From: "Nguyễn Thái Ngọc Duy" <pclouds@gmail.com>
To: git@vger.kernel.org, Junio C Hamano <gitster@pobox.com>,
Jonathan Niedier <jrnieder@gmail.com>
Cc: "Nguyễn Thái Ngọc Duy" <pclouds@gmail.com>
Subject: [PATCH 40/43] Guard unallowed access to repository when it's not set up
Date: Mon, 5 Apr 2010 20:41:25 +0200 [thread overview]
Message-ID: <1270492888-26589-41-git-send-email-pclouds@gmail.com> (raw)
In-Reply-To: <1270492888-26589-1-git-send-email-pclouds@gmail.com>
Many code path will skip repo access if startup_info->have_repository
is false. This may be a fault if startup_info->have_repository has not
been properly initialized.
So the rule is one of the following commands must be run before any
repo access. And none of them can be called twice.
- setup_git_directory*
- enter_repo
- init_db
Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
---
builtin/init-db.c | 1 +
cache.h | 1 +
config.c | 2 ++
environment.c | 13 +++++++++++--
git.c | 16 +++++++++++-----
setup.c | 13 +++++++++++++
6 files changed, 39 insertions(+), 7 deletions(-)
diff --git a/builtin/init-db.c b/builtin/init-db.c
index 064b919..d4c415c 100644
--- a/builtin/init-db.c
+++ b/builtin/init-db.c
@@ -302,6 +302,7 @@ int init_db(const char *git_dir, const char *template_dir, unsigned int flags)
set_git_dir(make_absolute_path(git_dir));
startup_info->have_repository = 1;
+ startup_info->have_run_setup_gitdir = 1;
safe_create_dir(get_git_dir(), 0);
diff --git a/cache.h b/cache.h
index 137edac..1e6fd56 100644
--- a/cache.h
+++ b/cache.h
@@ -1067,6 +1067,7 @@ int checkout_fast_forward(const unsigned char *from, const unsigned char *to);
/* git.c */
struct startup_info {
const char *prefix;
+ int have_run_setup_gitdir;
int have_repository;
int help;
};
diff --git a/config.c b/config.c
index 07d854a..9981b09 100644
--- a/config.c
+++ b/config.c
@@ -737,6 +737,8 @@ int git_config(config_fn_t fn, void *data)
char *repo_config = NULL;
int ret;
+ if (startup_info && !startup_info->have_run_setup_gitdir)
+ die("internal error: access to .git/config without repo setup");
if (!startup_info || startup_info->have_repository)
repo_config = git_pathdup("config");
ret = git_config_early(fn, data, repo_config);
diff --git a/environment.c b/environment.c
index 6127025..17f0cbe 100644
--- a/environment.c
+++ b/environment.c
@@ -98,9 +98,18 @@ void unset_git_env(void)
static void setup_git_env(void)
{
+ if (startup_info && startup_info->have_run_setup_gitdir)
+ die("internal error: setup_git_env can't be called twice");
git_dir = getenv(GIT_DIR_ENVIRONMENT);
- if (!git_dir)
- git_dir = read_gitfile_gently(DEFAULT_GIT_DIR_ENVIRONMENT);
+ if (!git_dir) {
+ /*
+ * Repo detection should be done by setup_git_directory*
+ * or enter_repo, not by this function
+ */
+ if (startup_info)
+ die("internal error: $GIT_DIR is empty");
+ git_dir = read_gitfile_gently(DEFAULT_GIT_DIR_ENVIRONMENT);
+ }
if (!git_dir)
git_dir = DEFAULT_GIT_DIR_ENVIRONMENT;
git_object_dir = getenv(DB_ENVIRONMENT);
diff --git a/git.c b/git.c
index d6513f1..43cebd7 100644
--- a/git.c
+++ b/git.c
@@ -245,11 +245,14 @@ static int run_builtin(struct cmd_struct *p, int argc, const char **argv)
int nongit_ok;
setup_git_directory_gently(&nongit_ok);
}
- else if (startup_info->have_repository) {
- if (p->option & (RUN_SETUP_GENTLY | RUN_SETUP))
- ; /* done already */
- else
- unset_git_directory(startup_info->prefix);
+ else if (startup_info->have_run_setup_gitdir) {
+ if (startup_info->have_repository) {
+ if (p->option & (RUN_SETUP_GENTLY | RUN_SETUP))
+ ; /* done already */
+ else
+ unset_git_directory(startup_info->prefix);
+ }
+ startup_info->have_run_setup_gitdir = 0;
}
if (use_pager == -1 && p->option & RUN_SETUP)
@@ -260,6 +263,9 @@ static int run_builtin(struct cmd_struct *p, int argc, const char **argv)
use_pager = 1;
}
}
+ else
+ /* Stop git_config() from complaining that no repository found. */
+ startup_info->have_run_setup_gitdir = 1;
commit_pager_choice();
if (!startup_info->help && p->option & NEED_WORK_TREE)
diff --git a/setup.c b/setup.c
index b0269aa..89757fc 100644
--- a/setup.c
+++ b/setup.c
@@ -237,7 +237,17 @@ void setup_work_tree(void)
git_dir = make_absolute_path(git_dir);
if (!work_tree || chdir(work_tree))
die("This operation must be run in a work tree");
+
+ /*
+ * have_run_setup_gitdir is unset in order to avoid die()ing
+ * inside set_git_env(). We don't actually initialize
+ * repo twice, we're just relative-izing gitdir
+ */
+ if (startup_info)
+ startup_info->have_run_setup_gitdir = 0;
set_git_dir(make_relative_path(git_dir, work_tree));
+ if (startup_info)
+ startup_info->have_run_setup_gitdir = 1;
initialized = 1;
}
@@ -340,6 +350,7 @@ void unset_git_directory(const char *prefix)
unset_git_env();
startup_info->prefix = NULL;
startup_info->have_repository = 0;
+ startup_info->have_run_setup_gitdir = 0;
}
/* Initialized in setup_git_directory_gently_1() */
@@ -515,6 +526,7 @@ const char *setup_git_directory_gently(int *nongit_ok)
prefix = setup_git_directory_gently_1(nongit_ok);
if (startup_info) {
startup_info->prefix = prefix;
+ startup_info->have_run_setup_gitdir = 1;
startup_info->have_repository = !nongit_ok || !*nongit_ok;
}
return prefix;
@@ -609,6 +621,7 @@ char *enter_repo(char *path, int strict)
set_git_dir(".");
if (startup_info) {
startup_info->prefix = NULL;
+ startup_info->have_run_setup_gitdir = 1;
startup_info->have_repository = 1;
}
return path;
--
1.7.0.rc1.541.g2da82.dirty
next prev parent reply other threads:[~2010-04-05 18:44 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-04-05 18:40 [PATCH 00/43] nd/setup update Nguyễn Thái Ngọc Duy
2010-04-05 18:40 ` [PATCH 01/43] builtin: introduce startup_info struct Nguyễn Thái Ngọc Duy
2010-04-05 18:40 ` [PATCH 02/43] builtin: Support RUN_SETUP_GENTLY to set up repository early if found Nguyễn Thái Ngọc Duy
2010-04-05 18:40 ` [PATCH 03/43] config: use RUN_SETUP_GENTLY Nguyễn Thái Ngọc Duy
2010-04-05 18:40 ` [PATCH 04/43] hash-object: " Nguyễn Thái Ngọc Duy
2010-04-05 18:40 ` [PATCH 05/43] shortlog: " Nguyễn Thái Ngọc Duy
2010-04-05 18:40 ` [PATCH 06/43] grep: " Nguyễn Thái Ngọc Duy
2010-04-05 18:40 ` [PATCH 07/43] builtin: USE_PAGER should not be used without RUN_SETUP* Nguyễn Thái Ngọc Duy
2010-04-05 18:40 ` [PATCH 08/43] archive: use RUN_SETUP_GENTLY Nguyễn Thái Ngọc Duy
2010-04-05 18:40 ` [PATCH 09/43] mailinfo: " Nguyễn Thái Ngọc Duy
2010-04-05 18:40 ` [PATCH 10/43] check-ref-format: " Nguyễn Thái Ngọc Duy
2010-04-05 18:40 ` [PATCH 11/43] verify-pack: " Nguyễn Thái Ngọc Duy
2010-04-05 18:40 ` [PATCH 12/43] apply: " Nguyễn Thái Ngọc Duy
2010-04-05 18:40 ` [PATCH 13/43] bundle: " Nguyễn Thái Ngọc Duy
2010-04-05 18:40 ` [PATCH 14/43] diff: " Nguyễn Thái Ngọc Duy
2010-04-05 18:41 ` [PATCH 15/43] help: take note why this command is not applicable for RUN_SETUP_GENTLY Nguyễn Thái Ngọc Duy
2010-04-05 18:41 ` [PATCH 16/43] ls-remote: use RUN_SETUP_GENTLY Nguyễn Thái Ngọc Duy
2010-04-05 18:41 ` [PATCH 17/43] var: " Nguyễn Thái Ngọc Duy
2010-04-05 18:41 ` [PATCH 18/43] merge-file: " Nguyễn Thái Ngọc Duy
2010-04-05 18:41 ` [PATCH 19/43] worktree setup: calculate prefix even if no worktree is found Nguyễn Thái Ngọc Duy
2010-04-05 18:41 ` [PATCH 20/43] index-pack: trust the prefix returned by setup_git_directory_gently() Nguyễn Thái Ngọc Duy
2010-04-05 18:41 ` [PATCH 21/43] index-pack: use RUN_SETUP_GENTLY Nguyễn Thái Ngọc Duy
2010-04-05 18:41 ` [PATCH 22/43] Move enter_repo() to setup.c Nguyễn Thái Ngọc Duy
2010-04-05 18:41 ` [PATCH 23/43] enter_repo(): initialize other variables as setup_git_directory_gently() does Nguyễn Thái Ngọc Duy
2010-04-05 18:41 ` [PATCH 24/43] rev-parse --git-dir: print relative gitdir correctly Nguyễn Thái Ngọc Duy
2010-04-05 18:41 ` [PATCH 25/43] worktree setup: call set_git_dir explicitly Nguyễn Thái Ngọc Duy
2010-04-05 18:41 ` [PATCH 26/43] Add git_config_early() Nguyễn Thái Ngọc Duy
2010-04-05 18:41 ` [PATCH 27/43] Use git_config_early() instead of git_config() during repo setup Nguyễn Thái Ngọc Duy
2010-04-05 18:41 ` [PATCH 28/43] worktree setup: restore original state when things go wrong Nguyễn Thái Ngọc Duy
2010-04-05 18:41 ` [PATCH 29/43] init/clone: turn on startup->have_repository properly Nguyễn Thái Ngọc Duy
2010-04-05 18:41 ` [PATCH 30/43] git_config(): do not read .git/config if there is no repository Nguyễn Thái Ngọc Duy
2010-04-05 18:41 ` [PATCH 31/43] Do not read .git/info/exclude " Nguyễn Thái Ngọc Duy
2010-04-05 18:41 ` [PATCH 32/43] Do not read .git/info/attributes " Nguyễn Thái Ngọc Duy
2010-04-05 18:41 ` [PATCH 33/43] apply: do not check sha1 " Nguyễn Thái Ngọc Duy
2010-04-05 18:41 ` [PATCH 34/43] config: do not read .git/config " Nguyễn Thái Ngọc Duy
2010-04-05 18:41 ` [PATCH 35/43] run_builtin(): save "-h" detection result for later use Nguyễn Thái Ngọc Duy
2010-04-05 18:41 ` [PATCH 36/43] builtins: utilize startup_info->help where possible Nguyễn Thái Ngọc Duy
2010-04-05 18:41 ` [PATCH 37/43] builtins: check for startup_info->help, print and exit early Nguyễn Thái Ngọc Duy
2010-04-05 18:41 ` [PATCH 38/43] Allow to undo setup_git_directory_gently() gracefully (and fix alias code) Nguyễn Thái Ngọc Duy
2010-04-05 18:41 ` [PATCH 39/43] alias: keep repository found while collecting aliases as long as possible Nguyễn Thái Ngọc Duy
2010-04-05 18:41 ` Nguyễn Thái Ngọc Duy [this message]
2010-04-05 18:41 ` [PATCH 41/43] t0001: Add test cases for "git init" with aliases Nguyễn Thái Ngọc Duy
2010-04-05 18:41 ` [PATCH 42/43] builtins: setup repository before print unknown command error Nguyễn Thái Ngọc Duy
2010-04-05 18:41 ` [PATCH 43/43] builtins: do not commit pager choice early Nguyễn Thái Ngọc Duy
2010-04-06 4:01 ` [PATCH 0/2] fix weird git --paginate behavior Jonathan Nieder
2010-04-06 4:03 ` [PATCH 1/2] t7006: test core.pager configuration in subdir of toplevel Jonathan Nieder
2010-04-06 4:06 ` [PATCH 2/2] builtins: do not commit pager choice early Jonathan Nieder
2010-04-06 4:16 ` Jonathan Nieder
2010-04-06 7:00 ` [PATCH 0/2] fix weird git --paginate behavior Nguyen Thai Ngoc Duy
2010-04-06 7:17 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1270492888-26589-41-git-send-email-pclouds@gmail.com \
--to=pclouds@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=jrnieder@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).