Bug Summary

File:/usr/ports/src/got/libexec/got-read-tree/../../lib/privsep.c
Warning:line 1110, column 3
Value stored to 'len' is never read

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -triple amd64-unknown-openbsd6.6 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name privsep.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -mrelocation-model pic -pic-level 1 -pic-is-pie -mthread-model posix -mdisable-fp-elim -relaxed-aliasing -masm-verbose -mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -dwarf-column-info -debugger-tuning=gdb -resource-dir /usr/local/lib/clang/8.0.1 -I /usr/ports/src/got/libexec/got-read-tree/../../include -I /usr/ports/src/got/libexec/got-read-tree/../../lib -D GOT_LIBEXECDIR=/root/bin -D GOT_VERSION=0.19-current -O0 -fdebug-compilation-dir /usr/ports/src/got/libexec/got-read-tree -ferror-limit 19 -fmessage-length 0 -fwrapv -D_RET_PROTECTOR -ret-protector -fobjc-runtime=gnustep -fdiagnostics-show-option -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -o /tmp/scan-build-2019-10-25-192004-30128-1 -x c /usr/ports/src/got/libexec/got-read-tree/../../lib/privsep.c -faddrsig
1/*
2 * Copyright (c) 2018, 2019 Stefan Sperling <stsp@openbsd.org>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16
17#include <sys/types.h>
18#include <sys/queue.h>
19#include <sys/uio.h>
20#include <sys/syslimits.h>
21#include <sys/wait.h>
22
23#include <stdio.h>
24#include <stdlib.h>
25#include <string.h>
26#include <errno(*__errno()).h>
27#include <stdint.h>
28#include <poll.h>
29#include <imsg.h>
30#include <sha1.h>
31#include <zlib.h>
32#include <time.h>
33
34#include "got_object.h"
35#include "got_error.h"
36
37#include "got_lib_sha1.h"
38#include "got_lib_delta.h"
39#include "got_lib_inflate.h"
40#include "got_lib_object.h"
41#include "got_lib_object_parse.h"
42#include "got_lib_privsep.h"
43#include "got_lib_pack.h"
44
45#ifndef MIN
46#define MIN(_a,_b)((_a) < (_b) ? (_a) : (_b)) ((_a) < (_b) ? (_a) : (_b))
47#endif
48
49#ifndef nitems
50#define nitems(_a)(sizeof((_a)) / sizeof((_a)[0])) (sizeof((_a)) / sizeof((_a)[0]))
51#endif
52
53static const struct got_error *
54poll_fd(int fd, int events, int timeout)
55{
56 struct pollfd pfd[1];
57 int n;
58
59 pfd[0].fd = fd;
60 pfd[0].events = events;
61
62 n = poll(pfd, 1, timeout);
63 if (n == -1)
64 return got_error_from_errno("poll");
65 if (n == 0)
66 return got_error(GOT_ERR_TIMEOUT33);
67 if (pfd[0].revents & (POLLERR0x0008 | POLLNVAL0x0020))
68 return got_error_from_errno("poll error");
69 if (pfd[0].revents & (events | POLLHUP0x0010))
70 return NULL((void *)0);
71
72 return got_error(GOT_ERR_INTERRUPT34);
73}
74
75static const struct got_error *
76read_imsg(struct imsgbuf *ibuf)
77{
78 const struct got_error *err;
79 size_t n;
80
81 err = poll_fd(ibuf->fd, POLLIN0x0001, INFTIM(-1));
82 if (err)
83 return err;
84
85 n = imsg_read(ibuf);
86 if (n == -1) {
87 if (errno(*__errno()) == EAGAIN35) /* Could be a file-descriptor leak. */
88 return got_error(GOT_ERR_PRIVSEP_NO_FD38);
89 return got_error(GOT_ERR_PRIVSEP_READ35);
90 }
91 if (n == 0)
92 return got_error(GOT_ERR_PRIVSEP_PIPE37);
93
94 return NULL((void *)0);
95}
96
97const struct got_error *
98got_privsep_wait_for_child(pid_t pid)
99{
100 int child_status;
101
102 if (waitpid(pid, &child_status, 0) == -1)
103 return got_error_from_errno("waitpid");
104
105 if (!WIFEXITED(child_status)(((child_status) & 0177) == 0))
106 return got_error(GOT_ERR_PRIVSEP_DIED40);
107
108 if (WEXITSTATUS(child_status)(int)(((unsigned)(child_status) >> 8) & 0xff) != 0)
109 return got_error(GOT_ERR_PRIVSEP_EXIT41);
110
111 return NULL((void *)0);
112}
113
114static const struct got_error *
115recv_imsg_error(struct imsg *imsg, size_t datalen)
116{
117 struct got_imsg_error *ierr;
118
119 if (datalen != sizeof(*ierr))
120 return got_error(GOT_ERR_PRIVSEP_LEN36);
121
122 ierr = imsg->data;
123 if (ierr->code == GOT_ERR_ERRNO1) {
124 static struct got_error serr;
125 serr.code = GOT_ERR_ERRNO1;
126 serr.msg = strerror(ierr->errno_code);
127 return &serr;
128 }
129
130 return got_error(ierr->code);
131}
132
133const struct got_error *
134got_privsep_recv_imsg(struct imsg *imsg, struct imsgbuf *ibuf,
135 size_t min_datalen)
136{
137 const struct got_error *err;
138 ssize_t n;
139
140 n = imsg_get(ibuf, imsg);
141 if (n == -1)
142 return got_error_from_errno("imsg_get");
143
144 while (n == 0) {
145 err = read_imsg(ibuf);
146 if (err)
147 return err;
148 n = imsg_get(ibuf, imsg);
149 }
150
151 if (imsg->hdr.len < IMSG_HEADER_SIZEsizeof(struct imsg_hdr) + min_datalen)
152 return got_error(GOT_ERR_PRIVSEP_LEN36);
153
154 if (imsg->hdr.type == GOT_IMSG_ERROR) {
155 size_t datalen = imsg->hdr.len - IMSG_HEADER_SIZEsizeof(struct imsg_hdr);
156 return recv_imsg_error(imsg, datalen);
157 }
158
159 return NULL((void *)0);
160}
161
162/* Attempt to send an error in an imsg. Complain on stderr as a last resort. */
163void
164got_privsep_send_error(struct imsgbuf *ibuf, const struct got_error *err)
165{
166 const struct got_error *poll_err;
167 struct got_imsg_error ierr;
168 int ret;
169
170 ierr.code = err->code;
171 if (err->code == GOT_ERR_ERRNO1)
172 ierr.errno_code = errno(*__errno());
173 else
174 ierr.errno_code = 0;
175 ret = imsg_compose(ibuf, GOT_IMSG_ERROR, 0, 0, -1, &ierr, sizeof(ierr));
176 if (ret == -1) {
177 fprintf(stderr(&__sF[2]), "%s: error %d \"%s\": imsg_compose: %s\n",
178 getprogname(), err->code, err->msg, strerror(errno(*__errno())));
179 return;
180 }
181
182 poll_err = poll_fd(ibuf->fd, POLLOUT0x0004, INFTIM(-1));
183 if (poll_err) {
184 fprintf(stderr(&__sF[2]), "%s: error %d \"%s\": poll: %s\n",
185 getprogname(), err->code, err->msg, poll_err->msg);
186 return;
187 }
188
189 ret = imsg_flush(ibuf);
190 if (ret == -1) {
191 fprintf(stderr(&__sF[2]), "%s: error %d \"%s\": imsg_flush: %s\n",
192 getprogname(), err->code, err->msg, strerror(errno(*__errno())));
193 return;
194 }
195}
196
197static const struct got_error *
198flush_imsg(struct imsgbuf *ibuf)
199{
200 const struct got_error *err;
201
202 err = poll_fd(ibuf->fd, POLLOUT0x0004, INFTIM(-1));
203 if (err)
204 return err;
205
206 if (imsg_flush(ibuf) == -1)
207 return got_error_from_errno("imsg_flush");
208
209 return NULL((void *)0);
210}
211
212const struct got_error *
213got_privsep_send_stop(int fd)
214{
215 const struct got_error *err = NULL((void *)0);
216 struct imsgbuf ibuf;
217
218 imsg_init(&ibuf, fd);
219
220 if (imsg_compose(&ibuf, GOT_IMSG_STOP, 0, 0, -1, NULL((void *)0), 0) == -1)
221 return got_error_from_errno("imsg_compose STOP");
222
223 err = flush_imsg(&ibuf);
224 imsg_clear(&ibuf);
225 return err;
226}
227
228const struct got_error *
229got_privsep_send_obj_req(struct imsgbuf *ibuf, int fd)
230{
231 if (imsg_compose(ibuf, GOT_IMSG_OBJECT_REQUEST, 0, 0, fd, NULL((void *)0), 0)
232 == -1)
233 return got_error_from_errno("imsg_compose OBJECT_REQUEST");
234
235 return flush_imsg(ibuf);
236}
237
238const struct got_error *
239got_privsep_send_commit_req(struct imsgbuf *ibuf, int fd,
240 struct got_object_id *id, int pack_idx)
241{
242 const struct got_error *err = NULL((void *)0);
243 struct got_imsg_packed_object iobj, *iobjp;
244 size_t len;
245
246 if (id) { /* commit is packed */
247 iobj.idx = pack_idx;
248 memcpy(iobj.id, id->sha1, sizeof(iobj.id));
249 iobjp = &iobj;
250 len = sizeof(iobj);
251 } else {
252 iobjp = NULL((void *)0);
253 len = 0;
254 }
255
256 if (imsg_compose(ibuf, GOT_IMSG_COMMIT_REQUEST, 0, 0, fd, iobjp, len)
257 == -1) {
258 err = got_error_from_errno("imsg_compose COMMIT_REQUEST");
259 close(fd);
260 return err;
261 }
262
263 return flush_imsg(ibuf);
264}
265
266const struct got_error *
267got_privsep_send_tree_req(struct imsgbuf *ibuf, int fd,
268 struct got_object_id *id, int pack_idx)
269{
270 const struct got_error *err = NULL((void *)0);
271 struct got_imsg_packed_object iobj, *iobjp;
272 size_t len;
273
274 if (id) { /* tree is packed */
275 iobj.idx = pack_idx;
276 memcpy(iobj.id, id->sha1, sizeof(iobj.id));
277 iobjp = &iobj;
278 len = sizeof(iobj);
279 } else {
280 iobjp = NULL((void *)0);
281 len = 0;
282 }
283
284 if (imsg_compose(ibuf, GOT_IMSG_TREE_REQUEST, 0, 0, fd, iobjp, len)
285 == -1) {
286 err = got_error_from_errno("imsg_compose TREE_REQUEST");
287 close(fd);
288 return err;
289 }
290
291 return flush_imsg(ibuf);
292}
293
294const struct got_error *
295got_privsep_send_tag_req(struct imsgbuf *ibuf, int fd,
296 struct got_object_id *id, int pack_idx)
297{
298 struct got_imsg_packed_object iobj, *iobjp;
299 size_t len;
300
301 if (id) { /* tag is packed */
302 iobj.idx = pack_idx;
303 memcpy(iobj.id, id->sha1, sizeof(iobj.id));
304 iobjp = &iobj;
305 len = sizeof(iobj);
306 } else {
307 iobjp = NULL((void *)0);
308 len = 0;
309 }
310
311 if (imsg_compose(ibuf, GOT_IMSG_TAG_REQUEST, 0, 0, fd, iobjp, len)
312 == -1)
313 return got_error_from_errno("imsg_compose TAG_REQUEST");
314
315 return flush_imsg(ibuf);
316}
317
318const struct got_error *
319got_privsep_send_blob_req(struct imsgbuf *ibuf, int infd,
320 struct got_object_id *id, int pack_idx)
321{
322 const struct got_error *err = NULL((void *)0);
323 struct got_imsg_packed_object iobj, *iobjp;
324 size_t len;
325
326 if (id) { /* blob is packed */
327 iobj.idx = pack_idx;
328 memcpy(iobj.id, id->sha1, sizeof(iobj.id));
329 iobjp = &iobj;
330 len = sizeof(iobj);
331 } else {
332 iobjp = NULL((void *)0);
333 len = 0;
334 }
335
336 if (imsg_compose(ibuf, GOT_IMSG_BLOB_REQUEST, 0, 0, infd, iobjp, len)
337 == -1) {
338 err = got_error_from_errno("imsg_compose BLOB_REQUEST");
339 close(infd);
340 return err;
341 }
342
343 return flush_imsg(ibuf);
344}
345
346const struct got_error *
347got_privsep_send_blob_outfd(struct imsgbuf *ibuf, int outfd)
348{
349 const struct got_error *err = NULL((void *)0);
350
351 if (imsg_compose(ibuf, GOT_IMSG_BLOB_OUTFD, 0, 0, outfd, NULL((void *)0), 0)
352 == -1) {
353 err = got_error_from_errno("imsg_compose BLOB_OUTFD");
354 close(outfd);
355 return err;
356 }
357
358 return flush_imsg(ibuf);
359}
360
361const struct got_error *
362got_privsep_send_tmpfd(struct imsgbuf *ibuf, int fd)
363{
364 const struct got_error *err = NULL((void *)0);
365
366 if (imsg_compose(ibuf, GOT_IMSG_TMPFD, 0, 0, fd, NULL((void *)0), 0)
367 == -1) {
368 err = got_error_from_errno("imsg_compose TMPFD");
369 close(fd);
370 return err;
371 }
372
373 return flush_imsg(ibuf);
374}
375
376const struct got_error *
377got_privsep_send_obj(struct imsgbuf *ibuf, struct got_object *obj)
378{
379 struct got_imsg_object iobj;
380
381 memcpy(iobj.id, obj->id.sha1, sizeof(iobj.id));
382 iobj.type = obj->type;
383 iobj.flags = obj->flags;
384 iobj.hdrlen = obj->hdrlen;
385 iobj.size = obj->size;
386 if (iobj.flags & GOT_OBJ_FLAG_PACKED0x01) {
387 iobj.pack_offset = obj->pack_offset;
388 iobj.pack_idx = obj->pack_idx;
389 }
390
391 if (imsg_compose(ibuf, GOT_IMSG_OBJECT, 0, 0, -1, &iobj, sizeof(iobj))
392 == -1)
393 return got_error_from_errno("imsg_compose OBJECT");
394
395 return flush_imsg(ibuf);
396}
397
398const struct got_error *
399got_privsep_get_imsg_obj(struct got_object **obj, struct imsg *imsg,
400 struct imsgbuf *ibuf)
401{
402 const struct got_error *err = NULL((void *)0);
403 struct got_imsg_object *iobj;
404 size_t datalen = imsg->hdr.len - IMSG_HEADER_SIZEsizeof(struct imsg_hdr);
405
406 if (datalen != sizeof(*iobj))
407 return got_error(GOT_ERR_PRIVSEP_LEN36);
408 iobj = imsg->data;
409
410 *obj = calloc(1, sizeof(**obj));
411 if (*obj == NULL((void *)0))
412 return got_error_from_errno("calloc");
413
414 memcpy((*obj)->id.sha1, iobj->id, SHA1_DIGEST_LENGTH20);
415 (*obj)->type = iobj->type;
416 (*obj)->flags = iobj->flags;
417 (*obj)->hdrlen = iobj->hdrlen;
418 (*obj)->size = iobj->size;
419 /* path_packfile is handled by caller */
420 if (iobj->flags & GOT_OBJ_FLAG_PACKED0x01) {
421 (*obj)->pack_offset = iobj->pack_offset;
422 (*obj)->pack_idx = iobj->pack_idx;
423 }
424
425 return err;
426}
427
428const struct got_error *
429got_privsep_recv_obj(struct got_object **obj, struct imsgbuf *ibuf)
430{
431 const struct got_error *err = NULL((void *)0);
432 struct imsg imsg;
433 const size_t min_datalen =
434 MIN(sizeof(struct got_imsg_error), sizeof(struct got_imsg_object))((sizeof(struct got_imsg_error)) < (sizeof(struct got_imsg_object
)) ? (sizeof(struct got_imsg_error)) : (sizeof(struct got_imsg_object
)))
;
435
436 *obj = NULL((void *)0);
437
438 err = got_privsep_recv_imsg(&imsg, ibuf, min_datalen);
439 if (err)
440 return err;
441
442 switch (imsg.hdr.type) {
443 case GOT_IMSG_OBJECT:
444 err = got_privsep_get_imsg_obj(obj, &imsg, ibuf);
445 break;
446 default:
447 err = got_error(GOT_ERR_PRIVSEP_MSG39);
448 break;
449 }
450
451 imsg_free(&imsg);
452
453 return err;
454}
455
456static const struct got_error *
457send_commit_logmsg(struct imsgbuf *ibuf, struct got_commit_object *commit,
458 size_t logmsg_len)
459{
460 const struct got_error *err = NULL((void *)0);
461 size_t offset, remain;
462
463 offset = 0;
464 remain = logmsg_len;
465 while (remain > 0) {
466 size_t n = MIN(MAX_IMSGSIZE - IMSG_HEADER_SIZE, remain)((16384 - sizeof(struct imsg_hdr)) < (remain) ? (16384 - sizeof
(struct imsg_hdr)) : (remain))
;
467
468 if (imsg_compose(ibuf, GOT_IMSG_COMMIT_LOGMSG, 0, 0, -1,
469 commit->logmsg + offset, n) == -1) {
470 err = got_error_from_errno("imsg_compose "
471 "COMMIT_LOGMSG");
472 break;
473 }
474
475 err = flush_imsg(ibuf);
476 if (err)
477 break;
478
479 offset += n;
480 remain -= n;
481 }
482
483 return err;
484}
485
486const struct got_error *
487got_privsep_send_commit(struct imsgbuf *ibuf, struct got_commit_object *commit)
488{
489 const struct got_error *err = NULL((void *)0);
490 struct got_imsg_commit_object *icommit;
491 uint8_t *buf;
492 size_t len, total;
493 struct got_object_qid *qid;
494 size_t author_len = strlen(commit->author);
495 size_t committer_len = strlen(commit->committer);
496 size_t logmsg_len = strlen(commit->logmsg);
497
498 total = sizeof(*icommit) + author_len + committer_len +
499 commit->nparents * SHA1_DIGEST_LENGTH20;
500
501 buf = malloc(total);
502 if (buf == NULL((void *)0))
503 return got_error_from_errno("malloc");
504
505 icommit = (struct got_imsg_commit_object *)buf;
506 memcpy(icommit->tree_id, commit->tree_id->sha1,
507 sizeof(icommit->tree_id));
508 icommit->author_len = author_len;
509 icommit->author_time = commit->author_time;
510 icommit->author_gmtoff = commit->author_gmtoff;
511 icommit->committer_len = committer_len;
512 icommit->committer_time = commit->committer_time;
513 icommit->committer_gmtoff = commit->committer_gmtoff;
514 icommit->logmsg_len = logmsg_len;
515 icommit->nparents = commit->nparents;
516
517 len = sizeof(*icommit);
518 memcpy(buf + len, commit->author, author_len);
519 len += author_len;
520 memcpy(buf + len, commit->committer, committer_len);
521 len += committer_len;
522 SIMPLEQ_FOREACH(qid, &commit->parent_ids, entry)for((qid) = ((&commit->parent_ids)->sqh_first); (qid
) != ((void *)0); (qid) = ((qid)->entry.sqe_next))
{
523 memcpy(buf + len, qid->id, SHA1_DIGEST_LENGTH20);
524 len += SHA1_DIGEST_LENGTH20;
525 }
526
527 if (imsg_compose(ibuf, GOT_IMSG_COMMIT, 0, 0, -1, buf, len) == -1) {
528 err = got_error_from_errno("imsg_compose COMMIT");
529 goto done;
530 }
531
532 if (logmsg_len == 0 ||
533 logmsg_len + len > MAX_IMSGSIZE16384 - IMSG_HEADER_SIZEsizeof(struct imsg_hdr)) {
534 err = flush_imsg(ibuf);
535 if (err)
536 goto done;
537 }
538 err = send_commit_logmsg(ibuf, commit, logmsg_len);
539done:
540 free(buf);
541 return err;
542}
543
544const struct got_error *
545got_privsep_recv_commit(struct got_commit_object **commit, struct imsgbuf *ibuf)
546{
547 const struct got_error *err = NULL((void *)0);
548 struct imsg imsg;
549 struct got_imsg_commit_object *icommit;
550 size_t len, datalen;
551 int i;
552 const size_t min_datalen =
553 MIN(sizeof(struct got_imsg_error),((sizeof(struct got_imsg_error)) < (sizeof(struct got_imsg_commit_object
)) ? (sizeof(struct got_imsg_error)) : (sizeof(struct got_imsg_commit_object
)))
554 sizeof(struct got_imsg_commit_object))((sizeof(struct got_imsg_error)) < (sizeof(struct got_imsg_commit_object
)) ? (sizeof(struct got_imsg_error)) : (sizeof(struct got_imsg_commit_object
)))
;
555
556 *commit = NULL((void *)0);
557
558 err = got_privsep_recv_imsg(&imsg, ibuf, min_datalen);
559 if (err)
560 return err;
561
562 datalen = imsg.hdr.len - IMSG_HEADER_SIZEsizeof(struct imsg_hdr);
563 len = 0;
564
565 switch (imsg.hdr.type) {
566 case GOT_IMSG_COMMIT:
567 if (datalen < sizeof(*icommit)) {
568 err = got_error(GOT_ERR_PRIVSEP_LEN36);
569 break;
570 }
571 icommit = imsg.data;
572 if (datalen != sizeof(*icommit) + icommit->author_len +
573 icommit->committer_len +
574 icommit->nparents * SHA1_DIGEST_LENGTH20) {
575 err = got_error(GOT_ERR_PRIVSEP_LEN36);
576 break;
577 }
578 if (icommit->nparents < 0) {
579 err = got_error(GOT_ERR_PRIVSEP_LEN36);
580 break;
581 }
582 len += sizeof(*icommit);
583
584 *commit = got_object_commit_alloc_partial();
585 if (*commit == NULL((void *)0)) {
586 err = got_error_from_errno(
587 "got_object_commit_alloc_partial");
588 break;
589 }
590
591 memcpy((*commit)->tree_id->sha1, icommit->tree_id,
592 SHA1_DIGEST_LENGTH20);
593 (*commit)->author_time = icommit->author_time;
594 (*commit)->author_gmtoff = icommit->author_gmtoff;
595 (*commit)->committer_time = icommit->committer_time;
596 (*commit)->committer_gmtoff = icommit->committer_gmtoff;
597
598 if (icommit->author_len == 0) {
599 (*commit)->author = strdup("");
600 if ((*commit)->author == NULL((void *)0)) {
601 err = got_error_from_errno("strdup");
602 break;
603 }
604 } else {
605 (*commit)->author = malloc(icommit->author_len + 1);
606 if ((*commit)->author == NULL((void *)0)) {
607 err = got_error_from_errno("malloc");
608 break;
609 }
610 memcpy((*commit)->author, imsg.data + len,
611 icommit->author_len);
612 (*commit)->author[icommit->author_len] = '\0';
613 }
614 len += icommit->author_len;
615
616 if (icommit->committer_len == 0) {
617 (*commit)->committer = strdup("");
618 if ((*commit)->committer == NULL((void *)0)) {
619 err = got_error_from_errno("strdup");
620 break;
621 }
622 } else {
623 (*commit)->committer =
624 malloc(icommit->committer_len + 1);
625 if ((*commit)->committer == NULL((void *)0)) {
626 err = got_error_from_errno("malloc");
627 break;
628 }
629 memcpy((*commit)->committer, imsg.data + len,
630 icommit->committer_len);
631 (*commit)->committer[icommit->committer_len] = '\0';
632 }
633 len += icommit->committer_len;
634
635 if (icommit->logmsg_len == 0) {
636 (*commit)->logmsg = strdup("");
637 if ((*commit)->logmsg == NULL((void *)0)) {
638 err = got_error_from_errno("strdup");
639 break;
640 }
641 } else {
642 size_t offset = 0, remain = icommit->logmsg_len;
643
644 (*commit)->logmsg = malloc(icommit->logmsg_len + 1);
645 if ((*commit)->logmsg == NULL((void *)0)) {
646 err = got_error_from_errno("malloc");
647 break;
648 }
649 while (remain > 0) {
650 struct imsg imsg_log;
651 size_t n = MIN(MAX_IMSGSIZE - IMSG_HEADER_SIZE,((16384 - sizeof(struct imsg_hdr)) < (remain) ? (16384 - sizeof
(struct imsg_hdr)) : (remain))
652 remain)((16384 - sizeof(struct imsg_hdr)) < (remain) ? (16384 - sizeof
(struct imsg_hdr)) : (remain))
;
653
654 err = got_privsep_recv_imsg(&imsg_log, ibuf, n);
655 if (err)
656 return err;
657
658 if (imsg_log.hdr.type != GOT_IMSG_COMMIT_LOGMSG)
659 return got_error(GOT_ERR_PRIVSEP_MSG39);
660
661 memcpy((*commit)->logmsg + offset,
662 imsg_log.data, n);
663 imsg_free(&imsg_log);
664 offset += n;
665 remain -= n;
666 }
667 (*commit)->logmsg[icommit->logmsg_len] = '\0';
668 }
669
670 for (i = 0; i < icommit->nparents; i++) {
671 struct got_object_qid *qid;
672
673 err = got_object_qid_alloc_partial(&qid);
674 if (err)
675 break;
676 memcpy(qid->id, imsg.data + len +
677 i * SHA1_DIGEST_LENGTH20, sizeof(*qid->id));
678 SIMPLEQ_INSERT_TAIL(&(*commit)->parent_ids, qid, entry)do { (qid)->entry.sqe_next = ((void *)0); *(&(*commit)
->parent_ids)->sqh_last = (qid); (&(*commit)->parent_ids
)->sqh_last = &(qid)->entry.sqe_next; } while (0)
;
679 (*commit)->nparents++;
680 }
681 break;
682 default:
683 err = got_error(GOT_ERR_PRIVSEP_MSG39);
684 break;
685 }
686
687 imsg_free(&imsg);
688
689 return err;
690}
691
692const struct got_error *
693got_privsep_send_tree(struct imsgbuf *ibuf, struct got_tree_object *tree)
694{
695 const struct got_error *err = NULL((void *)0);
696 struct got_imsg_tree_object itree;
697 struct got_tree_entry *te;
698 size_t totlen;
699 int nimsg; /* number of imsg queued in ibuf */
700
701 itree.nentries = tree->entries.nentries;
702 if (imsg_compose(ibuf, GOT_IMSG_TREE, 0, 0, -1, &itree, sizeof(itree))
703 == -1)
704 return got_error_from_errno("imsg_compose TREE");
705
706 totlen = sizeof(itree);
707 nimsg = 1;
708 SIMPLEQ_FOREACH(te, &tree->entries.head, entry)for((te) = ((&tree->entries.head)->sqh_first); (te)
!= ((void *)0); (te) = ((te)->entry.sqe_next))
{
709 struct got_imsg_tree_entry *ite;
710 uint8_t *buf = NULL((void *)0);
711 size_t len = sizeof(*ite) + strlen(te->name);
712
713 if (len > MAX_IMSGSIZE16384)
714 return got_error(GOT_ERR_NO_SPACE9);
715
716 nimsg++;
717 if (totlen + len >= MAX_IMSGSIZE16384 - (IMSG_HEADER_SIZEsizeof(struct imsg_hdr) * nimsg)) {
718 err = flush_imsg(ibuf);
719 if (err)
720 return err;
721 nimsg = 0;
722 }
723
724 buf = malloc(len);
725 if (buf == NULL((void *)0))
726 return got_error_from_errno("malloc");
727
728 ite = (struct got_imsg_tree_entry *)buf;
729 memcpy(ite->id, te->id->sha1, sizeof(ite->id));
730 ite->mode = te->mode;
731 memcpy(buf + sizeof(*ite), te->name, strlen(te->name));
732
733 if (imsg_compose(ibuf, GOT_IMSG_TREE_ENTRY, 0, 0, -1,
734 buf, len) == -1)
735 err = got_error_from_errno("imsg_compose TREE_ENTRY");
736 free(buf);
737 if (err)
738 return err;
739 totlen += len;
740 }
741
742 return flush_imsg(ibuf);
743}
744
745const struct got_error *
746got_privsep_recv_tree(struct got_tree_object **tree, struct imsgbuf *ibuf)
747{
748 const struct got_error *err = NULL((void *)0);
749 const size_t min_datalen =
750 MIN(sizeof(struct got_imsg_error),((sizeof(struct got_imsg_error)) < (sizeof(struct got_imsg_tree_object
)) ? (sizeof(struct got_imsg_error)) : (sizeof(struct got_imsg_tree_object
)))
751 sizeof(struct got_imsg_tree_object))((sizeof(struct got_imsg_error)) < (sizeof(struct got_imsg_tree_object
)) ? (sizeof(struct got_imsg_error)) : (sizeof(struct got_imsg_tree_object
)))
;
752 struct got_imsg_tree_object *itree;
753 int nentries = 0;
754
755 *tree = NULL((void *)0);
756get_more:
757 err = read_imsg(ibuf);
758 if (err)
759 goto done;
760
761 for (;;) {
762 struct imsg imsg;
763 size_t n;
764 size_t datalen;
765 struct got_imsg_tree_entry *ite;
766 struct got_tree_entry *te = NULL((void *)0);
767
768 n = imsg_get(ibuf, &imsg);
769 if (n == 0) {
770 if (*tree && (*tree)->entries.nentries != nentries)
771 goto get_more;
772 break;
773 }
774
775 if (imsg.hdr.len < IMSG_HEADER_SIZEsizeof(struct imsg_hdr) + min_datalen)
776 return got_error(GOT_ERR_PRIVSEP_LEN36);
777
778 datalen = imsg.hdr.len - IMSG_HEADER_SIZEsizeof(struct imsg_hdr);
779
780 switch (imsg.hdr.type) {
781 case GOT_IMSG_ERROR:
782 err = recv_imsg_error(&imsg, datalen);
783 break;
784 case GOT_IMSG_TREE:
785 /* This message should only appear once. */
786 if (*tree != NULL((void *)0)) {
787 err = got_error(GOT_ERR_PRIVSEP_MSG39);
788 break;
789 }
790 if (datalen != sizeof(*itree)) {
791 err = got_error(GOT_ERR_PRIVSEP_LEN36);
792 break;
793 }
794 itree = imsg.data;
795 *tree = malloc(sizeof(**tree));
796 if (*tree == NULL((void *)0)) {
797 err = got_error_from_errno("malloc");
798 break;
799 }
800 (*tree)->entries.nentries = itree->nentries;
801 SIMPLEQ_INIT(&(*tree)->entries.head)do { (&(*tree)->entries.head)->sqh_first = ((void *
)0); (&(*tree)->entries.head)->sqh_last = &(&
(*tree)->entries.head)->sqh_first; } while (0)
;
802 (*tree)->refcnt = 0;
803 break;
804 case GOT_IMSG_TREE_ENTRY:
805 /* This message should be preceeded by GOT_IMSG_TREE. */
806 if (*tree == NULL((void *)0)) {
807 err = got_error(GOT_ERR_PRIVSEP_MSG39);
808 break;
809 }
810 if (datalen < sizeof(*ite) || datalen > MAX_IMSGSIZE16384) {
811 err = got_error(GOT_ERR_PRIVSEP_LEN36);
812 break;
813 }
814
815 /* Remaining data contains the entry's name. */
816 datalen -= sizeof(*ite);
817 if (datalen == 0 || datalen > MAX_IMSGSIZE16384) {
818 err = got_error(GOT_ERR_PRIVSEP_LEN36);
819 break;
820 }
821 ite = imsg.data;
822
823 te = got_alloc_tree_entry_partial();
824 if (te == NULL((void *)0)) {
825 err = got_error_from_errno(
826 "got_alloc_tree_entry_partial");
827 break;
828 }
829 te->name = malloc(datalen + 1);
830 if (te->name == NULL((void *)0)) {
831 free(te);
832 err = got_error_from_errno("malloc");
833 break;
834 }
835 memcpy(te->name, imsg.data + sizeof(*ite), datalen);
836 te->name[datalen] = '\0';
837
838 memcpy(te->id->sha1, ite->id, SHA1_DIGEST_LENGTH20);
839 te->mode = ite->mode;
840 SIMPLEQ_INSERT_TAIL(&(*tree)->entries.head, te, entry)do { (te)->entry.sqe_next = ((void *)0); *(&(*tree)->
entries.head)->sqh_last = (te); (&(*tree)->entries.
head)->sqh_last = &(te)->entry.sqe_next; } while (0
)
;
841 nentries++;
842 break;
843 default:
844 err = got_error(GOT_ERR_PRIVSEP_MSG39);
845 break;
846 }
847
848 imsg_free(&imsg);
849 }
850done:
851 if (*tree && (*tree)->entries.nentries != nentries) {
852 if (err == NULL((void *)0))
853 err = got_error(GOT_ERR_PRIVSEP_LEN36);
854 got_object_tree_close(*tree);
855 *tree = NULL((void *)0);
856 }
857
858 return err;
859}
860
861const struct got_error *
862got_privsep_send_blob(struct imsgbuf *ibuf, size_t size, size_t hdrlen,
863 const uint8_t *data)
864{
865 struct got_imsg_blob iblob;
866
867 iblob.size = size;
868 iblob.hdrlen = hdrlen;
869
870 if (data) {
871 uint8_t *buf;
872
873 if (size > GOT_PRIVSEP_INLINE_BLOB_DATA_MAX(16384 - sizeof(struct imsg_hdr) - sizeof(struct got_imsg_blob
))
)
874 return got_error(GOT_ERR_NO_SPACE9);
875
876 buf = malloc(sizeof(iblob) + size);
877 if (buf == NULL((void *)0))
878 return got_error_from_errno("malloc");
879
880 memcpy(buf, &iblob, sizeof(iblob));
881 memcpy(buf + sizeof(iblob), data, size);
882 if (imsg_compose(ibuf, GOT_IMSG_BLOB, 0, 0, -1, buf,
883 sizeof(iblob) + size) == -1) {
884 free(buf);
885 return got_error_from_errno("imsg_compose BLOB");
886 }
887 free(buf);
888 } else {
889 /* Data has already been written to file descriptor. */
890 if (imsg_compose(ibuf, GOT_IMSG_BLOB, 0, 0, -1, &iblob,
891 sizeof(iblob)) == -1)
892 return got_error_from_errno("imsg_compose BLOB");
893 }
894
895
896 return flush_imsg(ibuf);
897}
898
899const struct got_error *
900got_privsep_recv_blob(uint8_t **outbuf, size_t *size, size_t *hdrlen,
901 struct imsgbuf *ibuf)
902{
903 const struct got_error *err = NULL((void *)0);
904 struct imsg imsg;
905 struct got_imsg_blob *iblob;
906 size_t datalen;
907
908 *outbuf = NULL((void *)0);
909
910 err = got_privsep_recv_imsg(&imsg, ibuf, 0);
911 if (err)
912 return err;
913
914 datalen = imsg.hdr.len - IMSG_HEADER_SIZEsizeof(struct imsg_hdr);
915
916 switch (imsg.hdr.type) {
917 case GOT_IMSG_BLOB:
918 if (datalen < sizeof(*iblob)) {
919 err = got_error(GOT_ERR_PRIVSEP_LEN36);
920 break;
921 }
922 iblob = imsg.data;
923 *size = iblob->size;
924 *hdrlen = iblob->hdrlen;
925
926 if (datalen == sizeof(*iblob)) {
927 /* Data has been written to file descriptor. */
928 break;
929 }
930
931 if (*size > GOT_PRIVSEP_INLINE_BLOB_DATA_MAX(16384 - sizeof(struct imsg_hdr) - sizeof(struct got_imsg_blob
))
) {
932 err = got_error(GOT_ERR_PRIVSEP_LEN36);
933 break;
934 }
935
936 *outbuf = malloc(*size);
937 if (*outbuf == NULL((void *)0)) {
938 err = got_error_from_errno("malloc");
939 break;
940 }
941 memcpy(*outbuf, imsg.data + sizeof(*iblob), *size);
942 break;
943 default:
944 err = got_error(GOT_ERR_PRIVSEP_MSG39);
945 break;
946 }
947
948 imsg_free(&imsg);
949
950 return err;
951}
952
953static const struct got_error *
954send_tagmsg(struct imsgbuf *ibuf, struct got_tag_object *tag, size_t tagmsg_len)
955{
956 const struct got_error *err = NULL((void *)0);
957 size_t offset, remain;
958
959 offset = 0;
960 remain = tagmsg_len;
961 while (remain > 0) {
962 size_t n = MIN(MAX_IMSGSIZE - IMSG_HEADER_SIZE, remain)((16384 - sizeof(struct imsg_hdr)) < (remain) ? (16384 - sizeof
(struct imsg_hdr)) : (remain))
;
963
964 if (imsg_compose(ibuf, GOT_IMSG_TAG_TAGMSG, 0, 0, -1,
965 tag->tagmsg + offset, n) == -1) {
966 err = got_error_from_errno("imsg_compose TAG_TAGMSG");
967 break;
968 }
969
970 err = flush_imsg(ibuf);
971 if (err)
972 break;
973
974 offset += n;
975 remain -= n;
976 }
977
978 return err;
979}
980
981const struct got_error *
982got_privsep_send_tag(struct imsgbuf *ibuf, struct got_tag_object *tag)
983{
984 const struct got_error *err = NULL((void *)0);
985 struct got_imsg_tag_object *itag;
986 uint8_t *buf;
987 size_t len, total;
988 size_t tag_len = strlen(tag->tag);
989 size_t tagger_len = strlen(tag->tagger);
990 size_t tagmsg_len = strlen(tag->tagmsg);
991
992 total = sizeof(*itag) + tag_len + tagger_len + tagmsg_len;
993
994 buf = malloc(total);
995 if (buf == NULL((void *)0))
996 return got_error_from_errno("malloc");
997
998 itag = (struct got_imsg_tag_object *)buf;
999 memcpy(itag->id, tag->id.sha1, sizeof(itag->id));
1000 itag->obj_type = tag->obj_type;
1001 itag->tag_len = tag_len;
1002 itag->tagger_len = tagger_len;
1003 itag->tagger_time = tag->tagger_time;
1004 itag->tagger_gmtoff = tag->tagger_gmtoff;
1005 itag->tagmsg_len = tagmsg_len;
1006
1007 len = sizeof(*itag);
1008 memcpy(buf + len, tag->tag, tag_len);
1009 len += tag_len;
1010 memcpy(buf + len, tag->tagger, tagger_len);
1011 len += tagger_len;
1012
1013 if (imsg_compose(ibuf, GOT_IMSG_TAG, 0, 0, -1, buf, len) == -1) {
1014 err = got_error_from_errno("imsg_compose TAG");
1015 goto done;
1016 }
1017
1018 if (tagmsg_len == 0 ||
1019 tagmsg_len + len > MAX_IMSGSIZE16384 - IMSG_HEADER_SIZEsizeof(struct imsg_hdr)) {
1020 err = flush_imsg(ibuf);
1021 if (err)
1022 goto done;
1023 }
1024 err = send_tagmsg(ibuf, tag, tagmsg_len);
1025done:
1026 free(buf);
1027 return err;
1028}
1029
1030const struct got_error *
1031got_privsep_recv_tag(struct got_tag_object **tag, struct imsgbuf *ibuf)
1032{
1033 const struct got_error *err = NULL((void *)0);
1034 struct imsg imsg;
1035 struct got_imsg_tag_object *itag;
1036 size_t len, datalen;
1037 const size_t min_datalen =
1038 MIN(sizeof(struct got_imsg_error),((sizeof(struct got_imsg_error)) < (sizeof(struct got_imsg_tag_object
)) ? (sizeof(struct got_imsg_error)) : (sizeof(struct got_imsg_tag_object
)))
1039 sizeof(struct got_imsg_tag_object))((sizeof(struct got_imsg_error)) < (sizeof(struct got_imsg_tag_object
)) ? (sizeof(struct got_imsg_error)) : (sizeof(struct got_imsg_tag_object
)))
;
1040
1041 *tag = NULL((void *)0);
1042
1043 err = got_privsep_recv_imsg(&imsg, ibuf, min_datalen);
1044 if (err)
1045 return err;
1046
1047 datalen = imsg.hdr.len - IMSG_HEADER_SIZEsizeof(struct imsg_hdr);
1048 len = 0;
1049
1050 switch (imsg.hdr.type) {
1051 case GOT_IMSG_TAG:
1052 if (datalen < sizeof(*itag)) {
1053 err = got_error(GOT_ERR_PRIVSEP_LEN36);
1054 break;
1055 }
1056 itag = imsg.data;
1057 if (datalen != sizeof(*itag) + itag->tag_len +
1058 itag->tagger_len) {
1059 err = got_error(GOT_ERR_PRIVSEP_LEN36);
1060 break;
1061 }
1062 len += sizeof(*itag);
1063
1064 *tag = calloc(1, sizeof(**tag));
1065 if (*tag == NULL((void *)0)) {
1066 err = got_error_from_errno("calloc");
1067 break;
1068 }
1069
1070 memcpy((*tag)->id.sha1, itag->id, SHA1_DIGEST_LENGTH20);
1071
1072 if (itag->tag_len == 0) {
1073 (*tag)->tag = strdup("");
1074 if ((*tag)->tag == NULL((void *)0)) {
1075 err = got_error_from_errno("strdup");
1076 break;
1077 }
1078 } else {
1079 (*tag)->tag = malloc(itag->tag_len + 1);
1080 if ((*tag)->tag == NULL((void *)0)) {
1081 err = got_error_from_errno("malloc");
1082 break;
1083 }
1084 memcpy((*tag)->tag, imsg.data + len,
1085 itag->tag_len);
1086 (*tag)->tag[itag->tag_len] = '\0';
1087 }
1088 len += itag->tag_len;
1089
1090 (*tag)->obj_type = itag->obj_type;
1091 (*tag)->tagger_time = itag->tagger_time;
1092 (*tag)->tagger_gmtoff = itag->tagger_gmtoff;
1093
1094 if (itag->tagger_len == 0) {
1095 (*tag)->tagger = strdup("");
1096 if ((*tag)->tagger == NULL((void *)0)) {
1097 err = got_error_from_errno("strdup");
1098 break;
1099 }
1100 } else {
1101 (*tag)->tagger = malloc(itag->tagger_len + 1);
1102 if ((*tag)->tagger == NULL((void *)0)) {
1103 err = got_error_from_errno("malloc");
1104 break;
1105 }
1106 memcpy((*tag)->tagger, imsg.data + len,
1107 itag->tagger_len);
1108 (*tag)->tagger[itag->tagger_len] = '\0';
1109 }
1110 len += itag->tagger_len;
Value stored to 'len' is never read
1111
1112 if (itag->tagmsg_len == 0) {
1113 (*tag)->tagmsg = strdup("");
1114 if ((*tag)->tagmsg == NULL((void *)0)) {
1115 err = got_error_from_errno("strdup");
1116 break;
1117 }
1118 } else {
1119 size_t offset = 0, remain = itag->tagmsg_len;
1120
1121 (*tag)->tagmsg = malloc(itag->tagmsg_len + 1);
1122 if ((*tag)->tagmsg == NULL((void *)0)) {
1123 err = got_error_from_errno("malloc");
1124 break;
1125 }
1126 while (remain > 0) {
1127 struct imsg imsg_log;
1128 size_t n = MIN(MAX_IMSGSIZE - IMSG_HEADER_SIZE,((16384 - sizeof(struct imsg_hdr)) < (remain) ? (16384 - sizeof
(struct imsg_hdr)) : (remain))
1129 remain)((16384 - sizeof(struct imsg_hdr)) < (remain) ? (16384 - sizeof
(struct imsg_hdr)) : (remain))
;
1130
1131 err = got_privsep_recv_imsg(&imsg_log, ibuf, n);
1132 if (err)
1133 return err;
1134
1135 if (imsg_log.hdr.type != GOT_IMSG_TAG_TAGMSG)
1136 return got_error(GOT_ERR_PRIVSEP_MSG39);
1137
1138 memcpy((*tag)->tagmsg + offset, imsg_log.data,
1139 n);
1140 imsg_free(&imsg_log);
1141 offset += n;
1142 remain -= n;
1143 }
1144 (*tag)->tagmsg[itag->tagmsg_len] = '\0';
1145 }
1146
1147 break;
1148 default:
1149 err = got_error(GOT_ERR_PRIVSEP_MSG39);
1150 break;
1151 }
1152
1153 imsg_free(&imsg);
1154
1155 return err;
1156}
1157
1158const struct got_error *
1159got_privsep_init_pack_child(struct imsgbuf *ibuf, struct got_pack *pack,
1160 struct got_packidx *packidx)
1161{
1162 const struct got_error *err = NULL((void *)0);
1163 struct got_imsg_packidx ipackidx;
1164 struct got_imsg_pack ipack;
1165 int fd;
1166
1167 ipackidx.len = packidx->len;
1168 fd = dup(packidx->fd);
1169 if (fd == -1)
1170 return got_error_from_errno("dup");
1171
1172 if (imsg_compose(ibuf, GOT_IMSG_PACKIDX, 0, 0, fd, &ipackidx,
1173 sizeof(ipackidx)) == -1) {
1174 err = got_error_from_errno("imsg_compose PACKIDX");
1175 close(fd);
1176 return err;
1177 }
1178
1179 if (strlcpy(ipack.path_packfile, pack->path_packfile,
1180 sizeof(ipack.path_packfile)) >= sizeof(ipack.path_packfile))
1181 return got_error(GOT_ERR_NO_SPACE9);
1182 ipack.filesize = pack->filesize;
1183
1184 fd = dup(pack->fd);
1185 if (fd == -1)
1186 return got_error_from_errno("dup");
1187
1188 if (imsg_compose(ibuf, GOT_IMSG_PACK, 0, 0, fd, &ipack, sizeof(ipack))
1189 == -1) {
1190 err = got_error_from_errno("imsg_compose PACK");
1191 close(fd);
1192 return err;
1193 }
1194
1195 return flush_imsg(ibuf);
1196}
1197
1198const struct got_error *
1199got_privsep_send_packed_obj_req(struct imsgbuf *ibuf, int idx,
1200 struct got_object_id *id)
1201{
1202 struct got_imsg_packed_object iobj;
1203
1204 iobj.idx = idx;
1205 memcpy(iobj.id, id->sha1, sizeof(iobj.id));
1206
1207 if (imsg_compose(ibuf, GOT_IMSG_PACKED_OBJECT_REQUEST, 0, 0, -1,
1208 &iobj, sizeof(iobj)) == -1)
1209 return got_error_from_errno("imsg_compose "
1210 "PACKED_OBJECT_REQUEST");
1211
1212 return flush_imsg(ibuf);
1213}
1214
1215const struct got_error *
1216got_privsep_send_gitconfig_parse_req(struct imsgbuf *ibuf, int fd)
1217{
1218 const struct got_error *err = NULL((void *)0);
1219
1220 if (imsg_compose(ibuf, GOT_IMSG_GITCONFIG_PARSE_REQUEST, 0, 0, fd,
1221 NULL((void *)0), 0) == -1) {
1222 err = got_error_from_errno("imsg_compose "
1223 "GITCONFIG_PARSE_REQUEST");
1224 close(fd);
1225 return err;
1226 }
1227
1228 return flush_imsg(ibuf);
1229}
1230
1231const struct got_error *
1232got_privsep_send_gitconfig_repository_format_version_req(struct imsgbuf *ibuf)
1233{
1234 if (imsg_compose(ibuf,
1235 GOT_IMSG_GITCONFIG_REPOSITORY_FORMAT_VERSION_REQUEST, 0, 0, -1,
1236 NULL((void *)0), 0) == -1)
1237 return got_error_from_errno("imsg_compose "
1238 "GITCONFIG_REPOSITORY_FORMAT_VERSION_REQUEST");
1239
1240 return flush_imsg(ibuf);
1241}
1242
1243const struct got_error *
1244got_privsep_send_gitconfig_author_name_req(struct imsgbuf *ibuf)
1245{
1246 if (imsg_compose(ibuf,
1247 GOT_IMSG_GITCONFIG_AUTHOR_NAME_REQUEST, 0, 0, -1, NULL((void *)0), 0) == -1)
1248 return got_error_from_errno("imsg_compose "
1249 "GITCONFIG_AUTHOR_NAME_REQUEST");
1250
1251 return flush_imsg(ibuf);
1252}
1253
1254const struct got_error *
1255got_privsep_send_gitconfig_author_email_req(struct imsgbuf *ibuf)
1256{
1257 if (imsg_compose(ibuf,
1258 GOT_IMSG_GITCONFIG_AUTHOR_EMAIL_REQUEST, 0, 0, -1, NULL((void *)0), 0) == -1)
1259 return got_error_from_errno("imsg_compose "
1260 "GITCONFIG_AUTHOR_EMAIL_REQUEST");
1261
1262 return flush_imsg(ibuf);
1263}
1264
1265const struct got_error *
1266got_privsep_send_gitconfig_str(struct imsgbuf *ibuf, const char *value)
1267{
1268 size_t len = value ? strlen(value) + 1 : 0;
1269
1270 if (imsg_compose(ibuf, GOT_IMSG_GITCONFIG_STR_VAL, 0, 0, -1,
1271 value, len) == -1)
1272 return got_error_from_errno("imsg_compose GITCONFIG_STR_VAL");
1273
1274 return flush_imsg(ibuf);
1275}
1276
1277const struct got_error *
1278got_privsep_recv_gitconfig_str(char **str, struct imsgbuf *ibuf)
1279{
1280 const struct got_error *err = NULL((void *)0);
1281 struct imsg imsg;
1282 size_t datalen;
1283 const size_t min_datalen = 0;
1284
1285 *str = NULL((void *)0);
1286
1287 err = got_privsep_recv_imsg(&imsg, ibuf, min_datalen);
1288 if (err)
1289 return err;
1290 datalen = imsg.hdr.len - IMSG_HEADER_SIZEsizeof(struct imsg_hdr);
1291
1292 switch (imsg.hdr.type) {
1293 case GOT_IMSG_GITCONFIG_STR_VAL:
1294 if (datalen == 0)
1295 break;
1296 *str = malloc(datalen);
1297 if (*str == NULL((void *)0)) {
1298 err = got_error_from_errno("malloc");
1299 break;
1300 }
1301 if (strlcpy(*str, imsg.data, datalen) >= datalen)
1302 err = got_error(GOT_ERR_NO_SPACE9);
1303 break;
1304 default:
1305 err = got_error(GOT_ERR_PRIVSEP_MSG39);
1306 break;
1307 }
1308
1309 imsg_free(&imsg);
1310 return err;
1311}
1312
1313const struct got_error *
1314got_privsep_send_gitconfig_int(struct imsgbuf *ibuf, int value)
1315{
1316 if (imsg_compose(ibuf, GOT_IMSG_GITCONFIG_INT_VAL, 0, 0, -1,
1317 &value, sizeof(value)) == -1)
1318 return got_error_from_errno("imsg_compose GITCONFIG_INT_VAL");
1319
1320 return flush_imsg(ibuf);
1321}
1322
1323const struct got_error *
1324got_privsep_recv_gitconfig_int(int *val, struct imsgbuf *ibuf)
1325{
1326 const struct got_error *err = NULL((void *)0);
1327 struct imsg imsg;
1328 size_t datalen;
1329 const size_t min_datalen =
1330 MIN(sizeof(struct got_imsg_error), sizeof(int))((sizeof(struct got_imsg_error)) < (sizeof(int)) ? (sizeof
(struct got_imsg_error)) : (sizeof(int)))
;
1331
1332 *val = 0;
1333
1334 err = got_privsep_recv_imsg(&imsg, ibuf, min_datalen);
1335 if (err)
1336 return err;
1337 datalen = imsg.hdr.len - IMSG_HEADER_SIZEsizeof(struct imsg_hdr);
1338
1339 switch (imsg.hdr.type) {
1340 case GOT_IMSG_GITCONFIG_INT_VAL:
1341 if (datalen != sizeof(*val)) {
1342 err = got_error(GOT_ERR_PRIVSEP_LEN36);
1343 break;
1344 }
1345 memcpy(val, imsg.data, sizeof(*val));
1346 break;
1347 default:
1348 err = got_error(GOT_ERR_PRIVSEP_MSG39);
1349 break;
1350 }
1351
1352 imsg_free(&imsg);
1353 return err;
1354}
1355
1356const struct got_error *
1357got_privsep_unveil_exec_helpers(void)
1358{
1359 const char *helpers[] = {
1360 GOT_PATH_PROG_READ_PACK"/root/bin" "/" "got-read-pack",
1361 GOT_PATH_PROG_READ_OBJECT"/root/bin" "/" "got-read-object",
1362 GOT_PATH_PROG_READ_COMMIT"/root/bin" "/" "got-read-commit",
1363 GOT_PATH_PROG_READ_TREE"/root/bin" "/" "got-read-tree",
1364 GOT_PATH_PROG_READ_BLOB"/root/bin" "/" "got-read-blob",
1365 GOT_PATH_PROG_READ_TAG"/root/bin" "/" "got-read-tag",
1366 GOT_PATH_PROG_READ_GITCONFIG"/root/bin" "/" "got-read-gitconfig",
1367 };
1368 int i;
1369
1370 for (i = 0; i < nitems(helpers)(sizeof((helpers)) / sizeof((helpers)[0])); i++) {
1371 if (unveil(helpers[i], "x") == 0)
1372 continue;
1373 return got_error_from_errno2("unveil", helpers[i]);
1374 }
1375
1376 return NULL((void *)0);
1377}
1378
1379void
1380got_privsep_exec_child(int imsg_fds[2], const char *path, const char *repo_path)
1381{
1382 if (close(imsg_fds[0]) != 0) {
1383 fprintf(stderr(&__sF[2]), "%s: %s\n", getprogname(), strerror(errno(*__errno())));
1384 _exit(1);
1385 }
1386
1387 if (dup2(imsg_fds[1], GOT_IMSG_FD_CHILD(2 + 1)) == -1) {
1388 fprintf(stderr(&__sF[2]), "%s: %s\n", getprogname(), strerror(errno(*__errno())));
1389 _exit(1);
1390 }
1391 if (closefrom(GOT_IMSG_FD_CHILD(2 + 1) + 1) == -1) {
1392 fprintf(stderr(&__sF[2]), "%s: %s\n", getprogname(), strerror(errno(*__errno())));
1393 _exit(1);
1394 }
1395
1396 if (execl(path, path, repo_path, (char *)NULL((void *)0)) == -1) {
1397 fprintf(stderr(&__sF[2]), "%s: %s: %s\n", getprogname(), path,
1398 strerror(errno(*__errno())));
1399 _exit(1);
1400 }
1401}