From: "Nguyễn Thái Ngọc Duy" <pclouds@gmail.com>
To: git@vger.kernel.org
Cc: "Nguyễn Thái Ngọc Duy" <pclouds@gmail.com>
Subject: [PATCH v2 19/19] Guard unallowed access to repository when it's not set up
Date: Sun, 21 Mar 2010 17:30:46 +0700 [thread overview]
Message-ID: <1269167446-7799-20-git-send-email-pclouds@gmail.com> (raw)
In-Reply-To: <1269167446-7799-1-git-send-email-pclouds@gmail.com>
Many code path will skip repo access if startup_info->have_repository
is false. This may be a fault if startup_info->have_repository has not
been properly initialized.
So the rule is one of the following commands must be run before any
repo access. And none of them can be called twice.
- setup_git_directory*
- enter_repo
- init_db
Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
---
builtin/init-db.c | 1 +
cache.h | 1 +
config.c | 2 ++
environment.c | 13 +++++++++++--
git.c | 3 +++
setup.c | 13 +++++++++++++
6 files changed, 31 insertions(+), 2 deletions(-)
diff --git a/builtin/init-db.c b/builtin/init-db.c
index 064b919..d4c415c 100644
--- a/builtin/init-db.c
+++ b/builtin/init-db.c
@@ -302,6 +302,7 @@ int init_db(const char *git_dir, const char *template_dir, unsigned int flags)
set_git_dir(make_absolute_path(git_dir));
startup_info->have_repository = 1;
+ startup_info->have_run_setup_gitdir = 1;
safe_create_dir(get_git_dir(), 0);
diff --git a/cache.h b/cache.h
index b1ed150..417a744 100644
--- a/cache.h
+++ b/cache.h
@@ -1060,6 +1060,7 @@ int split_cmdline(char *cmdline, const char ***argv);
/* git.c */
struct startup_info {
const char *prefix;
+ int have_run_setup_gitdir;
int have_repository;
int help;
};
diff --git a/config.c b/config.c
index 07d854a..9981b09 100644
--- a/config.c
+++ b/config.c
@@ -737,6 +737,8 @@ int git_config(config_fn_t fn, void *data)
char *repo_config = NULL;
int ret;
+ if (startup_info && !startup_info->have_run_setup_gitdir)
+ die("internal error: access to .git/config without repo setup");
if (!startup_info || startup_info->have_repository)
repo_config = git_pathdup("config");
ret = git_config_early(fn, data, repo_config);
diff --git a/environment.c b/environment.c
index 6127025..17f0cbe 100644
--- a/environment.c
+++ b/environment.c
@@ -98,9 +98,18 @@ void unset_git_env(void)
static void setup_git_env(void)
{
+ if (startup_info && startup_info->have_run_setup_gitdir)
+ die("internal error: setup_git_env can't be called twice");
git_dir = getenv(GIT_DIR_ENVIRONMENT);
- if (!git_dir)
- git_dir = read_gitfile_gently(DEFAULT_GIT_DIR_ENVIRONMENT);
+ if (!git_dir) {
+ /*
+ * Repo detection should be done by setup_git_directory*
+ * or enter_repo, not by this function
+ */
+ if (startup_info)
+ die("internal error: $GIT_DIR is empty");
+ git_dir = read_gitfile_gently(DEFAULT_GIT_DIR_ENVIRONMENT);
+ }
if (!git_dir)
git_dir = DEFAULT_GIT_DIR_ENVIRONMENT;
git_object_dir = getenv(DB_ENVIRONMENT);
diff --git a/git.c b/git.c
index 88aaf13..5f7f410 100644
--- a/git.c
+++ b/git.c
@@ -260,6 +260,9 @@ static int run_builtin(struct cmd_struct *p, int argc, const char **argv)
use_pager = 1;
}
}
+ else
+ /* Stop git_config() from complaining that no repository found. */
+ startup_info->have_run_setup_gitdir = 1;
commit_pager_choice();
if (!startup_info->help && p->option & NEED_WORK_TREE)
diff --git a/setup.c b/setup.c
index 1808ebe..d9bb616 100644
--- a/setup.c
+++ b/setup.c
@@ -237,7 +237,17 @@ void setup_work_tree(void)
git_dir = make_absolute_path(git_dir);
if (!work_tree || chdir(work_tree))
die("This operation must be run in a work tree");
+
+ /*
+ * have_run_setup_gitdir is unset in order to avoid die()ing
+ * inside set_git_env(). We don't actually initialize
+ * repo twice, we're just relative-izing gitdir
+ */
+ if (startup_info)
+ startup_info->have_run_setup_gitdir = 0;
set_git_dir(make_relative_path(git_dir, work_tree));
+ if (startup_info)
+ startup_info->have_run_setup_gitdir = 1;
initialized = 1;
}
@@ -340,6 +350,7 @@ void unset_git_directory(const char *prefix)
unset_git_env();
startup_info->prefix = NULL;
startup_info->have_repository = 0;
+ startup_info->have_run_setup_gitdir = 0;
}
/* Initialized in setup_git_directory_gently_1() */
@@ -506,6 +517,7 @@ const char *setup_git_directory_gently(int *nongit_ok)
prefix = setup_git_directory_gently_1(nongit_ok);
if (startup_info) {
startup_info->prefix = prefix;
+ startup_info->have_run_setup_gitdir = 1;
startup_info->have_repository = !nongit_ok || !*nongit_ok;
}
return prefix;
@@ -600,6 +612,7 @@ char *enter_repo(char *path, int strict)
set_git_dir(".");
if (startup_info) {
startup_info->prefix = NULL;
+ startup_info->have_run_setup_gitdir = 1;
startup_info->have_repository = 1;
}
return path;
--
1.7.0.2.425.gb99f1
prev parent reply other threads:[~2010-03-21 10:36 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-21 10:30 [PATCH v2 00/19] nd/setup part two, second round Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 01/19] Move enter_repo() to setup.c Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 02/19] enter_repo(): initialize other variables as setup_git_directory_gently() does Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 03/19] rev-parse --git-dir: print relative gitdir correctly Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 04/19] worktree setup: call set_git_dir explicitly Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 05/19] Add git_config_early() Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 06/19] Use git_config_early() instead of git_config() during repo setup Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 07/19] worktree setup: restore original state when things go wrong Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 08/19] init/clone: turn on startup->have_repository properly Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 09/19] git_config(): do not read .git/config if there is no repository Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 10/19] Do not read .git/info/exclude " Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 11/19] Do not read .git/info/attributes " Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 12/19] apply: do not check sha1 when repository has not been found Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 13/19] config: do not read .git/config if there is no repository Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 14/19] run_builtin(): save "-h" detection result for later use Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 15/19] builtins: utilize startup_info->help where possible Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 16/19] builtins: check for startup_info->help, print and exit early Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 17/19] Allow to undo setup_git_directory_gently() gracefully (and fix alias code) Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 18/19] alias: keep repository found while collecting aliases as long as possible Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` Nguyễn Thái Ngọc Duy [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1269167446-7799-20-git-send-email-pclouds@gmail.com \
--to=pclouds@gmail.com \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.