From: "Nguyễn Thái Ngọc Duy" <pclouds@gmail•com>
To: git@vger•kernel.org
Cc: "Nguyễn Thái Ngọc Duy" <pclouds@gmail•com>
Subject: [PATCH 16/16] Guard unallowed access to repository when it's not set up
Date: Thu, 11 Mar 2010 20:22:34 +0700 [thread overview]
Message-ID: <1268313754-28179-17-git-send-email-pclouds@gmail.com> (raw)
In-Reply-To: <1268313754-28179-1-git-send-email-pclouds@gmail.com>
Many code path will skip repo access if startup_info->have_repository
is false. This may be a fault if startup_info->have_repository has not
been properly initialized.
So the rule is one of the following commands must be run before any
repo access. And none of them can be called twice.
- setup_git_directory*
- enter_repo
- init_db
Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail•com>
---
builtin/init-db.c | 1 +
cache.h | 1 +
config.c | 2 ++
environment.c | 13 +++++++++++--
setup.c | 13 +++++++++++++
5 files changed, 28 insertions(+), 2 deletions(-)
diff --git a/builtin/init-db.c b/builtin/init-db.c
index 064b919..d4c415c 100644
--- a/builtin/init-db.c
+++ b/builtin/init-db.c
@@ -302,6 +302,7 @@ int init_db(const char *git_dir, const char *template_dir, unsigned int flags)
set_git_dir(make_absolute_path(git_dir));
startup_info->have_repository = 1;
+ startup_info->have_run_setup_gitdir = 1;
safe_create_dir(get_git_dir(), 0);
diff --git a/cache.h b/cache.h
index bd9df24..1a6ae8c 100644
--- a/cache.h
+++ b/cache.h
@@ -1060,6 +1060,7 @@ int split_cmdline(char *cmdline, const char ***argv);
/* git.c */
struct startup_info {
const char *prefix;
+ int have_run_setup_gitdir;
int have_repository;
};
extern struct startup_info *startup_info;
diff --git a/config.c b/config.c
index 07d854a..9981b09 100644
--- a/config.c
+++ b/config.c
@@ -737,6 +737,8 @@ int git_config(config_fn_t fn, void *data)
char *repo_config = NULL;
int ret;
+ if (startup_info && !startup_info->have_run_setup_gitdir)
+ die("internal error: access to .git/config without repo setup");
if (!startup_info || startup_info->have_repository)
repo_config = git_pathdup("config");
ret = git_config_early(fn, data, repo_config);
diff --git a/environment.c b/environment.c
index 6127025..17f0cbe 100644
--- a/environment.c
+++ b/environment.c
@@ -98,9 +98,18 @@ void unset_git_env(void)
static void setup_git_env(void)
{
+ if (startup_info && startup_info->have_run_setup_gitdir)
+ die("internal error: setup_git_env can't be called twice");
git_dir = getenv(GIT_DIR_ENVIRONMENT);
- if (!git_dir)
- git_dir = read_gitfile_gently(DEFAULT_GIT_DIR_ENVIRONMENT);
+ if (!git_dir) {
+ /*
+ * Repo detection should be done by setup_git_directory*
+ * or enter_repo, not by this function
+ */
+ if (startup_info)
+ die("internal error: $GIT_DIR is empty");
+ git_dir = read_gitfile_gently(DEFAULT_GIT_DIR_ENVIRONMENT);
+ }
if (!git_dir)
git_dir = DEFAULT_GIT_DIR_ENVIRONMENT;
git_object_dir = getenv(DB_ENVIRONMENT);
diff --git a/setup.c b/setup.c
index 3264187..96af5e3 100644
--- a/setup.c
+++ b/setup.c
@@ -237,7 +237,17 @@ void setup_work_tree(void)
git_dir = make_absolute_path(git_dir);
if (!work_tree || chdir(work_tree))
die("This operation must be run in a work tree");
+
+ /*
+ * have_run_setup_gitdir is unset in order to avoid die()ing
+ * inside set_git_env(). We don't actually initialize
+ * repo twice, we're just relative-izing gitdir
+ */
+ if (startup_info)
+ startup_info->have_run_setup_gitdir = 0;
set_git_dir(make_relative_path(git_dir, work_tree));
+ if (startup_info)
+ startup_info->have_run_setup_gitdir = 1;
initialized = 1;
}
@@ -333,6 +343,7 @@ void unset_git_directory(const char *prefix)
unset_git_env();
startup_info->prefix = NULL;
startup_info->have_repository = 0;
+ startup_info->have_run_setup_gitdir = 0;
}
/* Initialized in setup_git_directory_gently_1() */
@@ -499,6 +510,7 @@ const char *setup_git_directory_gently(int *nongit_ok)
prefix = setup_git_directory_gently_1(nongit_ok);
if (startup_info) {
startup_info->prefix = prefix;
+ startup_info->have_run_setup_gitdir = 1;
startup_info->have_repository = !nongit_ok || !*nongit_ok;
}
return prefix;
@@ -593,6 +605,7 @@ char *enter_repo(char *path, int strict)
set_git_dir(".");
if (startup_info) {
startup_info->prefix = NULL;
+ startup_info->have_run_setup_gitdir = 1;
startup_info->have_repository = 1;
}
return path;
--
1.7.0.1.384.g6abcaa
prev parent reply other threads:[~2010-03-11 13:24 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-11 13:22 [PATCH 00/16] nd/setup part two Nguyễn Thái Ngọc Duy
2010-03-11 13:22 ` [PATCH 01/16] Move enter_repo() to setup.c Nguyễn Thái Ngọc Duy
2010-03-11 13:22 ` [PATCH 02/16] enter_repo(): initialize other variables as setup_git_directory_gently() does Nguyễn Thái Ngọc Duy
2010-03-11 13:22 ` [PATCH 03/16] rev-parse --git-dir: print relative gitdir correctly Nguyễn Thái Ngọc Duy
2010-03-11 13:22 ` [PATCH 04/16] worktree setup: call set_git_dir explicitly Nguyễn Thái Ngọc Duy
2010-03-11 21:24 ` Junio C Hamano
[not found] ` <fcaeb9bf1003111645p54f42aaetbb622f8bde0ec8ad@mail.gmail.com>
2010-03-20 8:10 ` Nguyen Thai Ngoc Duy
2010-03-11 13:22 ` [PATCH 05/16] Add git_config_early() Nguyễn Thái Ngọc Duy
2010-03-11 13:22 ` [PATCH 06/16] Use git_config_early() instead of git_config() during repo setup Nguyễn Thái Ngọc Duy
2010-03-12 3:35 ` Nguyen Thai Ngoc Duy
2010-03-11 13:22 ` [PATCH 07/16] worktree setup: restore original state when things go wrong Nguyễn Thái Ngọc Duy
2010-03-11 13:22 ` [PATCH 08/16] init/clone: turn on startup->have_repository properly Nguyễn Thái Ngọc Duy
2010-03-11 13:22 ` [PATCH 09/16] git_config(): do not read .git/config if there is no repository Nguyễn Thái Ngọc Duy
2010-03-11 13:22 ` [PATCH 10/16] Do not read .git/info/exclude " Nguyễn Thái Ngọc Duy
2010-03-11 13:22 ` [PATCH 11/16] Do not read .git/info/attributes " Nguyễn Thái Ngọc Duy
2010-03-11 13:22 ` [PATCH 12/16] apply: do not check sha1 when repository has not been found Nguyễn Thái Ngọc Duy
2010-03-11 13:22 ` [PATCH 13/16] config: do not read .git/config if there is no repository Nguyễn Thái Ngọc Duy
2010-03-11 13:22 ` [PATCH 14/16] Allow to undo setup_git_directory_gently() gracefully (and fix alias code) Nguyễn Thái Ngọc Duy
2010-03-11 13:22 ` [PATCH 15/16] alias: keep repository found while collecting aliases as long as possible Nguyễn Thái Ngọc Duy
2010-03-11 13:22 ` Nguyễn Thái Ngọc Duy [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1268313754-28179-17-git-send-email-pclouds@gmail.com \
--to=pclouds@gmail$(echo .)com \
--cc=git@vger$(echo .)kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox