; + char *buf, buffer[256]; + int len, fd; + + if (lstat(path, &st) < 0) + return -1; + + /* Make sure it is a "refs/.." symlink */ + if (S_ISLNK(st.st_mode)) { + len = readlink(path, buffer, sizeof(buffer)-1); + if (len >= 5 && !memcmp("refs/", buffer, 5)) + return 0; + return -1; + } + + /* + * Anything else, just open it and try to see if it is a symbolic ref. + */ + fd = open(path, O_RDONLY); + if (fd < 0) + return -1; + len = read(fd, buffer, sizeof(buffer)-1); + close(fd); + + /* + * Is it a symbolic ref? + */ + if (len < 4 || memcmp("ref:", buffer, 4)) + return -1; + buf = buffer + 4; + len -= 4; + while (len && isspace(*buf)) + buf++, len--; + if (len >= 5 && !memcmp("refs/", buf, 5)) + return 0; + return -1; +} + +const char *resolve_ref(const char *path, unsigned char *sha1, int reading) { - int ret = -1; - int fd = open(git_path("%s", refname), O_RDONLY); + int depth = MAXDEPTH, len; + char buffer[256]; + + for (;;) { + struct stat st; + char *buf; + int fd; + + if (--depth < 0) + return NULL; - if (fd >= 0) { - char buffer[60]; - if (read(fd, buffer, sizeof(buffer)) >= 40) - ret = get_sha1_hex(buffer, sha1); + /* Special case: non-existing file. + * Not having the refs/heads/new-branch is OK + * if we are writing into it, so is .git/HEAD + * that points at refs/heads/master still to be + * born. It is NOT OK if we are resolving for + * reading. + */ + if (lstat(path, &st) < 0) { + if (reading || errno != ENOENT) + return NULL; + memset(sha1, 0, 20); + return path; + } + + /* Follow "normalized" - ie "refs/.." symlinks by hand */ + if (S_ISLNK(st.st_mode)) { + len = readlink(path, buffer, sizeof(buffer)-1); + if (len >= 5 && !memcmp("refs/", buffer, 5)) { + path = git_path("%.*s", len, buffer); + continue; + } + } + + /* + * Anything else, just open it and try to use it as + * a ref + */ + fd = open(path, O_RDONLY); + if (fd < 0) + return NULL; + len = read(fd, buffer, sizeof(buffer)-1); close(fd); + + /* + * Is it a symbolic ref? + */ + if (len < 4 || memcmp("ref:", buffer, 4)) + break; + buf = buffer + 4; + len -= 4; + while (len && isspace(*buf)) + buf++, len--; + while (len && isspace(buf[len-1])) + buf[--len] = 0; + path = git_path("%.*s", len, buf); } - return ret; + if (len < 40 || get_sha1_hex(buffer, sha1)) + return NULL; + return path; +} + +int create_symref(const char *git_HEAD, const char *refs_heads_master) +{ +#if USE_SYMLINK_HEAD + unlink(git_HEAD); + return symlink(refs_heads_master, git_HEAD); +#else + const char *lockpath; + char ref[1000]; + int fd, len, written; + + len = snprintf(ref, sizeof(ref), "ref: %s\n", refs_heads_master); + if (sizeof(ref) <= len) { + error("refname too long: %s", refs_heads_master); + return -1; + } + lockpath = mkpath("%s.lock", git_HEAD); + fd = open(lockpath, O_CREAT | O_EXCL | O_WRONLY, 0666); + written = write(fd, ref, len); + close(fd); + if (written != len) { + unlink(lockpath); + error("Unable to write to %s", lockpath); + return -2; + } + if (rename(lockpath, git_HEAD) < 0) { + unlink(lockpath); + error("Unable to create %s", git_HEAD); + return -3; + } + return 0; +#endif +} + +int read_ref(const char *filename, unsigned char *sha1) +{ + if (resolve_ref(filename, sha1, 1)) + return 0; + return -1; } static int do_for_each_ref(const char *base, int (*fn)(const char *path, const unsigned char *sha1)) @@ -46,7 +183,7 @@ static int do_for_each_ref(const char *base, int (*fn)(const char *path, const u if (namelen > 255) continue; memcpy(path + baselen, de->d_name, namelen+1); - if (lstat(git_path("%s", path), &st) < 0) + if (stat(git_path("%s", path), &st) < 0) continue; if (S_ISDIR(st.st_mode)) { retval = do_for_each_ref(path, fn); @@ -54,7 +191,7 @@ static int do_for_each_ref(const char *base, int (*fn)(const char *path, const u break; continue; } - if (read_ref(path, sha1) < 0) + if (read_ref(git_path("%s", path), sha1) < 0) continue; if (!has_sha1_file(sha1)) continue; @@ -71,7 +208,7 @@ static int do_for_each_ref(const char *base, int (*fn)(const char *path, const u int head_ref(int (*fn)(const char *path, const unsigned char *sha1)) { unsigned char sha1[20]; - if (!read_ref("HEAD", sha1)) + if (!read_ref(git_path("HEAD"), sha1)) return fn("HEAD", sha1); return 0; } @@ -101,33 +238,14 @@ static char *ref_lock_file_name(const char *ref) return ret; } -static int read_ref_file(const char *filename, unsigned char *sha1) { - int fd = open(filename, O_RDONLY); - char hex[41]; - if (fd < 0) { - return error("Couldn't open %s\n", filename); - } - if ((read(fd, hex, 41) < 41) || - (hex[40] != '\n') || - get_sha1_hex(hex, sha1)) { - error("Couldn't read a hash from %s\n", filename); - close(fd); - return -1; - } - close(fd); - return 0; -} - int get_ref_sha1(const char *ref, unsigned char *sha1) { - char *filename; - int retval; + const char *filename; + if (check_ref_format(ref)) return -1; - filename = ref_file_name(ref); - retval = read_ref_file(filename, sha1); - free(filename); - return retval; + filename = git_path("refs/%s", ref); + return read_ref(filename, sha1); } static int lock_ref_file(const char *filename, const char *lock_filename, @@ -140,7 +258,7 @@ static int lock_ref_file(const char *filename, const char *lock_filename, return error("Couldn't open lock file for %s: %s", filename, strerror(errno)); } - retval = read_ref_file(filename, current_sha1); + retval = read_ref(filename, current_sha1); if (old_sha1) { if (retval) { close(fd); @@ -216,17 +334,54 @@ int write_ref_sha1(const char *ref, int fd, const unsigned char *sha1) return retval; } +/* + * Make sure "ref" is something reasonable to have under ".git/refs/"; + * We do not like it if: + * + * - any path component of it begins with ".", or + * - it has double dots "..", or + * - it has ASCII control character, "~", "^", ":" or SP, anywhere, or + * - it ends with a "/". + */ + +static inline int bad_ref_char(int ch) +{ + return (((unsigned) ch) <= ' ' || + ch == '~' || ch == '^' || ch == ':'); +} + int check_ref_format(const char *ref) { - char *middle; - if (ref[0] == '.' || ref[0] == '/') - return -1; - middle = strchr(ref, '/'); - if (!middle || !middle[1]) - return -1; - if (strchr(middle + 1, '/')) - return -1; - return 0; + int ch, level; + const char *cp = ref; + + level = 0; + while (1) { + while ((ch = *cp++) == '/') + ; /* tolerate duplicated slashes */ + if (!ch) + return -1; /* should not end with slashes */ + + /* we are at the beginning of the path component */ + if (ch == '.' || bad_ref_char(ch)) + return -1; + + /* scan the rest of the path component */ + while ((ch = *cp++) != 0) { + if (bad_ref_char(ch)) + return -1; + if (ch == '/') + break; + if (ch == '.' && *cp == '.') + return -1; + } + level++; + if (!ch) { + if (level < 2) + return -1; /* at least of form "heads/blah" */ + return 0; + } + } } int write_ref_sha1_unlocked(const char *ref, const unsigned char *sha1)