From: "Nguyễn Thái Ngọc Duy" <pclouds@gmail.com>
To: git@vger.kernel.org
Cc: "Nguyễn Thái Ngọc Duy" <pclouds@gmail.com>
Subject: [PATCH 16/16] Guard unallowed access to repository when it's not set up
Date: Thu, 11 Mar 2010 20:22:34 +0700 [thread overview]
Message-ID: <1268313754-28179-17-git-send-email-pclouds@gmail.com> (raw)
In-Reply-To: <1268313754-28179-1-git-send-email-pclouds@gmail.com>
Many code path will skip repo access if startup_info->have_repository
is false. This may be a fault if startup_info->have_repository has not
been properly initialized.
So the rule is one of the following commands must be run before any
repo access. And none of them can be called twice.
- setup_git_directory*
- enter_repo
- init_db
Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
---
builtin/init-db.c | 1 +
cache.h | 1 +
config.c | 2 ++
environment.c | 13 +++++++++++--
setup.c | 13 +++++++++++++
5 files changed, 28 insertions(+), 2 deletions(-)
diff --git a/builtin/init-db.c b/builtin/init-db.c
index 064b919..d4c415c 100644
--- a/builtin/init-db.c
+++ b/builtin/init-db.c
@@ -302,6 +302,7 @@ int init_db(const char *git_dir, const char *template_dir, unsigned int flags)
set_git_dir(make_absolute_path(git_dir));
startup_info->have_repository = 1;
+ startup_info->have_run_setup_gitdir = 1;
safe_create_dir(get_git_dir(), 0);
diff --git a/cache.h b/cache.h
index bd9df24..1a6ae8c 100644
--- a/cache.h
+++ b/cache.h
@@ -1060,6 +1060,7 @@ int split_cmdline(char *cmdline, const char ***argv);
/* git.c */
struct startup_info {
const char *prefix;
+ int have_run_setup_gitdir;
int have_repository;
};
extern struct startup_info *startup_info;
diff --git a/config.c b/config.c
index 07d854a..9981b09 100644
--- a/config.c
+++ b/config.c
@@ -737,6 +737,8 @@ int git_config(config_fn_t fn, void *data)
char *repo_config = NULL;
int ret;
+ if (startup_info && !startup_info->have_run_setup_gitdir)
+ die("internal error: access to .git/config without repo setup");
if (!startup_info || startup_info->have_repository)
repo_config = git_pathdup("config");
ret = git_config_early(fn, data, repo_config);
diff --git a/environment.c b/environment.c
index 6127025..17f0cbe 100644
--- a/environment.c
+++ b/environment.c
@@ -98,9 +98,18 @@ void unset_git_env(void)
static void setup_git_env(void)
{
+ if (startup_info && startup_info->have_run_setup_gitdir)
+ die("internal error: setup_git_env can't be called twice");
git_dir = getenv(GIT_DIR_ENVIRONMENT);
- if (!git_dir)
- git_dir = read_gitfile_gently(DEFAULT_GIT_DIR_ENVIRONMENT);
+ if (!git_dir) {
+ /*
+ * Repo detection should be done by setup_git_directory*
+ * or enter_repo, not by this function
+ */
+ if (startup_info)
+ die("internal error: $GIT_DIR is empty");
+ git_dir = read_gitfile_gently(DEFAULT_GIT_DIR_ENVIRONMENT);
+ }
if (!git_dir)
git_dir = DEFAULT_GIT_DIR_ENVIRONMENT;
git_object_dir = getenv(DB_ENVIRONMENT);
diff --git a/setup.c b/setup.c
index 3264187..96af5e3 100644
--- a/setup.c
+++ b/setup.c
@@ -237,7 +237,17 @@ void setup_work_tree(void)
git_dir = make_absolute_path(git_dir);
if (!work_tree || chdir(work_tree))
die("This operation must be run in a work tree");
+
+ /*
+ * have_run_setup_gitdir is unset in order to avoid die()ing
+ * inside set_git_env(). We don't actually initialize
+ * repo twice, we're just relative-izing gitdir
+ */
+ if (startup_info)
+ startup_info->have_run_setup_gitdir = 0;
set_git_dir(make_relative_path(git_dir, work_tree));
+ if (startup_info)
+ startup_info->have_run_setup_gitdir = 1;
initialized = 1;
}
@@ -333,6 +343,7 @@ void unset_git_directory(const char *prefix)
unset_git_env();
startup_info->prefix = NULL;
startup_info->have_repository = 0;
+ startup_info->have_run_setup_gitdir = 0;
}
/* Initialized in setup_git_directory_gently_1() */
@@ -499,6 +510,7 @@ const char *setup_git_directory_gently(int *nongit_ok)
prefix = setup_git_directory_gently_1(nongit_ok);
if (startup_info) {
startup_info->prefix = prefix;
+ startup_info->have_run_setup_gitdir = 1;
startup_info->have_repository = !nongit_ok || !*nongit_ok;
}
return prefix;
@@ -593,6 +605,7 @@ char *enter_repo(char *path, int strict)
set_git_dir(".");
if (startup_info) {
startup_info->prefix = NULL;
+ startup_info->have_run_setup_gitdir = 1;
startup_info->have_repository = 1;
}
return path;
--
1.7.0.1.384.g6abcaa
prev parent reply other threads:[~2010-03-11 13:24 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-11 13:22 [PATCH 00/16] nd/setup part two Nguyễn Thái Ngọc Duy
2010-03-11 13:22 ` [PATCH 01/16] Move enter_repo() to setup.c Nguyễn Thái Ngọc Duy
2010-03-11 13:22 ` [PATCH 02/16] enter_repo(): initialize other variables as setup_git_directory_gently() does Nguyễn Thái Ngọc Duy
2010-03-11 13:22 ` [PATCH 03/16] rev-parse --git-dir: print relative gitdir correctly Nguyễn Thái Ngọc Duy
2010-03-11 13:22 ` [PATCH 04/16] worktree setup: call set_git_dir explicitly Nguyễn Thái Ngọc Duy
2010-03-11 21:24 ` Junio C Hamano
[not found] ` <fcaeb9bf1003111645p54f42aaetbb622f8bde0ec8ad@mail.gmail.com>
2010-03-20 8:10 ` Nguyen Thai Ngoc Duy
2010-03-11 13:22 ` [PATCH 05/16] Add git_config_early() Nguyễn Thái Ngọc Duy
2010-03-11 13:22 ` [PATCH 06/16] Use git_config_early() instead of git_config() during repo setup Nguyễn Thái Ngọc Duy
2010-03-12 3:35 ` Nguyen Thai Ngoc Duy
2010-03-11 13:22 ` [PATCH 07/16] worktree setup: restore original state when things go wrong Nguyễn Thái Ngọc Duy
2010-03-11 13:22 ` [PATCH 08/16] init/clone: turn on startup->have_repository properly Nguyễn Thái Ngọc Duy
2010-03-11 13:22 ` [PATCH 09/16] git_config(): do not read .git/config if there is no repository Nguyễn Thái Ngọc Duy
2010-03-11 13:22 ` [PATCH 10/16] Do not read .git/info/exclude " Nguyễn Thái Ngọc Duy
2010-03-11 13:22 ` [PATCH 11/16] Do not read .git/info/attributes " Nguyễn Thái Ngọc Duy
2010-03-11 13:22 ` [PATCH 12/16] apply: do not check sha1 when repository has not been found Nguyễn Thái Ngọc Duy
2010-03-11 13:22 ` [PATCH 13/16] config: do not read .git/config if there is no repository Nguyễn Thái Ngọc Duy
2010-03-11 13:22 ` [PATCH 14/16] Allow to undo setup_git_directory_gently() gracefully (and fix alias code) Nguyễn Thái Ngọc Duy
2010-03-11 13:22 ` [PATCH 15/16] alias: keep repository found while collecting aliases as long as possible Nguyễn Thái Ngọc Duy
2010-03-11 13:22 ` Nguyễn Thái Ngọc Duy [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1268313754-28179-17-git-send-email-pclouds@gmail.com \
--to=pclouds@gmail.com \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.