git/ls-refs.c
Jeff King 4845b77245 upload-pack: handle unexpected delim packets
When processing the arguments list for a v2 ls-refs or fetch command, we
loop like this:

  while (packet_reader_read(request) != PACKET_READ_FLUSH) {
          const char *arg = request->line;
	  ...handle arg...
  }

to read and handle packets until we see a flush. The hidden assumption
here is that anything except PACKET_READ_FLUSH will give us valid packet
data to read. But that's not true; PACKET_READ_DELIM or PACKET_READ_EOF
will leave packet->line as NULL, and we'll segfault trying to look at
it.

Instead, we should follow the more careful model demonstrated on the
client side (e.g., in process_capabilities_v2): keep looping as long
as we get normal packets, and then make sure that we broke out of the
loop due to a real flush. That fixes the segfault and correctly
diagnoses any unexpected input from the client.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-03-27 12:18:48 -07:00

117 lines
2.7 KiB
C

#include "cache.h"
#include "repository.h"
#include "refs.h"
#include "remote.h"
#include "argv-array.h"
#include "ls-refs.h"
#include "pkt-line.h"
#include "config.h"
/*
* Check if one of the prefixes is a prefix of the ref.
* If no prefixes were provided, all refs match.
*/
static int ref_match(const struct argv_array *prefixes, const char *refname)
{
int i;
if (!prefixes->argc)
return 1; /* no restriction */
for (i = 0; i < prefixes->argc; i++) {
const char *prefix = prefixes->argv[i];
if (starts_with(refname, prefix))
return 1;
}
return 0;
}
struct ls_refs_data {
unsigned peel;
unsigned symrefs;
struct argv_array prefixes;
};
static int send_ref(const char *refname, const struct object_id *oid,
int flag, void *cb_data)
{
struct ls_refs_data *data = cb_data;
const char *refname_nons = strip_namespace(refname);
struct strbuf refline = STRBUF_INIT;
if (ref_is_hidden(refname_nons, refname))
return 0;
if (!ref_match(&data->prefixes, refname_nons))
return 0;
strbuf_addf(&refline, "%s %s", oid_to_hex(oid), refname_nons);
if (data->symrefs && flag & REF_ISSYMREF) {
struct object_id unused;
const char *symref_target = resolve_ref_unsafe(refname, 0,
&unused,
&flag);
if (!symref_target)
die("'%s' is a symref but it is not?", refname);
strbuf_addf(&refline, " symref-target:%s",
strip_namespace(symref_target));
}
if (data->peel) {
struct object_id peeled;
if (!peel_ref(refname, &peeled))
strbuf_addf(&refline, " peeled:%s", oid_to_hex(&peeled));
}
strbuf_addch(&refline, '\n');
packet_write(1, refline.buf, refline.len);
strbuf_release(&refline);
return 0;
}
static int ls_refs_config(const char *var, const char *value, void *data)
{
/*
* We only serve fetches over v2 for now, so respect only "uploadpack"
* config. This may need to eventually be expanded to "receive", but we
* don't yet know how that information will be passed to ls-refs.
*/
return parse_hide_refs_config(var, value, "uploadpack");
}
int ls_refs(struct repository *r, struct argv_array *keys,
struct packet_reader *request)
{
struct ls_refs_data data;
memset(&data, 0, sizeof(data));
git_config(ls_refs_config, NULL);
while (packet_reader_read(request) == PACKET_READ_NORMAL) {
const char *arg = request->line;
const char *out;
if (!strcmp("peel", arg))
data.peel = 1;
else if (!strcmp("symrefs", arg))
data.symrefs = 1;
else if (skip_prefix(arg, "ref-prefix ", &out))
argv_array_push(&data.prefixes, out);
}
if (request->status != PACKET_READ_FLUSH)
die(_("expected flush after ls-refs arguments"));
head_ref_namespaced(send_ref, &data);
for_each_namespaced_ref(send_ref, &data);
packet_flush(1);
argv_array_clear(&data.prefixes);
return 0;
}