From: "Nguyễn Thái Ngọc Duy" <pclouds@gmail.com>
To: git@vger.kernel.org
Cc: "Nguyễn Thái Ngọc Duy" <pclouds@gmail.com>
Subject: [PATCH v2 19/19] Guard unallowed access to repository when it's not set up
Date: Sun, 21 Mar 2010 17:30:46 +0700 [thread overview]
Message-ID: <1269167446-7799-20-git-send-email-pclouds@gmail.com> (raw)
In-Reply-To: <1269167446-7799-1-git-send-email-pclouds@gmail.com>
Many code path will skip repo access if startup_info->have_repository
is false. This may be a fault if startup_info->have_repository has not
been properly initialized.
So the rule is one of the following commands must be run before any
repo access. And none of them can be called twice.
- setup_git_directory*
- enter_repo
- init_db
Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
---
builtin/init-db.c | 1 +
cache.h | 1 +
config.c | 2 ++
environment.c | 13 +++++++++++--
git.c | 3 +++
setup.c | 13 +++++++++++++
6 files changed, 31 insertions(+), 2 deletions(-)
diff --git a/builtin/init-db.c b/builtin/init-db.c
index 064b919..d4c415c 100644
--- a/builtin/init-db.c
+++ b/builtin/init-db.c
@@ -302,6 +302,7 @@ int init_db(const char *git_dir, const char *template_dir, unsigned int flags)
set_git_dir(make_absolute_path(git_dir));
startup_info->have_repository = 1;
+ startup_info->have_run_setup_gitdir = 1;
safe_create_dir(get_git_dir(), 0);
diff --git a/cache.h b/cache.h
index b1ed150..417a744 100644
--- a/cache.h
+++ b/cache.h
@@ -1060,6 +1060,7 @@ int split_cmdline(char *cmdline, const char ***argv);
/* git.c */
struct startup_info {
const char *prefix;
+ int have_run_setup_gitdir;
int have_repository;
int help;
};
diff --git a/config.c b/config.c
index 07d854a..9981b09 100644
--- a/config.c
+++ b/config.c
@@ -737,6 +737,8 @@ int git_config(config_fn_t fn, void *data)
char *repo_config = NULL;
int ret;
+ if (startup_info && !startup_info->have_run_setup_gitdir)
+ die("internal error: access to .git/config without repo setup");
if (!startup_info || startup_info->have_repository)
repo_config = git_pathdup("config");
ret = git_config_early(fn, data, repo_config);
diff --git a/environment.c b/environment.c
index 6127025..17f0cbe 100644
--- a/environment.c
+++ b/environment.c
@@ -98,9 +98,18 @@ void unset_git_env(void)
static void setup_git_env(void)
{
+ if (startup_info && startup_info->have_run_setup_gitdir)
+ die("internal error: setup_git_env can't be called twice");
git_dir = getenv(GIT_DIR_ENVIRONMENT);
- if (!git_dir)
- git_dir = read_gitfile_gently(DEFAULT_GIT_DIR_ENVIRONMENT);
+ if (!git_dir) {
+ /*
+ * Repo detection should be done by setup_git_directory*
+ * or enter_repo, not by this function
+ */
+ if (startup_info)
+ die("internal error: $GIT_DIR is empty");
+ git_dir = read_gitfile_gently(DEFAULT_GIT_DIR_ENVIRONMENT);
+ }
if (!git_dir)
git_dir = DEFAULT_GIT_DIR_ENVIRONMENT;
git_object_dir = getenv(DB_ENVIRONMENT);
diff --git a/git.c b/git.c
index 88aaf13..5f7f410 100644
--- a/git.c
+++ b/git.c
@@ -260,6 +260,9 @@ static int run_builtin(struct cmd_struct *p, int argc, const char **argv)
use_pager = 1;
}
}
+ else
+ /* Stop git_config() from complaining that no repository found. */
+ startup_info->have_run_setup_gitdir = 1;
commit_pager_choice();
if (!startup_info->help && p->option & NEED_WORK_TREE)
diff --git a/setup.c b/setup.c
index 1808ebe..d9bb616 100644
--- a/setup.c
+++ b/setup.c
@@ -237,7 +237,17 @@ void setup_work_tree(void)
git_dir = make_absolute_path(git_dir);
if (!work_tree || chdir(work_tree))
die("This operation must be run in a work tree");
+
+ /*
+ * have_run_setup_gitdir is unset in order to avoid die()ing
+ * inside set_git_env(). We don't actually initialize
+ * repo twice, we're just relative-izing gitdir
+ */
+ if (startup_info)
+ startup_info->have_run_setup_gitdir = 0;
set_git_dir(make_relative_path(git_dir, work_tree));
+ if (startup_info)
+ startup_info->have_run_setup_gitdir = 1;
initialized = 1;
}
@@ -340,6 +350,7 @@ void unset_git_directory(const char *prefix)
unset_git_env();
startup_info->prefix = NULL;
startup_info->have_repository = 0;
+ startup_info->have_run_setup_gitdir = 0;
}
/* Initialized in setup_git_directory_gently_1() */
@@ -506,6 +517,7 @@ const char *setup_git_directory_gently(int *nongit_ok)
prefix = setup_git_directory_gently_1(nongit_ok);
if (startup_info) {
startup_info->prefix = prefix;
+ startup_info->have_run_setup_gitdir = 1;
startup_info->have_repository = !nongit_ok || !*nongit_ok;
}
return prefix;
@@ -600,6 +612,7 @@ char *enter_repo(char *path, int strict)
set_git_dir(".");
if (startup_info) {
startup_info->prefix = NULL;
+ startup_info->have_run_setup_gitdir = 1;
startup_info->have_repository = 1;
}
return path;
--
1.7.0.2.425.gb99f1
prev parent reply other threads:[~2010-03-21 10:36 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-21 10:30 [PATCH v2 00/19] nd/setup part two, second round Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 01/19] Move enter_repo() to setup.c Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 02/19] enter_repo(): initialize other variables as setup_git_directory_gently() does Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 03/19] rev-parse --git-dir: print relative gitdir correctly Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 04/19] worktree setup: call set_git_dir explicitly Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 05/19] Add git_config_early() Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 06/19] Use git_config_early() instead of git_config() during repo setup Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 07/19] worktree setup: restore original state when things go wrong Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 08/19] init/clone: turn on startup->have_repository properly Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 09/19] git_config(): do not read .git/config if there is no repository Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 10/19] Do not read .git/info/exclude " Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 11/19] Do not read .git/info/attributes " Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 12/19] apply: do not check sha1 when repository has not been found Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 13/19] config: do not read .git/config if there is no repository Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 14/19] run_builtin(): save "-h" detection result for later use Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 15/19] builtins: utilize startup_info->help where possible Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 16/19] builtins: check for startup_info->help, print and exit early Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 17/19] Allow to undo setup_git_directory_gently() gracefully (and fix alias code) Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` [PATCH v2 18/19] alias: keep repository found while collecting aliases as long as possible Nguyễn Thái Ngọc Duy
2010-03-21 10:30 ` Nguyễn Thái Ngọc Duy [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1269167446-7799-20-git-send-email-pclouds@gmail.com \
--to=pclouds@gmail.com \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).