mirror of
https://github.com/git/git
synced 2024-11-05 04:53:18 +00:00
4f215d214f
* fixes/2.45.1/2.40: Revert "fsck: warn about symlink pointing inside a gitdir" Revert "Add a helper function to compare file contents" clone: drop the protections where hooks aren't run tests: verify that `clone -c core.hooksPath=/dev/null` works again Revert "core.hooksPath: add some protection while cloning" init: use the correct path of the templates directory again hook: plug a new memory leak ci: stop installing "gcc-13" for osx-gcc ci: avoid bare "gcc" for osx-gcc job ci: drop mention of BREW_INSTALL_PACKAGES variable send-email: avoid creating more than one Term::ReadLine object send-email: drop FakeTerm hack
1416 lines
37 KiB
C
1416 lines
37 KiB
C
#include "git-compat-util.h"
|
|
#include "alloc.h"
|
|
#include "date.h"
|
|
#include "hex.h"
|
|
#include "object-store.h"
|
|
#include "repository.h"
|
|
#include "object.h"
|
|
#include "attr.h"
|
|
#include "blob.h"
|
|
#include "tree.h"
|
|
#include "tree-walk.h"
|
|
#include "commit.h"
|
|
#include "tag.h"
|
|
#include "fsck.h"
|
|
#include "refs.h"
|
|
#include "url.h"
|
|
#include "utf8.h"
|
|
#include "decorate.h"
|
|
#include "oidset.h"
|
|
#include "packfile.h"
|
|
#include "submodule-config.h"
|
|
#include "config.h"
|
|
#include "credential.h"
|
|
#include "help.h"
|
|
|
|
#define STR(x) #x
|
|
#define MSG_ID(id, msg_type) { STR(id), NULL, NULL, FSCK_##msg_type },
|
|
static struct {
|
|
const char *id_string;
|
|
const char *downcased;
|
|
const char *camelcased;
|
|
enum fsck_msg_type msg_type;
|
|
} msg_id_info[FSCK_MSG_MAX + 1] = {
|
|
FOREACH_FSCK_MSG_ID(MSG_ID)
|
|
{ NULL, NULL, NULL, -1 }
|
|
};
|
|
#undef MSG_ID
|
|
#undef STR
|
|
|
|
static void prepare_msg_ids(void)
|
|
{
|
|
int i;
|
|
|
|
if (msg_id_info[0].downcased)
|
|
return;
|
|
|
|
/* convert id_string to lower case, without underscores. */
|
|
for (i = 0; i < FSCK_MSG_MAX; i++) {
|
|
const char *p = msg_id_info[i].id_string;
|
|
int len = strlen(p);
|
|
char *q = xmalloc(len);
|
|
|
|
msg_id_info[i].downcased = q;
|
|
while (*p)
|
|
if (*p == '_')
|
|
p++;
|
|
else
|
|
*(q)++ = tolower(*(p)++);
|
|
*q = '\0';
|
|
|
|
p = msg_id_info[i].id_string;
|
|
q = xmalloc(len);
|
|
msg_id_info[i].camelcased = q;
|
|
while (*p) {
|
|
if (*p == '_') {
|
|
p++;
|
|
if (*p)
|
|
*q++ = *p++;
|
|
} else {
|
|
*q++ = tolower(*p++);
|
|
}
|
|
}
|
|
*q = '\0';
|
|
}
|
|
}
|
|
|
|
static int parse_msg_id(const char *text)
|
|
{
|
|
int i;
|
|
|
|
prepare_msg_ids();
|
|
|
|
for (i = 0; i < FSCK_MSG_MAX; i++)
|
|
if (!strcmp(text, msg_id_info[i].downcased))
|
|
return i;
|
|
|
|
return -1;
|
|
}
|
|
|
|
void list_config_fsck_msg_ids(struct string_list *list, const char *prefix)
|
|
{
|
|
int i;
|
|
|
|
prepare_msg_ids();
|
|
|
|
for (i = 0; i < FSCK_MSG_MAX; i++)
|
|
list_config_item(list, prefix, msg_id_info[i].camelcased);
|
|
}
|
|
|
|
static enum fsck_msg_type fsck_msg_type(enum fsck_msg_id msg_id,
|
|
struct fsck_options *options)
|
|
{
|
|
assert(msg_id >= 0 && msg_id < FSCK_MSG_MAX);
|
|
|
|
if (!options->msg_type) {
|
|
enum fsck_msg_type msg_type = msg_id_info[msg_id].msg_type;
|
|
|
|
if (options->strict && msg_type == FSCK_WARN)
|
|
msg_type = FSCK_ERROR;
|
|
return msg_type;
|
|
}
|
|
|
|
return options->msg_type[msg_id];
|
|
}
|
|
|
|
static enum fsck_msg_type parse_msg_type(const char *str)
|
|
{
|
|
if (!strcmp(str, "error"))
|
|
return FSCK_ERROR;
|
|
else if (!strcmp(str, "warn"))
|
|
return FSCK_WARN;
|
|
else if (!strcmp(str, "ignore"))
|
|
return FSCK_IGNORE;
|
|
else
|
|
die("Unknown fsck message type: '%s'", str);
|
|
}
|
|
|
|
int is_valid_msg_type(const char *msg_id, const char *msg_type)
|
|
{
|
|
if (parse_msg_id(msg_id) < 0)
|
|
return 0;
|
|
parse_msg_type(msg_type);
|
|
return 1;
|
|
}
|
|
|
|
void fsck_set_msg_type_from_ids(struct fsck_options *options,
|
|
enum fsck_msg_id msg_id,
|
|
enum fsck_msg_type msg_type)
|
|
{
|
|
if (!options->msg_type) {
|
|
int i;
|
|
enum fsck_msg_type *severity;
|
|
ALLOC_ARRAY(severity, FSCK_MSG_MAX);
|
|
for (i = 0; i < FSCK_MSG_MAX; i++)
|
|
severity[i] = fsck_msg_type(i, options);
|
|
options->msg_type = severity;
|
|
}
|
|
|
|
options->msg_type[msg_id] = msg_type;
|
|
}
|
|
|
|
void fsck_set_msg_type(struct fsck_options *options,
|
|
const char *msg_id_str, const char *msg_type_str)
|
|
{
|
|
int msg_id = parse_msg_id(msg_id_str);
|
|
enum fsck_msg_type msg_type = parse_msg_type(msg_type_str);
|
|
|
|
if (msg_id < 0)
|
|
die("Unhandled message id: %s", msg_id_str);
|
|
|
|
if (msg_type != FSCK_ERROR && msg_id_info[msg_id].msg_type == FSCK_FATAL)
|
|
die("Cannot demote %s to %s", msg_id_str, msg_type_str);
|
|
|
|
fsck_set_msg_type_from_ids(options, msg_id, msg_type);
|
|
}
|
|
|
|
void fsck_set_msg_types(struct fsck_options *options, const char *values)
|
|
{
|
|
char *buf = xstrdup(values), *to_free = buf;
|
|
int done = 0;
|
|
|
|
while (!done) {
|
|
int len = strcspn(buf, " ,|"), equal;
|
|
|
|
done = !buf[len];
|
|
if (!len) {
|
|
buf++;
|
|
continue;
|
|
}
|
|
buf[len] = '\0';
|
|
|
|
for (equal = 0;
|
|
equal < len && buf[equal] != '=' && buf[equal] != ':';
|
|
equal++)
|
|
buf[equal] = tolower(buf[equal]);
|
|
buf[equal] = '\0';
|
|
|
|
if (!strcmp(buf, "skiplist")) {
|
|
if (equal == len)
|
|
die("skiplist requires a path");
|
|
oidset_parse_file(&options->skiplist, buf + equal + 1);
|
|
buf += len + 1;
|
|
continue;
|
|
}
|
|
|
|
if (equal == len)
|
|
die("Missing '=': '%s'", buf);
|
|
|
|
fsck_set_msg_type(options, buf, buf + equal + 1);
|
|
buf += len + 1;
|
|
}
|
|
free(to_free);
|
|
}
|
|
|
|
static int object_on_skiplist(struct fsck_options *opts,
|
|
const struct object_id *oid)
|
|
{
|
|
return opts && oid && oidset_contains(&opts->skiplist, oid);
|
|
}
|
|
|
|
__attribute__((format (printf, 5, 6)))
|
|
static int report(struct fsck_options *options,
|
|
const struct object_id *oid, enum object_type object_type,
|
|
enum fsck_msg_id msg_id, const char *fmt, ...)
|
|
{
|
|
va_list ap;
|
|
struct strbuf sb = STRBUF_INIT;
|
|
enum fsck_msg_type msg_type = fsck_msg_type(msg_id, options);
|
|
int result;
|
|
|
|
if (msg_type == FSCK_IGNORE)
|
|
return 0;
|
|
|
|
if (object_on_skiplist(options, oid))
|
|
return 0;
|
|
|
|
if (msg_type == FSCK_FATAL)
|
|
msg_type = FSCK_ERROR;
|
|
else if (msg_type == FSCK_INFO)
|
|
msg_type = FSCK_WARN;
|
|
|
|
prepare_msg_ids();
|
|
strbuf_addf(&sb, "%s: ", msg_id_info[msg_id].camelcased);
|
|
|
|
va_start(ap, fmt);
|
|
strbuf_vaddf(&sb, fmt, ap);
|
|
result = options->error_func(options, oid, object_type,
|
|
msg_type, msg_id, sb.buf);
|
|
strbuf_release(&sb);
|
|
va_end(ap);
|
|
|
|
return result;
|
|
}
|
|
|
|
void fsck_enable_object_names(struct fsck_options *options)
|
|
{
|
|
if (!options->object_names)
|
|
options->object_names = kh_init_oid_map();
|
|
}
|
|
|
|
const char *fsck_get_object_name(struct fsck_options *options,
|
|
const struct object_id *oid)
|
|
{
|
|
khiter_t pos;
|
|
if (!options->object_names)
|
|
return NULL;
|
|
pos = kh_get_oid_map(options->object_names, *oid);
|
|
if (pos >= kh_end(options->object_names))
|
|
return NULL;
|
|
return kh_value(options->object_names, pos);
|
|
}
|
|
|
|
void fsck_put_object_name(struct fsck_options *options,
|
|
const struct object_id *oid,
|
|
const char *fmt, ...)
|
|
{
|
|
va_list ap;
|
|
struct strbuf buf = STRBUF_INIT;
|
|
khiter_t pos;
|
|
int hashret;
|
|
|
|
if (!options->object_names)
|
|
return;
|
|
|
|
pos = kh_put_oid_map(options->object_names, *oid, &hashret);
|
|
if (!hashret)
|
|
return;
|
|
va_start(ap, fmt);
|
|
strbuf_vaddf(&buf, fmt, ap);
|
|
kh_value(options->object_names, pos) = strbuf_detach(&buf, NULL);
|
|
va_end(ap);
|
|
}
|
|
|
|
const char *fsck_describe_object(struct fsck_options *options,
|
|
const struct object_id *oid)
|
|
{
|
|
static struct strbuf bufs[] = {
|
|
STRBUF_INIT, STRBUF_INIT, STRBUF_INIT, STRBUF_INIT
|
|
};
|
|
static int b = 0;
|
|
struct strbuf *buf;
|
|
const char *name = fsck_get_object_name(options, oid);
|
|
|
|
buf = bufs + b;
|
|
b = (b + 1) % ARRAY_SIZE(bufs);
|
|
strbuf_reset(buf);
|
|
strbuf_addstr(buf, oid_to_hex(oid));
|
|
if (name)
|
|
strbuf_addf(buf, " (%s)", name);
|
|
|
|
return buf->buf;
|
|
}
|
|
|
|
static int fsck_walk_tree(struct tree *tree, void *data, struct fsck_options *options)
|
|
{
|
|
struct tree_desc desc;
|
|
struct name_entry entry;
|
|
int res = 0;
|
|
const char *name;
|
|
|
|
if (parse_tree(tree))
|
|
return -1;
|
|
|
|
name = fsck_get_object_name(options, &tree->object.oid);
|
|
if (init_tree_desc_gently(&desc, tree->buffer, tree->size, 0))
|
|
return -1;
|
|
while (tree_entry_gently(&desc, &entry)) {
|
|
struct object *obj;
|
|
int result;
|
|
|
|
if (S_ISGITLINK(entry.mode))
|
|
continue;
|
|
|
|
if (S_ISDIR(entry.mode)) {
|
|
obj = (struct object *)lookup_tree(the_repository, &entry.oid);
|
|
if (name && obj)
|
|
fsck_put_object_name(options, &entry.oid, "%s%s/",
|
|
name, entry.path);
|
|
result = options->walk(obj, OBJ_TREE, data, options);
|
|
}
|
|
else if (S_ISREG(entry.mode) || S_ISLNK(entry.mode)) {
|
|
obj = (struct object *)lookup_blob(the_repository, &entry.oid);
|
|
if (name && obj)
|
|
fsck_put_object_name(options, &entry.oid, "%s%s",
|
|
name, entry.path);
|
|
result = options->walk(obj, OBJ_BLOB, data, options);
|
|
}
|
|
else {
|
|
result = error("in tree %s: entry %s has bad mode %.6o",
|
|
fsck_describe_object(options, &tree->object.oid),
|
|
entry.path, entry.mode);
|
|
}
|
|
if (result < 0)
|
|
return result;
|
|
if (!res)
|
|
res = result;
|
|
}
|
|
return res;
|
|
}
|
|
|
|
static int fsck_walk_commit(struct commit *commit, void *data, struct fsck_options *options)
|
|
{
|
|
int counter = 0, generation = 0, name_prefix_len = 0;
|
|
struct commit_list *parents;
|
|
int res;
|
|
int result;
|
|
const char *name;
|
|
|
|
if (repo_parse_commit(the_repository, commit))
|
|
return -1;
|
|
|
|
name = fsck_get_object_name(options, &commit->object.oid);
|
|
if (name)
|
|
fsck_put_object_name(options, get_commit_tree_oid(commit),
|
|
"%s:", name);
|
|
|
|
result = options->walk((struct object *) repo_get_commit_tree(the_repository, commit),
|
|
OBJ_TREE, data, options);
|
|
if (result < 0)
|
|
return result;
|
|
res = result;
|
|
|
|
parents = commit->parents;
|
|
if (name && parents) {
|
|
int len = strlen(name), power;
|
|
|
|
if (len && name[len - 1] == '^') {
|
|
generation = 1;
|
|
name_prefix_len = len - 1;
|
|
}
|
|
else { /* parse ~<generation> suffix */
|
|
for (generation = 0, power = 1;
|
|
len && isdigit(name[len - 1]);
|
|
power *= 10)
|
|
generation += power * (name[--len] - '0');
|
|
if (power > 1 && len && name[len - 1] == '~')
|
|
name_prefix_len = len - 1;
|
|
else {
|
|
/* Maybe a non-first parent, e.g. HEAD^2 */
|
|
generation = 0;
|
|
name_prefix_len = len;
|
|
}
|
|
}
|
|
}
|
|
|
|
while (parents) {
|
|
if (name) {
|
|
struct object_id *oid = &parents->item->object.oid;
|
|
|
|
if (counter++)
|
|
fsck_put_object_name(options, oid, "%s^%d",
|
|
name, counter);
|
|
else if (generation > 0)
|
|
fsck_put_object_name(options, oid, "%.*s~%d",
|
|
name_prefix_len, name,
|
|
generation + 1);
|
|
else
|
|
fsck_put_object_name(options, oid, "%s^", name);
|
|
}
|
|
result = options->walk((struct object *)parents->item, OBJ_COMMIT, data, options);
|
|
if (result < 0)
|
|
return result;
|
|
if (!res)
|
|
res = result;
|
|
parents = parents->next;
|
|
}
|
|
return res;
|
|
}
|
|
|
|
static int fsck_walk_tag(struct tag *tag, void *data, struct fsck_options *options)
|
|
{
|
|
const char *name = fsck_get_object_name(options, &tag->object.oid);
|
|
|
|
if (parse_tag(tag))
|
|
return -1;
|
|
if (name)
|
|
fsck_put_object_name(options, &tag->tagged->oid, "%s", name);
|
|
return options->walk(tag->tagged, OBJ_ANY, data, options);
|
|
}
|
|
|
|
int fsck_walk(struct object *obj, void *data, struct fsck_options *options)
|
|
{
|
|
if (!obj)
|
|
return -1;
|
|
|
|
if (obj->type == OBJ_NONE)
|
|
parse_object(the_repository, &obj->oid);
|
|
|
|
switch (obj->type) {
|
|
case OBJ_BLOB:
|
|
return 0;
|
|
case OBJ_TREE:
|
|
return fsck_walk_tree((struct tree *)obj, data, options);
|
|
case OBJ_COMMIT:
|
|
return fsck_walk_commit((struct commit *)obj, data, options);
|
|
case OBJ_TAG:
|
|
return fsck_walk_tag((struct tag *)obj, data, options);
|
|
default:
|
|
error("Unknown object type for %s",
|
|
fsck_describe_object(options, &obj->oid));
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
struct name_stack {
|
|
const char **names;
|
|
size_t nr, alloc;
|
|
};
|
|
|
|
static void name_stack_push(struct name_stack *stack, const char *name)
|
|
{
|
|
ALLOC_GROW(stack->names, stack->nr + 1, stack->alloc);
|
|
stack->names[stack->nr++] = name;
|
|
}
|
|
|
|
static const char *name_stack_pop(struct name_stack *stack)
|
|
{
|
|
return stack->nr ? stack->names[--stack->nr] : NULL;
|
|
}
|
|
|
|
static void name_stack_clear(struct name_stack *stack)
|
|
{
|
|
FREE_AND_NULL(stack->names);
|
|
stack->nr = stack->alloc = 0;
|
|
}
|
|
|
|
/*
|
|
* The entries in a tree are ordered in the _path_ order,
|
|
* which means that a directory entry is ordered by adding
|
|
* a slash to the end of it.
|
|
*
|
|
* So a directory called "a" is ordered _after_ a file
|
|
* called "a.c", because "a/" sorts after "a.c".
|
|
*/
|
|
#define TREE_UNORDERED (-1)
|
|
#define TREE_HAS_DUPS (-2)
|
|
|
|
static int is_less_than_slash(unsigned char c)
|
|
{
|
|
return '\0' < c && c < '/';
|
|
}
|
|
|
|
static int verify_ordered(unsigned mode1, const char *name1,
|
|
unsigned mode2, const char *name2,
|
|
struct name_stack *candidates)
|
|
{
|
|
int len1 = strlen(name1);
|
|
int len2 = strlen(name2);
|
|
int len = len1 < len2 ? len1 : len2;
|
|
unsigned char c1, c2;
|
|
int cmp;
|
|
|
|
cmp = memcmp(name1, name2, len);
|
|
if (cmp < 0)
|
|
return 0;
|
|
if (cmp > 0)
|
|
return TREE_UNORDERED;
|
|
|
|
/*
|
|
* Ok, the first <len> characters are the same.
|
|
* Now we need to order the next one, but turn
|
|
* a '\0' into a '/' for a directory entry.
|
|
*/
|
|
c1 = name1[len];
|
|
c2 = name2[len];
|
|
if (!c1 && !c2)
|
|
/*
|
|
* git-write-tree used to write out a nonsense tree that has
|
|
* entries with the same name, one blob and one tree. Make
|
|
* sure we do not have duplicate entries.
|
|
*/
|
|
return TREE_HAS_DUPS;
|
|
if (!c1 && S_ISDIR(mode1))
|
|
c1 = '/';
|
|
if (!c2 && S_ISDIR(mode2))
|
|
c2 = '/';
|
|
|
|
/*
|
|
* There can be non-consecutive duplicates due to the implicitly
|
|
* added slash, e.g.:
|
|
*
|
|
* foo
|
|
* foo.bar
|
|
* foo.bar.baz
|
|
* foo.bar/
|
|
* foo/
|
|
*
|
|
* Record non-directory candidates (like "foo" and "foo.bar" in
|
|
* the example) on a stack and check directory candidates (like
|
|
* foo/" and "foo.bar/") against that stack.
|
|
*/
|
|
if (!c1 && is_less_than_slash(c2)) {
|
|
name_stack_push(candidates, name1);
|
|
} else if (c2 == '/' && is_less_than_slash(c1)) {
|
|
for (;;) {
|
|
const char *p;
|
|
const char *f_name = name_stack_pop(candidates);
|
|
|
|
if (!f_name)
|
|
break;
|
|
if (!skip_prefix(name2, f_name, &p))
|
|
continue;
|
|
if (!*p)
|
|
return TREE_HAS_DUPS;
|
|
if (is_less_than_slash(*p)) {
|
|
name_stack_push(candidates, f_name);
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
return c1 < c2 ? 0 : TREE_UNORDERED;
|
|
}
|
|
|
|
static int fsck_tree(const struct object_id *tree_oid,
|
|
const char *buffer, unsigned long size,
|
|
struct fsck_options *options)
|
|
{
|
|
int retval = 0;
|
|
int has_null_sha1 = 0;
|
|
int has_full_path = 0;
|
|
int has_empty_name = 0;
|
|
int has_dot = 0;
|
|
int has_dotdot = 0;
|
|
int has_dotgit = 0;
|
|
int has_zero_pad = 0;
|
|
int has_bad_modes = 0;
|
|
int has_dup_entries = 0;
|
|
int not_properly_sorted = 0;
|
|
struct tree_desc desc;
|
|
unsigned o_mode;
|
|
const char *o_name;
|
|
struct name_stack df_dup_candidates = { NULL };
|
|
|
|
if (init_tree_desc_gently(&desc, buffer, size, TREE_DESC_RAW_MODES)) {
|
|
retval += report(options, tree_oid, OBJ_TREE,
|
|
FSCK_MSG_BAD_TREE,
|
|
"cannot be parsed as a tree");
|
|
return retval;
|
|
}
|
|
|
|
o_mode = 0;
|
|
o_name = NULL;
|
|
|
|
while (desc.size) {
|
|
unsigned short mode;
|
|
const char *name, *backslash;
|
|
const struct object_id *entry_oid;
|
|
|
|
entry_oid = tree_entry_extract(&desc, &name, &mode);
|
|
|
|
has_null_sha1 |= is_null_oid(entry_oid);
|
|
has_full_path |= !!strchr(name, '/');
|
|
has_empty_name |= !*name;
|
|
has_dot |= !strcmp(name, ".");
|
|
has_dotdot |= !strcmp(name, "..");
|
|
has_dotgit |= is_hfs_dotgit(name) || is_ntfs_dotgit(name);
|
|
has_zero_pad |= *(char *)desc.buffer == '0';
|
|
|
|
if (is_hfs_dotgitmodules(name) || is_ntfs_dotgitmodules(name)) {
|
|
if (!S_ISLNK(mode))
|
|
oidset_insert(&options->gitmodules_found,
|
|
entry_oid);
|
|
else
|
|
retval += report(options,
|
|
tree_oid, OBJ_TREE,
|
|
FSCK_MSG_GITMODULES_SYMLINK,
|
|
".gitmodules is a symbolic link");
|
|
}
|
|
|
|
if (is_hfs_dotgitattributes(name) || is_ntfs_dotgitattributes(name)) {
|
|
if (!S_ISLNK(mode))
|
|
oidset_insert(&options->gitattributes_found,
|
|
entry_oid);
|
|
else
|
|
retval += report(options, tree_oid, OBJ_TREE,
|
|
FSCK_MSG_GITATTRIBUTES_SYMLINK,
|
|
".gitattributes is a symlink");
|
|
}
|
|
|
|
if (S_ISLNK(mode)) {
|
|
if (is_hfs_dotgitignore(name) ||
|
|
is_ntfs_dotgitignore(name))
|
|
retval += report(options, tree_oid, OBJ_TREE,
|
|
FSCK_MSG_GITIGNORE_SYMLINK,
|
|
".gitignore is a symlink");
|
|
if (is_hfs_dotmailmap(name) ||
|
|
is_ntfs_dotmailmap(name))
|
|
retval += report(options, tree_oid, OBJ_TREE,
|
|
FSCK_MSG_MAILMAP_SYMLINK,
|
|
".mailmap is a symlink");
|
|
}
|
|
|
|
if ((backslash = strchr(name, '\\'))) {
|
|
while (backslash) {
|
|
backslash++;
|
|
has_dotgit |= is_ntfs_dotgit(backslash);
|
|
if (is_ntfs_dotgitmodules(backslash)) {
|
|
if (!S_ISLNK(mode))
|
|
oidset_insert(&options->gitmodules_found,
|
|
entry_oid);
|
|
else
|
|
retval += report(options, tree_oid, OBJ_TREE,
|
|
FSCK_MSG_GITMODULES_SYMLINK,
|
|
".gitmodules is a symbolic link");
|
|
}
|
|
backslash = strchr(backslash, '\\');
|
|
}
|
|
}
|
|
|
|
if (update_tree_entry_gently(&desc)) {
|
|
retval += report(options, tree_oid, OBJ_TREE,
|
|
FSCK_MSG_BAD_TREE,
|
|
"cannot be parsed as a tree");
|
|
break;
|
|
}
|
|
|
|
switch (mode) {
|
|
/*
|
|
* Standard modes..
|
|
*/
|
|
case S_IFREG | 0755:
|
|
case S_IFREG | 0644:
|
|
case S_IFLNK:
|
|
case S_IFDIR:
|
|
case S_IFGITLINK:
|
|
break;
|
|
/*
|
|
* This is nonstandard, but we had a few of these
|
|
* early on when we honored the full set of mode
|
|
* bits..
|
|
*/
|
|
case S_IFREG | 0664:
|
|
if (!options->strict)
|
|
break;
|
|
/* fallthrough */
|
|
default:
|
|
has_bad_modes = 1;
|
|
}
|
|
|
|
if (o_name) {
|
|
switch (verify_ordered(o_mode, o_name, mode, name,
|
|
&df_dup_candidates)) {
|
|
case TREE_UNORDERED:
|
|
not_properly_sorted = 1;
|
|
break;
|
|
case TREE_HAS_DUPS:
|
|
has_dup_entries = 1;
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
}
|
|
|
|
o_mode = mode;
|
|
o_name = name;
|
|
}
|
|
|
|
name_stack_clear(&df_dup_candidates);
|
|
|
|
if (has_null_sha1)
|
|
retval += report(options, tree_oid, OBJ_TREE,
|
|
FSCK_MSG_NULL_SHA1,
|
|
"contains entries pointing to null sha1");
|
|
if (has_full_path)
|
|
retval += report(options, tree_oid, OBJ_TREE,
|
|
FSCK_MSG_FULL_PATHNAME,
|
|
"contains full pathnames");
|
|
if (has_empty_name)
|
|
retval += report(options, tree_oid, OBJ_TREE,
|
|
FSCK_MSG_EMPTY_NAME,
|
|
"contains empty pathname");
|
|
if (has_dot)
|
|
retval += report(options, tree_oid, OBJ_TREE,
|
|
FSCK_MSG_HAS_DOT,
|
|
"contains '.'");
|
|
if (has_dotdot)
|
|
retval += report(options, tree_oid, OBJ_TREE,
|
|
FSCK_MSG_HAS_DOTDOT,
|
|
"contains '..'");
|
|
if (has_dotgit)
|
|
retval += report(options, tree_oid, OBJ_TREE,
|
|
FSCK_MSG_HAS_DOTGIT,
|
|
"contains '.git'");
|
|
if (has_zero_pad)
|
|
retval += report(options, tree_oid, OBJ_TREE,
|
|
FSCK_MSG_ZERO_PADDED_FILEMODE,
|
|
"contains zero-padded file modes");
|
|
if (has_bad_modes)
|
|
retval += report(options, tree_oid, OBJ_TREE,
|
|
FSCK_MSG_BAD_FILEMODE,
|
|
"contains bad file modes");
|
|
if (has_dup_entries)
|
|
retval += report(options, tree_oid, OBJ_TREE,
|
|
FSCK_MSG_DUPLICATE_ENTRIES,
|
|
"contains duplicate file entries");
|
|
if (not_properly_sorted)
|
|
retval += report(options, tree_oid, OBJ_TREE,
|
|
FSCK_MSG_TREE_NOT_SORTED,
|
|
"not properly sorted");
|
|
return retval;
|
|
}
|
|
|
|
/*
|
|
* Confirm that the headers of a commit or tag object end in a reasonable way,
|
|
* either with the usual "\n\n" separator, or at least with a trailing newline
|
|
* on the final header line.
|
|
*
|
|
* This property is important for the memory safety of our callers. It allows
|
|
* them to scan the buffer linewise without constantly checking the remaining
|
|
* size as long as:
|
|
*
|
|
* - they check that there are bytes left in the buffer at the start of any
|
|
* line (i.e., that the last newline they saw was not the final one we
|
|
* found here)
|
|
*
|
|
* - any intra-line scanning they do will stop at a newline, which will worst
|
|
* case hit the newline we found here as the end-of-header. This makes it
|
|
* OK for them to use helpers like parse_oid_hex(), or even skip_prefix().
|
|
*/
|
|
static int verify_headers(const void *data, unsigned long size,
|
|
const struct object_id *oid, enum object_type type,
|
|
struct fsck_options *options)
|
|
{
|
|
const char *buffer = (const char *)data;
|
|
unsigned long i;
|
|
|
|
for (i = 0; i < size; i++) {
|
|
switch (buffer[i]) {
|
|
case '\0':
|
|
return report(options, oid, type,
|
|
FSCK_MSG_NUL_IN_HEADER,
|
|
"unterminated header: NUL at offset %ld", i);
|
|
case '\n':
|
|
if (i + 1 < size && buffer[i + 1] == '\n')
|
|
return 0;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* We did not find double-LF that separates the header
|
|
* and the body. Not having a body is not a crime but
|
|
* we do want to see the terminating LF for the last header
|
|
* line.
|
|
*/
|
|
if (size && buffer[size - 1] == '\n')
|
|
return 0;
|
|
|
|
return report(options, oid, type,
|
|
FSCK_MSG_UNTERMINATED_HEADER, "unterminated header");
|
|
}
|
|
|
|
static int fsck_ident(const char **ident,
|
|
const struct object_id *oid, enum object_type type,
|
|
struct fsck_options *options)
|
|
{
|
|
const char *p = *ident;
|
|
char *end;
|
|
|
|
*ident = strchrnul(*ident, '\n');
|
|
if (**ident == '\n')
|
|
(*ident)++;
|
|
|
|
if (*p == '<')
|
|
return report(options, oid, type, FSCK_MSG_MISSING_NAME_BEFORE_EMAIL, "invalid author/committer line - missing space before email");
|
|
p += strcspn(p, "<>\n");
|
|
if (*p == '>')
|
|
return report(options, oid, type, FSCK_MSG_BAD_NAME, "invalid author/committer line - bad name");
|
|
if (*p != '<')
|
|
return report(options, oid, type, FSCK_MSG_MISSING_EMAIL, "invalid author/committer line - missing email");
|
|
if (p[-1] != ' ')
|
|
return report(options, oid, type, FSCK_MSG_MISSING_SPACE_BEFORE_EMAIL, "invalid author/committer line - missing space before email");
|
|
p++;
|
|
p += strcspn(p, "<>\n");
|
|
if (*p != '>')
|
|
return report(options, oid, type, FSCK_MSG_BAD_EMAIL, "invalid author/committer line - bad email");
|
|
p++;
|
|
if (*p != ' ')
|
|
return report(options, oid, type, FSCK_MSG_MISSING_SPACE_BEFORE_DATE, "invalid author/committer line - missing space before date");
|
|
p++;
|
|
/*
|
|
* Our timestamp parser is based on the C strto*() functions, which
|
|
* will happily eat whitespace, including the newline that is supposed
|
|
* to prevent us walking past the end of the buffer. So do our own
|
|
* scan, skipping linear whitespace but not newlines, and then
|
|
* confirming we found a digit. We _could_ be even more strict here,
|
|
* as we really expect only a single space, but since we have
|
|
* traditionally allowed extra whitespace, we'll continue to do so.
|
|
*/
|
|
while (*p == ' ' || *p == '\t')
|
|
p++;
|
|
if (!isdigit(*p))
|
|
return report(options, oid, type, FSCK_MSG_BAD_DATE,
|
|
"invalid author/committer line - bad date");
|
|
if (*p == '0' && p[1] != ' ')
|
|
return report(options, oid, type, FSCK_MSG_ZERO_PADDED_DATE, "invalid author/committer line - zero-padded date");
|
|
if (date_overflows(parse_timestamp(p, &end, 10)))
|
|
return report(options, oid, type, FSCK_MSG_BAD_DATE_OVERFLOW, "invalid author/committer line - date causes integer overflow");
|
|
if ((end == p || *end != ' '))
|
|
return report(options, oid, type, FSCK_MSG_BAD_DATE, "invalid author/committer line - bad date");
|
|
p = end + 1;
|
|
if ((*p != '+' && *p != '-') ||
|
|
!isdigit(p[1]) ||
|
|
!isdigit(p[2]) ||
|
|
!isdigit(p[3]) ||
|
|
!isdigit(p[4]) ||
|
|
(p[5] != '\n'))
|
|
return report(options, oid, type, FSCK_MSG_BAD_TIMEZONE, "invalid author/committer line - bad time zone");
|
|
p += 6;
|
|
return 0;
|
|
}
|
|
|
|
static int fsck_commit(const struct object_id *oid,
|
|
const char *buffer, unsigned long size,
|
|
struct fsck_options *options)
|
|
{
|
|
struct object_id tree_oid, parent_oid;
|
|
unsigned author_count;
|
|
int err;
|
|
const char *buffer_begin = buffer;
|
|
const char *buffer_end = buffer + size;
|
|
const char *p;
|
|
|
|
/*
|
|
* We _must_ stop parsing immediately if this reports failure, as the
|
|
* memory safety of the rest of the function depends on it. See the
|
|
* comment above the definition of verify_headers() for more details.
|
|
*/
|
|
if (verify_headers(buffer, size, oid, OBJ_COMMIT, options))
|
|
return -1;
|
|
|
|
if (buffer >= buffer_end || !skip_prefix(buffer, "tree ", &buffer))
|
|
return report(options, oid, OBJ_COMMIT, FSCK_MSG_MISSING_TREE, "invalid format - expected 'tree' line");
|
|
if (parse_oid_hex(buffer, &tree_oid, &p) || *p != '\n') {
|
|
err = report(options, oid, OBJ_COMMIT, FSCK_MSG_BAD_TREE_SHA1, "invalid 'tree' line format - bad sha1");
|
|
if (err)
|
|
return err;
|
|
}
|
|
buffer = p + 1;
|
|
while (buffer < buffer_end && skip_prefix(buffer, "parent ", &buffer)) {
|
|
if (parse_oid_hex(buffer, &parent_oid, &p) || *p != '\n') {
|
|
err = report(options, oid, OBJ_COMMIT, FSCK_MSG_BAD_PARENT_SHA1, "invalid 'parent' line format - bad sha1");
|
|
if (err)
|
|
return err;
|
|
}
|
|
buffer = p + 1;
|
|
}
|
|
author_count = 0;
|
|
while (buffer < buffer_end && skip_prefix(buffer, "author ", &buffer)) {
|
|
author_count++;
|
|
err = fsck_ident(&buffer, oid, OBJ_COMMIT, options);
|
|
if (err)
|
|
return err;
|
|
}
|
|
if (author_count < 1)
|
|
err = report(options, oid, OBJ_COMMIT, FSCK_MSG_MISSING_AUTHOR, "invalid format - expected 'author' line");
|
|
else if (author_count > 1)
|
|
err = report(options, oid, OBJ_COMMIT, FSCK_MSG_MULTIPLE_AUTHORS, "invalid format - multiple 'author' lines");
|
|
if (err)
|
|
return err;
|
|
if (buffer >= buffer_end || !skip_prefix(buffer, "committer ", &buffer))
|
|
return report(options, oid, OBJ_COMMIT, FSCK_MSG_MISSING_COMMITTER, "invalid format - expected 'committer' line");
|
|
err = fsck_ident(&buffer, oid, OBJ_COMMIT, options);
|
|
if (err)
|
|
return err;
|
|
if (memchr(buffer_begin, '\0', size)) {
|
|
err = report(options, oid, OBJ_COMMIT, FSCK_MSG_NUL_IN_COMMIT,
|
|
"NUL byte in the commit object body");
|
|
if (err)
|
|
return err;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
static int fsck_tag(const struct object_id *oid, const char *buffer,
|
|
unsigned long size, struct fsck_options *options)
|
|
{
|
|
struct object_id tagged_oid;
|
|
int tagged_type;
|
|
return fsck_tag_standalone(oid, buffer, size, options, &tagged_oid,
|
|
&tagged_type);
|
|
}
|
|
|
|
int fsck_tag_standalone(const struct object_id *oid, const char *buffer,
|
|
unsigned long size, struct fsck_options *options,
|
|
struct object_id *tagged_oid,
|
|
int *tagged_type)
|
|
{
|
|
int ret = 0;
|
|
char *eol;
|
|
struct strbuf sb = STRBUF_INIT;
|
|
const char *buffer_end = buffer + size;
|
|
const char *p;
|
|
|
|
/*
|
|
* We _must_ stop parsing immediately if this reports failure, as the
|
|
* memory safety of the rest of the function depends on it. See the
|
|
* comment above the definition of verify_headers() for more details.
|
|
*/
|
|
ret = verify_headers(buffer, size, oid, OBJ_TAG, options);
|
|
if (ret)
|
|
goto done;
|
|
|
|
if (buffer >= buffer_end || !skip_prefix(buffer, "object ", &buffer)) {
|
|
ret = report(options, oid, OBJ_TAG, FSCK_MSG_MISSING_OBJECT, "invalid format - expected 'object' line");
|
|
goto done;
|
|
}
|
|
if (parse_oid_hex(buffer, tagged_oid, &p) || *p != '\n') {
|
|
ret = report(options, oid, OBJ_TAG, FSCK_MSG_BAD_OBJECT_SHA1, "invalid 'object' line format - bad sha1");
|
|
if (ret)
|
|
goto done;
|
|
}
|
|
buffer = p + 1;
|
|
|
|
if (buffer >= buffer_end || !skip_prefix(buffer, "type ", &buffer)) {
|
|
ret = report(options, oid, OBJ_TAG, FSCK_MSG_MISSING_TYPE_ENTRY, "invalid format - expected 'type' line");
|
|
goto done;
|
|
}
|
|
eol = memchr(buffer, '\n', buffer_end - buffer);
|
|
if (!eol) {
|
|
ret = report(options, oid, OBJ_TAG, FSCK_MSG_MISSING_TYPE, "invalid format - unexpected end after 'type' line");
|
|
goto done;
|
|
}
|
|
*tagged_type = type_from_string_gently(buffer, eol - buffer, 1);
|
|
if (*tagged_type < 0)
|
|
ret = report(options, oid, OBJ_TAG, FSCK_MSG_BAD_TYPE, "invalid 'type' value");
|
|
if (ret)
|
|
goto done;
|
|
buffer = eol + 1;
|
|
|
|
if (buffer >= buffer_end || !skip_prefix(buffer, "tag ", &buffer)) {
|
|
ret = report(options, oid, OBJ_TAG, FSCK_MSG_MISSING_TAG_ENTRY, "invalid format - expected 'tag' line");
|
|
goto done;
|
|
}
|
|
eol = memchr(buffer, '\n', buffer_end - buffer);
|
|
if (!eol) {
|
|
ret = report(options, oid, OBJ_TAG, FSCK_MSG_MISSING_TAG, "invalid format - unexpected end after 'type' line");
|
|
goto done;
|
|
}
|
|
strbuf_addf(&sb, "refs/tags/%.*s", (int)(eol - buffer), buffer);
|
|
if (check_refname_format(sb.buf, 0)) {
|
|
ret = report(options, oid, OBJ_TAG,
|
|
FSCK_MSG_BAD_TAG_NAME,
|
|
"invalid 'tag' name: %.*s",
|
|
(int)(eol - buffer), buffer);
|
|
if (ret)
|
|
goto done;
|
|
}
|
|
buffer = eol + 1;
|
|
|
|
if (buffer >= buffer_end || !skip_prefix(buffer, "tagger ", &buffer)) {
|
|
/* early tags do not contain 'tagger' lines; warn only */
|
|
ret = report(options, oid, OBJ_TAG, FSCK_MSG_MISSING_TAGGER_ENTRY, "invalid format - expected 'tagger' line");
|
|
if (ret)
|
|
goto done;
|
|
}
|
|
else
|
|
ret = fsck_ident(&buffer, oid, OBJ_TAG, options);
|
|
|
|
if (buffer < buffer_end && !starts_with(buffer, "\n")) {
|
|
/*
|
|
* The verify_headers() check will allow
|
|
* e.g. "[...]tagger <tagger>\nsome
|
|
* garbage\n\nmessage" to pass, thinking "some
|
|
* garbage" could be a custom header. E.g. "mktag"
|
|
* doesn't want any unknown headers.
|
|
*/
|
|
ret = report(options, oid, OBJ_TAG, FSCK_MSG_EXTRA_HEADER_ENTRY, "invalid format - extra header(s) after 'tagger'");
|
|
if (ret)
|
|
goto done;
|
|
}
|
|
|
|
done:
|
|
strbuf_release(&sb);
|
|
return ret;
|
|
}
|
|
|
|
static int starts_with_dot_slash(const char *const path)
|
|
{
|
|
return path_match_flags(path, PATH_MATCH_STARTS_WITH_DOT_SLASH |
|
|
PATH_MATCH_XPLATFORM);
|
|
}
|
|
|
|
static int starts_with_dot_dot_slash(const char *const path)
|
|
{
|
|
return path_match_flags(path, PATH_MATCH_STARTS_WITH_DOT_DOT_SLASH |
|
|
PATH_MATCH_XPLATFORM);
|
|
}
|
|
|
|
static int submodule_url_is_relative(const char *url)
|
|
{
|
|
return starts_with_dot_slash(url) || starts_with_dot_dot_slash(url);
|
|
}
|
|
|
|
/*
|
|
* Count directory components that a relative submodule URL should chop
|
|
* from the remote_url it is to be resolved against.
|
|
*
|
|
* In other words, this counts "../" components at the start of a
|
|
* submodule URL.
|
|
*
|
|
* Returns the number of directory components to chop and writes a
|
|
* pointer to the next character of url after all leading "./" and
|
|
* "../" components to out.
|
|
*/
|
|
static int count_leading_dotdots(const char *url, const char **out)
|
|
{
|
|
int result = 0;
|
|
while (1) {
|
|
if (starts_with_dot_dot_slash(url)) {
|
|
result++;
|
|
url += strlen("../");
|
|
continue;
|
|
}
|
|
if (starts_with_dot_slash(url)) {
|
|
url += strlen("./");
|
|
continue;
|
|
}
|
|
*out = url;
|
|
return result;
|
|
}
|
|
}
|
|
/*
|
|
* Check whether a transport is implemented by git-remote-curl.
|
|
*
|
|
* If it is, returns 1 and writes the URL that would be passed to
|
|
* git-remote-curl to the "out" parameter.
|
|
*
|
|
* Otherwise, returns 0 and leaves "out" untouched.
|
|
*
|
|
* Examples:
|
|
* http::https://example.com/repo.git -> 1, https://example.com/repo.git
|
|
* https://example.com/repo.git -> 1, https://example.com/repo.git
|
|
* git://example.com/repo.git -> 0
|
|
*
|
|
* This is for use in checking for previously exploitable bugs that
|
|
* required a submodule URL to be passed to git-remote-curl.
|
|
*/
|
|
static int url_to_curl_url(const char *url, const char **out)
|
|
{
|
|
/*
|
|
* We don't need to check for case-aliases, "http.exe", and so
|
|
* on because in the default configuration, is_transport_allowed
|
|
* prevents URLs with those schemes from being cloned
|
|
* automatically.
|
|
*/
|
|
if (skip_prefix(url, "http::", out) ||
|
|
skip_prefix(url, "https::", out) ||
|
|
skip_prefix(url, "ftp::", out) ||
|
|
skip_prefix(url, "ftps::", out))
|
|
return 1;
|
|
if (starts_with(url, "http://") ||
|
|
starts_with(url, "https://") ||
|
|
starts_with(url, "ftp://") ||
|
|
starts_with(url, "ftps://")) {
|
|
*out = url;
|
|
return 1;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
static int check_submodule_url(const char *url)
|
|
{
|
|
const char *curl_url;
|
|
|
|
if (looks_like_command_line_option(url))
|
|
return -1;
|
|
|
|
if (submodule_url_is_relative(url) || starts_with(url, "git://")) {
|
|
char *decoded;
|
|
const char *next;
|
|
int has_nl;
|
|
|
|
/*
|
|
* This could be appended to an http URL and url-decoded;
|
|
* check for malicious characters.
|
|
*/
|
|
decoded = url_decode(url);
|
|
has_nl = !!strchr(decoded, '\n');
|
|
|
|
free(decoded);
|
|
if (has_nl)
|
|
return -1;
|
|
|
|
/*
|
|
* URLs which escape their root via "../" can overwrite
|
|
* the host field and previous components, resolving to
|
|
* URLs like https::example.com/submodule.git and
|
|
* https:///example.com/submodule.git that were
|
|
* susceptible to CVE-2020-11008.
|
|
*/
|
|
if (count_leading_dotdots(url, &next) > 0 &&
|
|
(*next == ':' || *next == '/'))
|
|
return -1;
|
|
}
|
|
|
|
else if (url_to_curl_url(url, &curl_url)) {
|
|
struct credential c = CREDENTIAL_INIT;
|
|
int ret = 0;
|
|
if (credential_from_url_gently(&c, curl_url, 1) ||
|
|
!*c.host)
|
|
ret = -1;
|
|
credential_clear(&c);
|
|
return ret;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
struct fsck_gitmodules_data {
|
|
const struct object_id *oid;
|
|
struct fsck_options *options;
|
|
int ret;
|
|
};
|
|
|
|
static int fsck_gitmodules_fn(const char *var, const char *value, void *vdata)
|
|
{
|
|
struct fsck_gitmodules_data *data = vdata;
|
|
const char *subsection, *key;
|
|
size_t subsection_len;
|
|
char *name;
|
|
|
|
if (parse_config_key(var, "submodule", &subsection, &subsection_len, &key) < 0 ||
|
|
!subsection)
|
|
return 0;
|
|
|
|
name = xmemdupz(subsection, subsection_len);
|
|
if (check_submodule_name(name) < 0)
|
|
data->ret |= report(data->options,
|
|
data->oid, OBJ_BLOB,
|
|
FSCK_MSG_GITMODULES_NAME,
|
|
"disallowed submodule name: %s",
|
|
name);
|
|
if (!strcmp(key, "url") && value &&
|
|
check_submodule_url(value) < 0)
|
|
data->ret |= report(data->options,
|
|
data->oid, OBJ_BLOB,
|
|
FSCK_MSG_GITMODULES_URL,
|
|
"disallowed submodule url: %s",
|
|
value);
|
|
if (!strcmp(key, "path") && value &&
|
|
looks_like_command_line_option(value))
|
|
data->ret |= report(data->options,
|
|
data->oid, OBJ_BLOB,
|
|
FSCK_MSG_GITMODULES_PATH,
|
|
"disallowed submodule path: %s",
|
|
value);
|
|
if (!strcmp(key, "update") && value &&
|
|
parse_submodule_update_type(value) == SM_UPDATE_COMMAND)
|
|
data->ret |= report(data->options, data->oid, OBJ_BLOB,
|
|
FSCK_MSG_GITMODULES_UPDATE,
|
|
"disallowed submodule update setting: %s",
|
|
value);
|
|
free(name);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int fsck_blob(const struct object_id *oid, const char *buf,
|
|
unsigned long size, struct fsck_options *options)
|
|
{
|
|
int ret = 0;
|
|
|
|
if (object_on_skiplist(options, oid))
|
|
return 0;
|
|
|
|
if (oidset_contains(&options->gitmodules_found, oid)) {
|
|
struct config_options config_opts = { 0 };
|
|
struct fsck_gitmodules_data data;
|
|
|
|
oidset_insert(&options->gitmodules_done, oid);
|
|
|
|
if (!buf) {
|
|
/*
|
|
* A missing buffer here is a sign that the caller found the
|
|
* blob too gigantic to load into memory. Let's just consider
|
|
* that an error.
|
|
*/
|
|
return report(options, oid, OBJ_BLOB,
|
|
FSCK_MSG_GITMODULES_LARGE,
|
|
".gitmodules too large to parse");
|
|
}
|
|
|
|
data.oid = oid;
|
|
data.options = options;
|
|
data.ret = 0;
|
|
config_opts.error_action = CONFIG_ERROR_SILENT;
|
|
if (git_config_from_mem(fsck_gitmodules_fn, CONFIG_ORIGIN_BLOB,
|
|
".gitmodules", buf, size, &data, &config_opts))
|
|
data.ret |= report(options, oid, OBJ_BLOB,
|
|
FSCK_MSG_GITMODULES_PARSE,
|
|
"could not parse gitmodules blob");
|
|
ret |= data.ret;
|
|
}
|
|
|
|
if (oidset_contains(&options->gitattributes_found, oid)) {
|
|
const char *ptr;
|
|
|
|
oidset_insert(&options->gitattributes_done, oid);
|
|
|
|
if (!buf || size > ATTR_MAX_FILE_SIZE) {
|
|
/*
|
|
* A missing buffer here is a sign that the caller found the
|
|
* blob too gigantic to load into memory. Let's just consider
|
|
* that an error.
|
|
*/
|
|
return report(options, oid, OBJ_BLOB,
|
|
FSCK_MSG_GITATTRIBUTES_LARGE,
|
|
".gitattributes too large to parse");
|
|
}
|
|
|
|
for (ptr = buf; *ptr; ) {
|
|
const char *eol = strchrnul(ptr, '\n');
|
|
if (eol - ptr >= ATTR_MAX_LINE_LENGTH) {
|
|
ret |= report(options, oid, OBJ_BLOB,
|
|
FSCK_MSG_GITATTRIBUTES_LINE_LENGTH,
|
|
".gitattributes has too long lines to parse");
|
|
break;
|
|
}
|
|
|
|
ptr = *eol ? eol + 1 : eol;
|
|
}
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
int fsck_object(struct object *obj, void *data, unsigned long size,
|
|
struct fsck_options *options)
|
|
{
|
|
if (!obj)
|
|
return report(options, NULL, OBJ_NONE, FSCK_MSG_BAD_OBJECT_SHA1, "no valid object to fsck");
|
|
|
|
return fsck_buffer(&obj->oid, obj->type, data, size, options);
|
|
}
|
|
|
|
int fsck_buffer(const struct object_id *oid, enum object_type type,
|
|
void *data, unsigned long size,
|
|
struct fsck_options *options)
|
|
{
|
|
if (type == OBJ_BLOB)
|
|
return fsck_blob(oid, data, size, options);
|
|
if (type == OBJ_TREE)
|
|
return fsck_tree(oid, data, size, options);
|
|
if (type == OBJ_COMMIT)
|
|
return fsck_commit(oid, data, size, options);
|
|
if (type == OBJ_TAG)
|
|
return fsck_tag(oid, data, size, options);
|
|
|
|
return report(options, oid, type,
|
|
FSCK_MSG_UNKNOWN_TYPE,
|
|
"unknown type '%d' (internal fsck error)",
|
|
type);
|
|
}
|
|
|
|
int fsck_error_function(struct fsck_options *o,
|
|
const struct object_id *oid,
|
|
enum object_type object_type,
|
|
enum fsck_msg_type msg_type,
|
|
enum fsck_msg_id msg_id,
|
|
const char *message)
|
|
{
|
|
if (msg_type == FSCK_WARN) {
|
|
warning("object %s: %s", fsck_describe_object(o, oid), message);
|
|
return 0;
|
|
}
|
|
error("object %s: %s", fsck_describe_object(o, oid), message);
|
|
return 1;
|
|
}
|
|
|
|
static int fsck_blobs(struct oidset *blobs_found, struct oidset *blobs_done,
|
|
enum fsck_msg_id msg_missing, enum fsck_msg_id msg_type,
|
|
struct fsck_options *options, const char *blob_type)
|
|
{
|
|
int ret = 0;
|
|
struct oidset_iter iter;
|
|
const struct object_id *oid;
|
|
|
|
oidset_iter_init(blobs_found, &iter);
|
|
while ((oid = oidset_iter_next(&iter))) {
|
|
enum object_type type;
|
|
unsigned long size;
|
|
char *buf;
|
|
|
|
if (oidset_contains(blobs_done, oid))
|
|
continue;
|
|
|
|
buf = repo_read_object_file(the_repository, oid, &type, &size);
|
|
if (!buf) {
|
|
if (is_promisor_object(oid))
|
|
continue;
|
|
ret |= report(options,
|
|
oid, OBJ_BLOB, msg_missing,
|
|
"unable to read %s blob", blob_type);
|
|
continue;
|
|
}
|
|
|
|
if (type == OBJ_BLOB)
|
|
ret |= fsck_blob(oid, buf, size, options);
|
|
else
|
|
ret |= report(options, oid, type, msg_type,
|
|
"non-blob found at %s", blob_type);
|
|
free(buf);
|
|
}
|
|
|
|
oidset_clear(blobs_found);
|
|
oidset_clear(blobs_done);
|
|
|
|
return ret;
|
|
}
|
|
|
|
int fsck_finish(struct fsck_options *options)
|
|
{
|
|
int ret = 0;
|
|
|
|
ret |= fsck_blobs(&options->gitmodules_found, &options->gitmodules_done,
|
|
FSCK_MSG_GITMODULES_MISSING, FSCK_MSG_GITMODULES_BLOB,
|
|
options, ".gitmodules");
|
|
ret |= fsck_blobs(&options->gitattributes_found, &options->gitattributes_done,
|
|
FSCK_MSG_GITATTRIBUTES_MISSING, FSCK_MSG_GITATTRIBUTES_BLOB,
|
|
options, ".gitattributes");
|
|
|
|
return ret;
|
|
}
|
|
|
|
int git_fsck_config(const char *var, const char *value, void *cb)
|
|
{
|
|
struct fsck_options *options = cb;
|
|
if (strcmp(var, "fsck.skiplist") == 0) {
|
|
const char *path;
|
|
struct strbuf sb = STRBUF_INIT;
|
|
|
|
if (git_config_pathname(&path, var, value))
|
|
return 1;
|
|
strbuf_addf(&sb, "skiplist=%s", path);
|
|
free((char *)path);
|
|
fsck_set_msg_types(options, sb.buf);
|
|
strbuf_release(&sb);
|
|
return 0;
|
|
}
|
|
|
|
if (skip_prefix(var, "fsck.", &var)) {
|
|
fsck_set_msg_type(options, var, value);
|
|
return 0;
|
|
}
|
|
|
|
return git_default_config(var, value, cb);
|
|
}
|
|
|
|
/*
|
|
* Custom error callbacks that are used in more than one place.
|
|
*/
|
|
|
|
int fsck_error_cb_print_missing_gitmodules(struct fsck_options *o,
|
|
const struct object_id *oid,
|
|
enum object_type object_type,
|
|
enum fsck_msg_type msg_type,
|
|
enum fsck_msg_id msg_id,
|
|
const char *message)
|
|
{
|
|
if (msg_id == FSCK_MSG_GITMODULES_MISSING) {
|
|
puts(oid_to_hex(oid));
|
|
return 0;
|
|
}
|
|
return fsck_error_function(o, oid, object_type, msg_type, msg_id, message);
|
|
}
|