git/http-push.c, branch v2.28.1Mirror of https://git.kernel.org/pub/scm/git/git.git/
https://www.git.shady.money/git/atom?h=v2.28.12020-07-07T05:09:17ZMerge branch 'bc/http-push-flagsfix'2020-07-07T05:09:17ZJunio C Hamanogitster@pobox.com2020-07-07T05:09:17Zurn:sha1:67d99b82de27e98bfec7d174ef4b6369d5b85d7a
The code to push changes over "dumb" HTTP had a bad interaction
with the commit reachability code due to incorrect allocation of
object flag bits, which has been corrected.
* bc/http-push-flagsfix:
http-push: ensure unforced pushes fail when data would be lost
http-push: ensure unforced pushes fail when data would be lost2020-06-23T22:40:59Zbrian m. carlsonsandals@crustytoothpaste.net2020-06-23T21:52:20Zurn:sha1:64472d15e90f14d920eade6bb1d1c4a01fca2280
When we push using the DAV-based protocol, the client is the one that
performs the ref updates and therefore makes the checks to see whether
an unforced push should be allowed. We make this check by determining
if either (a) we lack the object file for the old value of the ref or
(b) the new value of the ref is not newer than the old value, and in
either case, reject the push.
However, the ref_newer function, which performs this latter check, has
an odd behavior due to the reuse of certain object flags. Specifically,
it will incorrectly return false in its first invocation and then
correctly return true on a subsequent invocation. This occurs because
the object flags used by http-push.c are the same as those used by
commit-reach.c, which implements ref_newer, and one piece of code
misinterprets the flags set by the other.
Note that this does not occur in all cases. For example, if the example
used in the tests is changed to use one repository instead of two and
rewind the head to add a commit, the test passes and we correctly reject
the push. However, the example provided does trigger this behavior, and
the code has been broken in this way since at least Git 2.0.0.
To solve this problem, let's move the two sets of object flags so that
they don't overlap, since we're clearly using them at the same time.
The new set should not conflict with other usage because other users are
either builtin code (which is not compiled into git http-push) or
upload-pack (which we similarly do not use here).
Reported-by: Michael Ward <mward@smartsoftwareinc.com>
Signed-off-by: René Scharfe <l.s.r@web.de>
Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
http: refactor finish_http_pack_request()2020-06-11T01:06:34ZJonathan Tanjonathantanmy@google.com2020-06-10T20:57:16Zurn:sha1:eb05349247415992644fc63ba0cf0c4821d4eef2
finish_http_pack_request() does multiple tasks, including some
housekeeping on a struct packed_git - (1) closing its index, (2)
removing it from a list, and (3) installing it. These concerns are
independent of fetching a pack through HTTP: they are there only because
(1) the calling code opens the pack's index before deciding to fetch it,
(2) the calling code maintains a list of packfiles that can be fetched,
and (3) the calling code fetches it in order to make use of its objects
in the same process.
In preparation for a subsequent commit, which adds a feature that does
not need any of this housekeeping, remove (1), (2), and (3) from
finish_http_pack_request(). (2) and (3) are now done by a helper
function, and (1) is the responsibility of the caller (in this patch,
done closer to the point where the pack index is opened).
Signed-off-by: Jonathan Tan <jonathantanmy@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
http-push: simplify deleting a list item2019-10-15T01:53:50ZRené Scharfel.s.r@web.de2019-10-13T12:49:17Zurn:sha1:5cc6a4be11644f3d302eee2e735261ace4cd1c4c
The first step for deleting an item from a linked list is to locate the
item preceding it. Be more careful in release_request() and handle an
empty list. This only has consequences for invalid delete requests
(removing the same item twice, or deleting an item that was never added
to the list), but simplifies the loop condition as well as the check
after the loop.
Once we found the item's predecessor in the list, update its next
pointer to skip over the item, which removes it from the list. In other
words: Make the item's successor the successor of its predecessor.
(At this point entry->next == request and prev->next == lock,
respectively.) This is a bit simpler and saves a pointer dereference.
Signed-off-by: René Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
object: convert lookup_object() to use object_id2019-06-20T17:18:09ZJeff Kingpeff@peff.net2019-06-20T07:41:14Zurn:sha1:d0229abd93e1115d935b0e55067e29bcc9815ce8
There are no callers left of lookup_object() that aren't just passing us
the "hash" member of a "struct object_id". Let's take the whole struct,
which gets us closer to removing all raw sha1 variables. It also
matches the existing conversions of lookup_blob(), etc.
The conversions of callers were done by hand, but they're all mechanical
one-liners.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
object: convert lookup_unknown_object() to use object_id2019-06-20T17:06:19ZJeff Kingpeff@peff.net2019-06-20T07:41:10Zurn:sha1:0ebbcf70e672ef9ad46eb4975a34d3639190aeb2
There are no callers left of lookup_unknown_object() that aren't just
passing us the "hash" member of a "struct object_id". Let's take the
whole struct, which gets us closer to removing all raw sha1 variables.
It also matches the existing conversions of lookup_blob(), etc.
The conversions of callers were done by hand, but they're all mechanical
one-liners.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Merge branch 'cb/http-push-null-in-message-fix'2019-05-19T07:45:35ZJunio C Hamanogitster@pobox.com2019-05-19T07:45:35Zurn:sha1:8cbad4935e7ed47934476d7df61e5758aca074e9
Code clean-up.
* cb/http-push-null-in-message-fix:
http-push: prevent format overflow warning with gcc >= 9
http-push: prevent format overflow warning with gcc >= 92019-05-15T02:03:08ZCarlo Marcelo Arenas Belóncarenas@gmail.com2019-05-14T21:11:17Zurn:sha1:9dde06de130463c20f8b603ed3a3ffe10347f2f1
In function 'finish_request',
inlined from 'process_response' at http-push.c:248:2:
http-push.c:587:4: warning: '%s' directive argument is null [-Wformat-overflow=]
587 | fprintf(stderr, "Unable to get pack file %s\n%s",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
588 | request->url, curl_errorstr);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
request->url is needed for the error message if there was a failure
during fetch but was being cleared unnecessarily earlier.
note that the leak is prevented by calling release_request unconditionally
at the end.
Signed-off-by: Carlo Marcelo Arenas Belón <carenas@gmail.com>
Suggested-by: Eric Sunshine <sunshine@sunshineco.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
http-push: remove remaining uses of sha1_to_hex2019-04-01T02:57:38Zbrian m. carlsonsandals@crustytoothpaste.net2019-02-19T00:05:11Zurn:sha1:1cb158b6e65fbfd12099dc0d39642ad146dd887f
Since sha1_to_hex is limited to SHA-1, switch all remaining uses of it
in this file to hash_to_hex or oid_to_hex. Modify update_remote to take
a pointer to struct object_id, and since we don't modify that parameter
in the function, set it to be const as well.
Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
http-push: convert to use the_hash_algo2019-04-01T02:57:38Zbrian m. carlsonsandals@crustytoothpaste.net2019-02-19T00:05:09Zurn:sha1:f024b87a086643bbe6c869af11eee27aaaebb074
Switch the lock token code to use the_hash_algo and increase its buffers
to be allocated using GIT_MAX_* constants. Update the parsing of object
paths to use the_hash_algo as well.
Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>