File: | /usr/ports/src/got/libexec/got-read-tree/../../lib/privsep.c |
Warning: | line 1110, column 3 Value stored to 'len' is never read |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* |
2 | * Copyright (c) 2018, 2019 Stefan Sperling <stsp@openbsd.org> |
3 | * |
4 | * Permission to use, copy, modify, and distribute this software for any |
5 | * purpose with or without fee is hereby granted, provided that the above |
6 | * copyright notice and this permission notice appear in all copies. |
7 | * |
8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
15 | */ |
16 | |
17 | #include <sys/types.h> |
18 | #include <sys/queue.h> |
19 | #include <sys/uio.h> |
20 | #include <sys/syslimits.h> |
21 | #include <sys/wait.h> |
22 | |
23 | #include <stdio.h> |
24 | #include <stdlib.h> |
25 | #include <string.h> |
26 | #include <errno(*__errno()).h> |
27 | #include <stdint.h> |
28 | #include <poll.h> |
29 | #include <imsg.h> |
30 | #include <sha1.h> |
31 | #include <zlib.h> |
32 | #include <time.h> |
33 | |
34 | #include "got_object.h" |
35 | #include "got_error.h" |
36 | |
37 | #include "got_lib_sha1.h" |
38 | #include "got_lib_delta.h" |
39 | #include "got_lib_inflate.h" |
40 | #include "got_lib_object.h" |
41 | #include "got_lib_object_parse.h" |
42 | #include "got_lib_privsep.h" |
43 | #include "got_lib_pack.h" |
44 | |
45 | #ifndef MIN |
46 | #define MIN(_a,_b)((_a) < (_b) ? (_a) : (_b)) ((_a) < (_b) ? (_a) : (_b)) |
47 | #endif |
48 | |
49 | #ifndef nitems |
50 | #define nitems(_a)(sizeof((_a)) / sizeof((_a)[0])) (sizeof((_a)) / sizeof((_a)[0])) |
51 | #endif |
52 | |
53 | static const struct got_error * |
54 | poll_fd(int fd, int events, int timeout) |
55 | { |
56 | struct pollfd pfd[1]; |
57 | int n; |
58 | |
59 | pfd[0].fd = fd; |
60 | pfd[0].events = events; |
61 | |
62 | n = poll(pfd, 1, timeout); |
63 | if (n == -1) |
64 | return got_error_from_errno("poll"); |
65 | if (n == 0) |
66 | return got_error(GOT_ERR_TIMEOUT33); |
67 | if (pfd[0].revents & (POLLERR0x0008 | POLLNVAL0x0020)) |
68 | return got_error_from_errno("poll error"); |
69 | if (pfd[0].revents & (events | POLLHUP0x0010)) |
70 | return NULL((void *)0); |
71 | |
72 | return got_error(GOT_ERR_INTERRUPT34); |
73 | } |
74 | |
75 | static const struct got_error * |
76 | read_imsg(struct imsgbuf *ibuf) |
77 | { |
78 | const struct got_error *err; |
79 | size_t n; |
80 | |
81 | err = poll_fd(ibuf->fd, POLLIN0x0001, INFTIM(-1)); |
82 | if (err) |
83 | return err; |
84 | |
85 | n = imsg_read(ibuf); |
86 | if (n == -1) { |
87 | if (errno(*__errno()) == EAGAIN35) /* Could be a file-descriptor leak. */ |
88 | return got_error(GOT_ERR_PRIVSEP_NO_FD38); |
89 | return got_error(GOT_ERR_PRIVSEP_READ35); |
90 | } |
91 | if (n == 0) |
92 | return got_error(GOT_ERR_PRIVSEP_PIPE37); |
93 | |
94 | return NULL((void *)0); |
95 | } |
96 | |
97 | const struct got_error * |
98 | got_privsep_wait_for_child(pid_t pid) |
99 | { |
100 | int child_status; |
101 | |
102 | if (waitpid(pid, &child_status, 0) == -1) |
103 | return got_error_from_errno("waitpid"); |
104 | |
105 | if (!WIFEXITED(child_status)(((child_status) & 0177) == 0)) |
106 | return got_error(GOT_ERR_PRIVSEP_DIED40); |
107 | |
108 | if (WEXITSTATUS(child_status)(int)(((unsigned)(child_status) >> 8) & 0xff) != 0) |
109 | return got_error(GOT_ERR_PRIVSEP_EXIT41); |
110 | |
111 | return NULL((void *)0); |
112 | } |
113 | |
114 | static const struct got_error * |
115 | recv_imsg_error(struct imsg *imsg, size_t datalen) |
116 | { |
117 | struct got_imsg_error *ierr; |
118 | |
119 | if (datalen != sizeof(*ierr)) |
120 | return got_error(GOT_ERR_PRIVSEP_LEN36); |
121 | |
122 | ierr = imsg->data; |
123 | if (ierr->code == GOT_ERR_ERRNO1) { |
124 | static struct got_error serr; |
125 | serr.code = GOT_ERR_ERRNO1; |
126 | serr.msg = strerror(ierr->errno_code); |
127 | return &serr; |
128 | } |
129 | |
130 | return got_error(ierr->code); |
131 | } |
132 | |
133 | const struct got_error * |
134 | got_privsep_recv_imsg(struct imsg *imsg, struct imsgbuf *ibuf, |
135 | size_t min_datalen) |
136 | { |
137 | const struct got_error *err; |
138 | ssize_t n; |
139 | |
140 | n = imsg_get(ibuf, imsg); |
141 | if (n == -1) |
142 | return got_error_from_errno("imsg_get"); |
143 | |
144 | while (n == 0) { |
145 | err = read_imsg(ibuf); |
146 | if (err) |
147 | return err; |
148 | n = imsg_get(ibuf, imsg); |
149 | } |
150 | |
151 | if (imsg->hdr.len < IMSG_HEADER_SIZEsizeof(struct imsg_hdr) + min_datalen) |
152 | return got_error(GOT_ERR_PRIVSEP_LEN36); |
153 | |
154 | if (imsg->hdr.type == GOT_IMSG_ERROR) { |
155 | size_t datalen = imsg->hdr.len - IMSG_HEADER_SIZEsizeof(struct imsg_hdr); |
156 | return recv_imsg_error(imsg, datalen); |
157 | } |
158 | |
159 | return NULL((void *)0); |
160 | } |
161 | |
162 | /* Attempt to send an error in an imsg. Complain on stderr as a last resort. */ |
163 | void |
164 | got_privsep_send_error(struct imsgbuf *ibuf, const struct got_error *err) |
165 | { |
166 | const struct got_error *poll_err; |
167 | struct got_imsg_error ierr; |
168 | int ret; |
169 | |
170 | ierr.code = err->code; |
171 | if (err->code == GOT_ERR_ERRNO1) |
172 | ierr.errno_code = errno(*__errno()); |
173 | else |
174 | ierr.errno_code = 0; |
175 | ret = imsg_compose(ibuf, GOT_IMSG_ERROR, 0, 0, -1, &ierr, sizeof(ierr)); |
176 | if (ret == -1) { |
177 | fprintf(stderr(&__sF[2]), "%s: error %d \"%s\": imsg_compose: %s\n", |
178 | getprogname(), err->code, err->msg, strerror(errno(*__errno()))); |
179 | return; |
180 | } |
181 | |
182 | poll_err = poll_fd(ibuf->fd, POLLOUT0x0004, INFTIM(-1)); |
183 | if (poll_err) { |
184 | fprintf(stderr(&__sF[2]), "%s: error %d \"%s\": poll: %s\n", |
185 | getprogname(), err->code, err->msg, poll_err->msg); |
186 | return; |
187 | } |
188 | |
189 | ret = imsg_flush(ibuf); |
190 | if (ret == -1) { |
191 | fprintf(stderr(&__sF[2]), "%s: error %d \"%s\": imsg_flush: %s\n", |
192 | getprogname(), err->code, err->msg, strerror(errno(*__errno()))); |
193 | return; |
194 | } |
195 | } |
196 | |
197 | static const struct got_error * |
198 | flush_imsg(struct imsgbuf *ibuf) |
199 | { |
200 | const struct got_error *err; |
201 | |
202 | err = poll_fd(ibuf->fd, POLLOUT0x0004, INFTIM(-1)); |
203 | if (err) |
204 | return err; |
205 | |
206 | if (imsg_flush(ibuf) == -1) |
207 | return got_error_from_errno("imsg_flush"); |
208 | |
209 | return NULL((void *)0); |
210 | } |
211 | |
212 | const struct got_error * |
213 | got_privsep_send_stop(int fd) |
214 | { |
215 | const struct got_error *err = NULL((void *)0); |
216 | struct imsgbuf ibuf; |
217 | |
218 | imsg_init(&ibuf, fd); |
219 | |
220 | if (imsg_compose(&ibuf, GOT_IMSG_STOP, 0, 0, -1, NULL((void *)0), 0) == -1) |
221 | return got_error_from_errno("imsg_compose STOP"); |
222 | |
223 | err = flush_imsg(&ibuf); |
224 | imsg_clear(&ibuf); |
225 | return err; |
226 | } |
227 | |
228 | const struct got_error * |
229 | got_privsep_send_obj_req(struct imsgbuf *ibuf, int fd) |
230 | { |
231 | if (imsg_compose(ibuf, GOT_IMSG_OBJECT_REQUEST, 0, 0, fd, NULL((void *)0), 0) |
232 | == -1) |
233 | return got_error_from_errno("imsg_compose OBJECT_REQUEST"); |
234 | |
235 | return flush_imsg(ibuf); |
236 | } |
237 | |
238 | const struct got_error * |
239 | got_privsep_send_commit_req(struct imsgbuf *ibuf, int fd, |
240 | struct got_object_id *id, int pack_idx) |
241 | { |
242 | const struct got_error *err = NULL((void *)0); |
243 | struct got_imsg_packed_object iobj, *iobjp; |
244 | size_t len; |
245 | |
246 | if (id) { /* commit is packed */ |
247 | iobj.idx = pack_idx; |
248 | memcpy(iobj.id, id->sha1, sizeof(iobj.id)); |
249 | iobjp = &iobj; |
250 | len = sizeof(iobj); |
251 | } else { |
252 | iobjp = NULL((void *)0); |
253 | len = 0; |
254 | } |
255 | |
256 | if (imsg_compose(ibuf, GOT_IMSG_COMMIT_REQUEST, 0, 0, fd, iobjp, len) |
257 | == -1) { |
258 | err = got_error_from_errno("imsg_compose COMMIT_REQUEST"); |
259 | close(fd); |
260 | return err; |
261 | } |
262 | |
263 | return flush_imsg(ibuf); |
264 | } |
265 | |
266 | const struct got_error * |
267 | got_privsep_send_tree_req(struct imsgbuf *ibuf, int fd, |
268 | struct got_object_id *id, int pack_idx) |
269 | { |
270 | const struct got_error *err = NULL((void *)0); |
271 | struct got_imsg_packed_object iobj, *iobjp; |
272 | size_t len; |
273 | |
274 | if (id) { /* tree is packed */ |
275 | iobj.idx = pack_idx; |
276 | memcpy(iobj.id, id->sha1, sizeof(iobj.id)); |
277 | iobjp = &iobj; |
278 | len = sizeof(iobj); |
279 | } else { |
280 | iobjp = NULL((void *)0); |
281 | len = 0; |
282 | } |
283 | |
284 | if (imsg_compose(ibuf, GOT_IMSG_TREE_REQUEST, 0, 0, fd, iobjp, len) |
285 | == -1) { |
286 | err = got_error_from_errno("imsg_compose TREE_REQUEST"); |
287 | close(fd); |
288 | return err; |
289 | } |
290 | |
291 | return flush_imsg(ibuf); |
292 | } |
293 | |
294 | const struct got_error * |
295 | got_privsep_send_tag_req(struct imsgbuf *ibuf, int fd, |
296 | struct got_object_id *id, int pack_idx) |
297 | { |
298 | struct got_imsg_packed_object iobj, *iobjp; |
299 | size_t len; |
300 | |
301 | if (id) { /* tag is packed */ |
302 | iobj.idx = pack_idx; |
303 | memcpy(iobj.id, id->sha1, sizeof(iobj.id)); |
304 | iobjp = &iobj; |
305 | len = sizeof(iobj); |
306 | } else { |
307 | iobjp = NULL((void *)0); |
308 | len = 0; |
309 | } |
310 | |
311 | if (imsg_compose(ibuf, GOT_IMSG_TAG_REQUEST, 0, 0, fd, iobjp, len) |
312 | == -1) |
313 | return got_error_from_errno("imsg_compose TAG_REQUEST"); |
314 | |
315 | return flush_imsg(ibuf); |
316 | } |
317 | |
318 | const struct got_error * |
319 | got_privsep_send_blob_req(struct imsgbuf *ibuf, int infd, |
320 | struct got_object_id *id, int pack_idx) |
321 | { |
322 | const struct got_error *err = NULL((void *)0); |
323 | struct got_imsg_packed_object iobj, *iobjp; |
324 | size_t len; |
325 | |
326 | if (id) { /* blob is packed */ |
327 | iobj.idx = pack_idx; |
328 | memcpy(iobj.id, id->sha1, sizeof(iobj.id)); |
329 | iobjp = &iobj; |
330 | len = sizeof(iobj); |
331 | } else { |
332 | iobjp = NULL((void *)0); |
333 | len = 0; |
334 | } |
335 | |
336 | if (imsg_compose(ibuf, GOT_IMSG_BLOB_REQUEST, 0, 0, infd, iobjp, len) |
337 | == -1) { |
338 | err = got_error_from_errno("imsg_compose BLOB_REQUEST"); |
339 | close(infd); |
340 | return err; |
341 | } |
342 | |
343 | return flush_imsg(ibuf); |
344 | } |
345 | |
346 | const struct got_error * |
347 | got_privsep_send_blob_outfd(struct imsgbuf *ibuf, int outfd) |
348 | { |
349 | const struct got_error *err = NULL((void *)0); |
350 | |
351 | if (imsg_compose(ibuf, GOT_IMSG_BLOB_OUTFD, 0, 0, outfd, NULL((void *)0), 0) |
352 | == -1) { |
353 | err = got_error_from_errno("imsg_compose BLOB_OUTFD"); |
354 | close(outfd); |
355 | return err; |
356 | } |
357 | |
358 | return flush_imsg(ibuf); |
359 | } |
360 | |
361 | const struct got_error * |
362 | got_privsep_send_tmpfd(struct imsgbuf *ibuf, int fd) |
363 | { |
364 | const struct got_error *err = NULL((void *)0); |
365 | |
366 | if (imsg_compose(ibuf, GOT_IMSG_TMPFD, 0, 0, fd, NULL((void *)0), 0) |
367 | == -1) { |
368 | err = got_error_from_errno("imsg_compose TMPFD"); |
369 | close(fd); |
370 | return err; |
371 | } |
372 | |
373 | return flush_imsg(ibuf); |
374 | } |
375 | |
376 | const struct got_error * |
377 | got_privsep_send_obj(struct imsgbuf *ibuf, struct got_object *obj) |
378 | { |
379 | struct got_imsg_object iobj; |
380 | |
381 | memcpy(iobj.id, obj->id.sha1, sizeof(iobj.id)); |
382 | iobj.type = obj->type; |
383 | iobj.flags = obj->flags; |
384 | iobj.hdrlen = obj->hdrlen; |
385 | iobj.size = obj->size; |
386 | if (iobj.flags & GOT_OBJ_FLAG_PACKED0x01) { |
387 | iobj.pack_offset = obj->pack_offset; |
388 | iobj.pack_idx = obj->pack_idx; |
389 | } |
390 | |
391 | if (imsg_compose(ibuf, GOT_IMSG_OBJECT, 0, 0, -1, &iobj, sizeof(iobj)) |
392 | == -1) |
393 | return got_error_from_errno("imsg_compose OBJECT"); |
394 | |
395 | return flush_imsg(ibuf); |
396 | } |
397 | |
398 | const struct got_error * |
399 | got_privsep_get_imsg_obj(struct got_object **obj, struct imsg *imsg, |
400 | struct imsgbuf *ibuf) |
401 | { |
402 | const struct got_error *err = NULL((void *)0); |
403 | struct got_imsg_object *iobj; |
404 | size_t datalen = imsg->hdr.len - IMSG_HEADER_SIZEsizeof(struct imsg_hdr); |
405 | |
406 | if (datalen != sizeof(*iobj)) |
407 | return got_error(GOT_ERR_PRIVSEP_LEN36); |
408 | iobj = imsg->data; |
409 | |
410 | *obj = calloc(1, sizeof(**obj)); |
411 | if (*obj == NULL((void *)0)) |
412 | return got_error_from_errno("calloc"); |
413 | |
414 | memcpy((*obj)->id.sha1, iobj->id, SHA1_DIGEST_LENGTH20); |
415 | (*obj)->type = iobj->type; |
416 | (*obj)->flags = iobj->flags; |
417 | (*obj)->hdrlen = iobj->hdrlen; |
418 | (*obj)->size = iobj->size; |
419 | /* path_packfile is handled by caller */ |
420 | if (iobj->flags & GOT_OBJ_FLAG_PACKED0x01) { |
421 | (*obj)->pack_offset = iobj->pack_offset; |
422 | (*obj)->pack_idx = iobj->pack_idx; |
423 | } |
424 | |
425 | return err; |
426 | } |
427 | |
428 | const struct got_error * |
429 | got_privsep_recv_obj(struct got_object **obj, struct imsgbuf *ibuf) |
430 | { |
431 | const struct got_error *err = NULL((void *)0); |
432 | struct imsg imsg; |
433 | const size_t min_datalen = |
434 | MIN(sizeof(struct got_imsg_error), sizeof(struct got_imsg_object))((sizeof(struct got_imsg_error)) < (sizeof(struct got_imsg_object )) ? (sizeof(struct got_imsg_error)) : (sizeof(struct got_imsg_object ))); |
435 | |
436 | *obj = NULL((void *)0); |
437 | |
438 | err = got_privsep_recv_imsg(&imsg, ibuf, min_datalen); |
439 | if (err) |
440 | return err; |
441 | |
442 | switch (imsg.hdr.type) { |
443 | case GOT_IMSG_OBJECT: |
444 | err = got_privsep_get_imsg_obj(obj, &imsg, ibuf); |
445 | break; |
446 | default: |
447 | err = got_error(GOT_ERR_PRIVSEP_MSG39); |
448 | break; |
449 | } |
450 | |
451 | imsg_free(&imsg); |
452 | |
453 | return err; |
454 | } |
455 | |
456 | static const struct got_error * |
457 | send_commit_logmsg(struct imsgbuf *ibuf, struct got_commit_object *commit, |
458 | size_t logmsg_len) |
459 | { |
460 | const struct got_error *err = NULL((void *)0); |
461 | size_t offset, remain; |
462 | |
463 | offset = 0; |
464 | remain = logmsg_len; |
465 | while (remain > 0) { |
466 | size_t n = MIN(MAX_IMSGSIZE - IMSG_HEADER_SIZE, remain)((16384 - sizeof(struct imsg_hdr)) < (remain) ? (16384 - sizeof (struct imsg_hdr)) : (remain)); |
467 | |
468 | if (imsg_compose(ibuf, GOT_IMSG_COMMIT_LOGMSG, 0, 0, -1, |
469 | commit->logmsg + offset, n) == -1) { |
470 | err = got_error_from_errno("imsg_compose " |
471 | "COMMIT_LOGMSG"); |
472 | break; |
473 | } |
474 | |
475 | err = flush_imsg(ibuf); |
476 | if (err) |
477 | break; |
478 | |
479 | offset += n; |
480 | remain -= n; |
481 | } |
482 | |
483 | return err; |
484 | } |
485 | |
486 | const struct got_error * |
487 | got_privsep_send_commit(struct imsgbuf *ibuf, struct got_commit_object *commit) |
488 | { |
489 | const struct got_error *err = NULL((void *)0); |
490 | struct got_imsg_commit_object *icommit; |
491 | uint8_t *buf; |
492 | size_t len, total; |
493 | struct got_object_qid *qid; |
494 | size_t author_len = strlen(commit->author); |
495 | size_t committer_len = strlen(commit->committer); |
496 | size_t logmsg_len = strlen(commit->logmsg); |
497 | |
498 | total = sizeof(*icommit) + author_len + committer_len + |
499 | commit->nparents * SHA1_DIGEST_LENGTH20; |
500 | |
501 | buf = malloc(total); |
502 | if (buf == NULL((void *)0)) |
503 | return got_error_from_errno("malloc"); |
504 | |
505 | icommit = (struct got_imsg_commit_object *)buf; |
506 | memcpy(icommit->tree_id, commit->tree_id->sha1, |
507 | sizeof(icommit->tree_id)); |
508 | icommit->author_len = author_len; |
509 | icommit->author_time = commit->author_time; |
510 | icommit->author_gmtoff = commit->author_gmtoff; |
511 | icommit->committer_len = committer_len; |
512 | icommit->committer_time = commit->committer_time; |
513 | icommit->committer_gmtoff = commit->committer_gmtoff; |
514 | icommit->logmsg_len = logmsg_len; |
515 | icommit->nparents = commit->nparents; |
516 | |
517 | len = sizeof(*icommit); |
518 | memcpy(buf + len, commit->author, author_len); |
519 | len += author_len; |
520 | memcpy(buf + len, commit->committer, committer_len); |
521 | len += committer_len; |
522 | SIMPLEQ_FOREACH(qid, &commit->parent_ids, entry)for((qid) = ((&commit->parent_ids)->sqh_first); (qid ) != ((void *)0); (qid) = ((qid)->entry.sqe_next)) { |
523 | memcpy(buf + len, qid->id, SHA1_DIGEST_LENGTH20); |
524 | len += SHA1_DIGEST_LENGTH20; |
525 | } |
526 | |
527 | if (imsg_compose(ibuf, GOT_IMSG_COMMIT, 0, 0, -1, buf, len) == -1) { |
528 | err = got_error_from_errno("imsg_compose COMMIT"); |
529 | goto done; |
530 | } |
531 | |
532 | if (logmsg_len == 0 || |
533 | logmsg_len + len > MAX_IMSGSIZE16384 - IMSG_HEADER_SIZEsizeof(struct imsg_hdr)) { |
534 | err = flush_imsg(ibuf); |
535 | if (err) |
536 | goto done; |
537 | } |
538 | err = send_commit_logmsg(ibuf, commit, logmsg_len); |
539 | done: |
540 | free(buf); |
541 | return err; |
542 | } |
543 | |
544 | const struct got_error * |
545 | got_privsep_recv_commit(struct got_commit_object **commit, struct imsgbuf *ibuf) |
546 | { |
547 | const struct got_error *err = NULL((void *)0); |
548 | struct imsg imsg; |
549 | struct got_imsg_commit_object *icommit; |
550 | size_t len, datalen; |
551 | int i; |
552 | const size_t min_datalen = |
553 | MIN(sizeof(struct got_imsg_error),((sizeof(struct got_imsg_error)) < (sizeof(struct got_imsg_commit_object )) ? (sizeof(struct got_imsg_error)) : (sizeof(struct got_imsg_commit_object ))) |
554 | sizeof(struct got_imsg_commit_object))((sizeof(struct got_imsg_error)) < (sizeof(struct got_imsg_commit_object )) ? (sizeof(struct got_imsg_error)) : (sizeof(struct got_imsg_commit_object ))); |
555 | |
556 | *commit = NULL((void *)0); |
557 | |
558 | err = got_privsep_recv_imsg(&imsg, ibuf, min_datalen); |
559 | if (err) |
560 | return err; |
561 | |
562 | datalen = imsg.hdr.len - IMSG_HEADER_SIZEsizeof(struct imsg_hdr); |
563 | len = 0; |
564 | |
565 | switch (imsg.hdr.type) { |
566 | case GOT_IMSG_COMMIT: |
567 | if (datalen < sizeof(*icommit)) { |
568 | err = got_error(GOT_ERR_PRIVSEP_LEN36); |
569 | break; |
570 | } |
571 | icommit = imsg.data; |
572 | if (datalen != sizeof(*icommit) + icommit->author_len + |
573 | icommit->committer_len + |
574 | icommit->nparents * SHA1_DIGEST_LENGTH20) { |
575 | err = got_error(GOT_ERR_PRIVSEP_LEN36); |
576 | break; |
577 | } |
578 | if (icommit->nparents < 0) { |
579 | err = got_error(GOT_ERR_PRIVSEP_LEN36); |
580 | break; |
581 | } |
582 | len += sizeof(*icommit); |
583 | |
584 | *commit = got_object_commit_alloc_partial(); |
585 | if (*commit == NULL((void *)0)) { |
586 | err = got_error_from_errno( |
587 | "got_object_commit_alloc_partial"); |
588 | break; |
589 | } |
590 | |
591 | memcpy((*commit)->tree_id->sha1, icommit->tree_id, |
592 | SHA1_DIGEST_LENGTH20); |
593 | (*commit)->author_time = icommit->author_time; |
594 | (*commit)->author_gmtoff = icommit->author_gmtoff; |
595 | (*commit)->committer_time = icommit->committer_time; |
596 | (*commit)->committer_gmtoff = icommit->committer_gmtoff; |
597 | |
598 | if (icommit->author_len == 0) { |
599 | (*commit)->author = strdup(""); |
600 | if ((*commit)->author == NULL((void *)0)) { |
601 | err = got_error_from_errno("strdup"); |
602 | break; |
603 | } |
604 | } else { |
605 | (*commit)->author = malloc(icommit->author_len + 1); |
606 | if ((*commit)->author == NULL((void *)0)) { |
607 | err = got_error_from_errno("malloc"); |
608 | break; |
609 | } |
610 | memcpy((*commit)->author, imsg.data + len, |
611 | icommit->author_len); |
612 | (*commit)->author[icommit->author_len] = '\0'; |
613 | } |
614 | len += icommit->author_len; |
615 | |
616 | if (icommit->committer_len == 0) { |
617 | (*commit)->committer = strdup(""); |
618 | if ((*commit)->committer == NULL((void *)0)) { |
619 | err = got_error_from_errno("strdup"); |
620 | break; |
621 | } |
622 | } else { |
623 | (*commit)->committer = |
624 | malloc(icommit->committer_len + 1); |
625 | if ((*commit)->committer == NULL((void *)0)) { |
626 | err = got_error_from_errno("malloc"); |
627 | break; |
628 | } |
629 | memcpy((*commit)->committer, imsg.data + len, |
630 | icommit->committer_len); |
631 | (*commit)->committer[icommit->committer_len] = '\0'; |
632 | } |
633 | len += icommit->committer_len; |
634 | |
635 | if (icommit->logmsg_len == 0) { |
636 | (*commit)->logmsg = strdup(""); |
637 | if ((*commit)->logmsg == NULL((void *)0)) { |
638 | err = got_error_from_errno("strdup"); |
639 | break; |
640 | } |
641 | } else { |
642 | size_t offset = 0, remain = icommit->logmsg_len; |
643 | |
644 | (*commit)->logmsg = malloc(icommit->logmsg_len + 1); |
645 | if ((*commit)->logmsg == NULL((void *)0)) { |
646 | err = got_error_from_errno("malloc"); |
647 | break; |
648 | } |
649 | while (remain > 0) { |
650 | struct imsg imsg_log; |
651 | size_t n = MIN(MAX_IMSGSIZE - IMSG_HEADER_SIZE,((16384 - sizeof(struct imsg_hdr)) < (remain) ? (16384 - sizeof (struct imsg_hdr)) : (remain)) |
652 | remain)((16384 - sizeof(struct imsg_hdr)) < (remain) ? (16384 - sizeof (struct imsg_hdr)) : (remain)); |
653 | |
654 | err = got_privsep_recv_imsg(&imsg_log, ibuf, n); |
655 | if (err) |
656 | return err; |
657 | |
658 | if (imsg_log.hdr.type != GOT_IMSG_COMMIT_LOGMSG) |
659 | return got_error(GOT_ERR_PRIVSEP_MSG39); |
660 | |
661 | memcpy((*commit)->logmsg + offset, |
662 | imsg_log.data, n); |
663 | imsg_free(&imsg_log); |
664 | offset += n; |
665 | remain -= n; |
666 | } |
667 | (*commit)->logmsg[icommit->logmsg_len] = '\0'; |
668 | } |
669 | |
670 | for (i = 0; i < icommit->nparents; i++) { |
671 | struct got_object_qid *qid; |
672 | |
673 | err = got_object_qid_alloc_partial(&qid); |
674 | if (err) |
675 | break; |
676 | memcpy(qid->id, imsg.data + len + |
677 | i * SHA1_DIGEST_LENGTH20, sizeof(*qid->id)); |
678 | SIMPLEQ_INSERT_TAIL(&(*commit)->parent_ids, qid, entry)do { (qid)->entry.sqe_next = ((void *)0); *(&(*commit) ->parent_ids)->sqh_last = (qid); (&(*commit)->parent_ids )->sqh_last = &(qid)->entry.sqe_next; } while (0); |
679 | (*commit)->nparents++; |
680 | } |
681 | break; |
682 | default: |
683 | err = got_error(GOT_ERR_PRIVSEP_MSG39); |
684 | break; |
685 | } |
686 | |
687 | imsg_free(&imsg); |
688 | |
689 | return err; |
690 | } |
691 | |
692 | const struct got_error * |
693 | got_privsep_send_tree(struct imsgbuf *ibuf, struct got_tree_object *tree) |
694 | { |
695 | const struct got_error *err = NULL((void *)0); |
696 | struct got_imsg_tree_object itree; |
697 | struct got_tree_entry *te; |
698 | size_t totlen; |
699 | int nimsg; /* number of imsg queued in ibuf */ |
700 | |
701 | itree.nentries = tree->entries.nentries; |
702 | if (imsg_compose(ibuf, GOT_IMSG_TREE, 0, 0, -1, &itree, sizeof(itree)) |
703 | == -1) |
704 | return got_error_from_errno("imsg_compose TREE"); |
705 | |
706 | totlen = sizeof(itree); |
707 | nimsg = 1; |
708 | SIMPLEQ_FOREACH(te, &tree->entries.head, entry)for((te) = ((&tree->entries.head)->sqh_first); (te) != ((void *)0); (te) = ((te)->entry.sqe_next)) { |
709 | struct got_imsg_tree_entry *ite; |
710 | uint8_t *buf = NULL((void *)0); |
711 | size_t len = sizeof(*ite) + strlen(te->name); |
712 | |
713 | if (len > MAX_IMSGSIZE16384) |
714 | return got_error(GOT_ERR_NO_SPACE9); |
715 | |
716 | nimsg++; |
717 | if (totlen + len >= MAX_IMSGSIZE16384 - (IMSG_HEADER_SIZEsizeof(struct imsg_hdr) * nimsg)) { |
718 | err = flush_imsg(ibuf); |
719 | if (err) |
720 | return err; |
721 | nimsg = 0; |
722 | } |
723 | |
724 | buf = malloc(len); |
725 | if (buf == NULL((void *)0)) |
726 | return got_error_from_errno("malloc"); |
727 | |
728 | ite = (struct got_imsg_tree_entry *)buf; |
729 | memcpy(ite->id, te->id->sha1, sizeof(ite->id)); |
730 | ite->mode = te->mode; |
731 | memcpy(buf + sizeof(*ite), te->name, strlen(te->name)); |
732 | |
733 | if (imsg_compose(ibuf, GOT_IMSG_TREE_ENTRY, 0, 0, -1, |
734 | buf, len) == -1) |
735 | err = got_error_from_errno("imsg_compose TREE_ENTRY"); |
736 | free(buf); |
737 | if (err) |
738 | return err; |
739 | totlen += len; |
740 | } |
741 | |
742 | return flush_imsg(ibuf); |
743 | } |
744 | |
745 | const struct got_error * |
746 | got_privsep_recv_tree(struct got_tree_object **tree, struct imsgbuf *ibuf) |
747 | { |
748 | const struct got_error *err = NULL((void *)0); |
749 | const size_t min_datalen = |
750 | MIN(sizeof(struct got_imsg_error),((sizeof(struct got_imsg_error)) < (sizeof(struct got_imsg_tree_object )) ? (sizeof(struct got_imsg_error)) : (sizeof(struct got_imsg_tree_object ))) |
751 | sizeof(struct got_imsg_tree_object))((sizeof(struct got_imsg_error)) < (sizeof(struct got_imsg_tree_object )) ? (sizeof(struct got_imsg_error)) : (sizeof(struct got_imsg_tree_object ))); |
752 | struct got_imsg_tree_object *itree; |
753 | int nentries = 0; |
754 | |
755 | *tree = NULL((void *)0); |
756 | get_more: |
757 | err = read_imsg(ibuf); |
758 | if (err) |
759 | goto done; |
760 | |
761 | for (;;) { |
762 | struct imsg imsg; |
763 | size_t n; |
764 | size_t datalen; |
765 | struct got_imsg_tree_entry *ite; |
766 | struct got_tree_entry *te = NULL((void *)0); |
767 | |
768 | n = imsg_get(ibuf, &imsg); |
769 | if (n == 0) { |
770 | if (*tree && (*tree)->entries.nentries != nentries) |
771 | goto get_more; |
772 | break; |
773 | } |
774 | |
775 | if (imsg.hdr.len < IMSG_HEADER_SIZEsizeof(struct imsg_hdr) + min_datalen) |
776 | return got_error(GOT_ERR_PRIVSEP_LEN36); |
777 | |
778 | datalen = imsg.hdr.len - IMSG_HEADER_SIZEsizeof(struct imsg_hdr); |
779 | |
780 | switch (imsg.hdr.type) { |
781 | case GOT_IMSG_ERROR: |
782 | err = recv_imsg_error(&imsg, datalen); |
783 | break; |
784 | case GOT_IMSG_TREE: |
785 | /* This message should only appear once. */ |
786 | if (*tree != NULL((void *)0)) { |
787 | err = got_error(GOT_ERR_PRIVSEP_MSG39); |
788 | break; |
789 | } |
790 | if (datalen != sizeof(*itree)) { |
791 | err = got_error(GOT_ERR_PRIVSEP_LEN36); |
792 | break; |
793 | } |
794 | itree = imsg.data; |
795 | *tree = malloc(sizeof(**tree)); |
796 | if (*tree == NULL((void *)0)) { |
797 | err = got_error_from_errno("malloc"); |
798 | break; |
799 | } |
800 | (*tree)->entries.nentries = itree->nentries; |
801 | SIMPLEQ_INIT(&(*tree)->entries.head)do { (&(*tree)->entries.head)->sqh_first = ((void * )0); (&(*tree)->entries.head)->sqh_last = &(& (*tree)->entries.head)->sqh_first; } while (0); |
802 | (*tree)->refcnt = 0; |
803 | break; |
804 | case GOT_IMSG_TREE_ENTRY: |
805 | /* This message should be preceeded by GOT_IMSG_TREE. */ |
806 | if (*tree == NULL((void *)0)) { |
807 | err = got_error(GOT_ERR_PRIVSEP_MSG39); |
808 | break; |
809 | } |
810 | if (datalen < sizeof(*ite) || datalen > MAX_IMSGSIZE16384) { |
811 | err = got_error(GOT_ERR_PRIVSEP_LEN36); |
812 | break; |
813 | } |
814 | |
815 | /* Remaining data contains the entry's name. */ |
816 | datalen -= sizeof(*ite); |
817 | if (datalen == 0 || datalen > MAX_IMSGSIZE16384) { |
818 | err = got_error(GOT_ERR_PRIVSEP_LEN36); |
819 | break; |
820 | } |
821 | ite = imsg.data; |
822 | |
823 | te = got_alloc_tree_entry_partial(); |
824 | if (te == NULL((void *)0)) { |
825 | err = got_error_from_errno( |
826 | "got_alloc_tree_entry_partial"); |
827 | break; |
828 | } |
829 | te->name = malloc(datalen + 1); |
830 | if (te->name == NULL((void *)0)) { |
831 | free(te); |
832 | err = got_error_from_errno("malloc"); |
833 | break; |
834 | } |
835 | memcpy(te->name, imsg.data + sizeof(*ite), datalen); |
836 | te->name[datalen] = '\0'; |
837 | |
838 | memcpy(te->id->sha1, ite->id, SHA1_DIGEST_LENGTH20); |
839 | te->mode = ite->mode; |
840 | SIMPLEQ_INSERT_TAIL(&(*tree)->entries.head, te, entry)do { (te)->entry.sqe_next = ((void *)0); *(&(*tree)-> entries.head)->sqh_last = (te); (&(*tree)->entries. head)->sqh_last = &(te)->entry.sqe_next; } while (0 ); |
841 | nentries++; |
842 | break; |
843 | default: |
844 | err = got_error(GOT_ERR_PRIVSEP_MSG39); |
845 | break; |
846 | } |
847 | |
848 | imsg_free(&imsg); |
849 | } |
850 | done: |
851 | if (*tree && (*tree)->entries.nentries != nentries) { |
852 | if (err == NULL((void *)0)) |
853 | err = got_error(GOT_ERR_PRIVSEP_LEN36); |
854 | got_object_tree_close(*tree); |
855 | *tree = NULL((void *)0); |
856 | } |
857 | |
858 | return err; |
859 | } |
860 | |
861 | const struct got_error * |
862 | got_privsep_send_blob(struct imsgbuf *ibuf, size_t size, size_t hdrlen, |
863 | const uint8_t *data) |
864 | { |
865 | struct got_imsg_blob iblob; |
866 | |
867 | iblob.size = size; |
868 | iblob.hdrlen = hdrlen; |
869 | |
870 | if (data) { |
871 | uint8_t *buf; |
872 | |
873 | if (size > GOT_PRIVSEP_INLINE_BLOB_DATA_MAX(16384 - sizeof(struct imsg_hdr) - sizeof(struct got_imsg_blob ))) |
874 | return got_error(GOT_ERR_NO_SPACE9); |
875 | |
876 | buf = malloc(sizeof(iblob) + size); |
877 | if (buf == NULL((void *)0)) |
878 | return got_error_from_errno("malloc"); |
879 | |
880 | memcpy(buf, &iblob, sizeof(iblob)); |
881 | memcpy(buf + sizeof(iblob), data, size); |
882 | if (imsg_compose(ibuf, GOT_IMSG_BLOB, 0, 0, -1, buf, |
883 | sizeof(iblob) + size) == -1) { |
884 | free(buf); |
885 | return got_error_from_errno("imsg_compose BLOB"); |
886 | } |
887 | free(buf); |
888 | } else { |
889 | /* Data has already been written to file descriptor. */ |
890 | if (imsg_compose(ibuf, GOT_IMSG_BLOB, 0, 0, -1, &iblob, |
891 | sizeof(iblob)) == -1) |
892 | return got_error_from_errno("imsg_compose BLOB"); |
893 | } |
894 | |
895 | |
896 | return flush_imsg(ibuf); |
897 | } |
898 | |
899 | const struct got_error * |
900 | got_privsep_recv_blob(uint8_t **outbuf, size_t *size, size_t *hdrlen, |
901 | struct imsgbuf *ibuf) |
902 | { |
903 | const struct got_error *err = NULL((void *)0); |
904 | struct imsg imsg; |
905 | struct got_imsg_blob *iblob; |
906 | size_t datalen; |
907 | |
908 | *outbuf = NULL((void *)0); |
909 | |
910 | err = got_privsep_recv_imsg(&imsg, ibuf, 0); |
911 | if (err) |
912 | return err; |
913 | |
914 | datalen = imsg.hdr.len - IMSG_HEADER_SIZEsizeof(struct imsg_hdr); |
915 | |
916 | switch (imsg.hdr.type) { |
917 | case GOT_IMSG_BLOB: |
918 | if (datalen < sizeof(*iblob)) { |
919 | err = got_error(GOT_ERR_PRIVSEP_LEN36); |
920 | break; |
921 | } |
922 | iblob = imsg.data; |
923 | *size = iblob->size; |
924 | *hdrlen = iblob->hdrlen; |
925 | |
926 | if (datalen == sizeof(*iblob)) { |
927 | /* Data has been written to file descriptor. */ |
928 | break; |
929 | } |
930 | |
931 | if (*size > GOT_PRIVSEP_INLINE_BLOB_DATA_MAX(16384 - sizeof(struct imsg_hdr) - sizeof(struct got_imsg_blob ))) { |
932 | err = got_error(GOT_ERR_PRIVSEP_LEN36); |
933 | break; |
934 | } |
935 | |
936 | *outbuf = malloc(*size); |
937 | if (*outbuf == NULL((void *)0)) { |
938 | err = got_error_from_errno("malloc"); |
939 | break; |
940 | } |
941 | memcpy(*outbuf, imsg.data + sizeof(*iblob), *size); |
942 | break; |
943 | default: |
944 | err = got_error(GOT_ERR_PRIVSEP_MSG39); |
945 | break; |
946 | } |
947 | |
948 | imsg_free(&imsg); |
949 | |
950 | return err; |
951 | } |
952 | |
953 | static const struct got_error * |
954 | send_tagmsg(struct imsgbuf *ibuf, struct got_tag_object *tag, size_t tagmsg_len) |
955 | { |
956 | const struct got_error *err = NULL((void *)0); |
957 | size_t offset, remain; |
958 | |
959 | offset = 0; |
960 | remain = tagmsg_len; |
961 | while (remain > 0) { |
962 | size_t n = MIN(MAX_IMSGSIZE - IMSG_HEADER_SIZE, remain)((16384 - sizeof(struct imsg_hdr)) < (remain) ? (16384 - sizeof (struct imsg_hdr)) : (remain)); |
963 | |
964 | if (imsg_compose(ibuf, GOT_IMSG_TAG_TAGMSG, 0, 0, -1, |
965 | tag->tagmsg + offset, n) == -1) { |
966 | err = got_error_from_errno("imsg_compose TAG_TAGMSG"); |
967 | break; |
968 | } |
969 | |
970 | err = flush_imsg(ibuf); |
971 | if (err) |
972 | break; |
973 | |
974 | offset += n; |
975 | remain -= n; |
976 | } |
977 | |
978 | return err; |
979 | } |
980 | |
981 | const struct got_error * |
982 | got_privsep_send_tag(struct imsgbuf *ibuf, struct got_tag_object *tag) |
983 | { |
984 | const struct got_error *err = NULL((void *)0); |
985 | struct got_imsg_tag_object *itag; |
986 | uint8_t *buf; |
987 | size_t len, total; |
988 | size_t tag_len = strlen(tag->tag); |
989 | size_t tagger_len = strlen(tag->tagger); |
990 | size_t tagmsg_len = strlen(tag->tagmsg); |
991 | |
992 | total = sizeof(*itag) + tag_len + tagger_len + tagmsg_len; |
993 | |
994 | buf = malloc(total); |
995 | if (buf == NULL((void *)0)) |
996 | return got_error_from_errno("malloc"); |
997 | |
998 | itag = (struct got_imsg_tag_object *)buf; |
999 | memcpy(itag->id, tag->id.sha1, sizeof(itag->id)); |
1000 | itag->obj_type = tag->obj_type; |
1001 | itag->tag_len = tag_len; |
1002 | itag->tagger_len = tagger_len; |
1003 | itag->tagger_time = tag->tagger_time; |
1004 | itag->tagger_gmtoff = tag->tagger_gmtoff; |
1005 | itag->tagmsg_len = tagmsg_len; |
1006 | |
1007 | len = sizeof(*itag); |
1008 | memcpy(buf + len, tag->tag, tag_len); |
1009 | len += tag_len; |
1010 | memcpy(buf + len, tag->tagger, tagger_len); |
1011 | len += tagger_len; |
1012 | |
1013 | if (imsg_compose(ibuf, GOT_IMSG_TAG, 0, 0, -1, buf, len) == -1) { |
1014 | err = got_error_from_errno("imsg_compose TAG"); |
1015 | goto done; |
1016 | } |
1017 | |
1018 | if (tagmsg_len == 0 || |
1019 | tagmsg_len + len > MAX_IMSGSIZE16384 - IMSG_HEADER_SIZEsizeof(struct imsg_hdr)) { |
1020 | err = flush_imsg(ibuf); |
1021 | if (err) |
1022 | goto done; |
1023 | } |
1024 | err = send_tagmsg(ibuf, tag, tagmsg_len); |
1025 | done: |
1026 | free(buf); |
1027 | return err; |
1028 | } |
1029 | |
1030 | const struct got_error * |
1031 | got_privsep_recv_tag(struct got_tag_object **tag, struct imsgbuf *ibuf) |
1032 | { |
1033 | const struct got_error *err = NULL((void *)0); |
1034 | struct imsg imsg; |
1035 | struct got_imsg_tag_object *itag; |
1036 | size_t len, datalen; |
1037 | const size_t min_datalen = |
1038 | MIN(sizeof(struct got_imsg_error),((sizeof(struct got_imsg_error)) < (sizeof(struct got_imsg_tag_object )) ? (sizeof(struct got_imsg_error)) : (sizeof(struct got_imsg_tag_object ))) |
1039 | sizeof(struct got_imsg_tag_object))((sizeof(struct got_imsg_error)) < (sizeof(struct got_imsg_tag_object )) ? (sizeof(struct got_imsg_error)) : (sizeof(struct got_imsg_tag_object ))); |
1040 | |
1041 | *tag = NULL((void *)0); |
1042 | |
1043 | err = got_privsep_recv_imsg(&imsg, ibuf, min_datalen); |
1044 | if (err) |
1045 | return err; |
1046 | |
1047 | datalen = imsg.hdr.len - IMSG_HEADER_SIZEsizeof(struct imsg_hdr); |
1048 | len = 0; |
1049 | |
1050 | switch (imsg.hdr.type) { |
1051 | case GOT_IMSG_TAG: |
1052 | if (datalen < sizeof(*itag)) { |
1053 | err = got_error(GOT_ERR_PRIVSEP_LEN36); |
1054 | break; |
1055 | } |
1056 | itag = imsg.data; |
1057 | if (datalen != sizeof(*itag) + itag->tag_len + |
1058 | itag->tagger_len) { |
1059 | err = got_error(GOT_ERR_PRIVSEP_LEN36); |
1060 | break; |
1061 | } |
1062 | len += sizeof(*itag); |
1063 | |
1064 | *tag = calloc(1, sizeof(**tag)); |
1065 | if (*tag == NULL((void *)0)) { |
1066 | err = got_error_from_errno("calloc"); |
1067 | break; |
1068 | } |
1069 | |
1070 | memcpy((*tag)->id.sha1, itag->id, SHA1_DIGEST_LENGTH20); |
1071 | |
1072 | if (itag->tag_len == 0) { |
1073 | (*tag)->tag = strdup(""); |
1074 | if ((*tag)->tag == NULL((void *)0)) { |
1075 | err = got_error_from_errno("strdup"); |
1076 | break; |
1077 | } |
1078 | } else { |
1079 | (*tag)->tag = malloc(itag->tag_len + 1); |
1080 | if ((*tag)->tag == NULL((void *)0)) { |
1081 | err = got_error_from_errno("malloc"); |
1082 | break; |
1083 | } |
1084 | memcpy((*tag)->tag, imsg.data + len, |
1085 | itag->tag_len); |
1086 | (*tag)->tag[itag->tag_len] = '\0'; |
1087 | } |
1088 | len += itag->tag_len; |
1089 | |
1090 | (*tag)->obj_type = itag->obj_type; |
1091 | (*tag)->tagger_time = itag->tagger_time; |
1092 | (*tag)->tagger_gmtoff = itag->tagger_gmtoff; |
1093 | |
1094 | if (itag->tagger_len == 0) { |
1095 | (*tag)->tagger = strdup(""); |
1096 | if ((*tag)->tagger == NULL((void *)0)) { |
1097 | err = got_error_from_errno("strdup"); |
1098 | break; |
1099 | } |
1100 | } else { |
1101 | (*tag)->tagger = malloc(itag->tagger_len + 1); |
1102 | if ((*tag)->tagger == NULL((void *)0)) { |
1103 | err = got_error_from_errno("malloc"); |
1104 | break; |
1105 | } |
1106 | memcpy((*tag)->tagger, imsg.data + len, |
1107 | itag->tagger_len); |
1108 | (*tag)->tagger[itag->tagger_len] = '\0'; |
1109 | } |
1110 | len += itag->tagger_len; |
Value stored to 'len' is never read | |
1111 | |
1112 | if (itag->tagmsg_len == 0) { |
1113 | (*tag)->tagmsg = strdup(""); |
1114 | if ((*tag)->tagmsg == NULL((void *)0)) { |
1115 | err = got_error_from_errno("strdup"); |
1116 | break; |
1117 | } |
1118 | } else { |
1119 | size_t offset = 0, remain = itag->tagmsg_len; |
1120 | |
1121 | (*tag)->tagmsg = malloc(itag->tagmsg_len + 1); |
1122 | if ((*tag)->tagmsg == NULL((void *)0)) { |
1123 | err = got_error_from_errno("malloc"); |
1124 | break; |
1125 | } |
1126 | while (remain > 0) { |
1127 | struct imsg imsg_log; |
1128 | size_t n = MIN(MAX_IMSGSIZE - IMSG_HEADER_SIZE,((16384 - sizeof(struct imsg_hdr)) < (remain) ? (16384 - sizeof (struct imsg_hdr)) : (remain)) |
1129 | remain)((16384 - sizeof(struct imsg_hdr)) < (remain) ? (16384 - sizeof (struct imsg_hdr)) : (remain)); |
1130 | |
1131 | err = got_privsep_recv_imsg(&imsg_log, ibuf, n); |
1132 | if (err) |
1133 | return err; |
1134 | |
1135 | if (imsg_log.hdr.type != GOT_IMSG_TAG_TAGMSG) |
1136 | return got_error(GOT_ERR_PRIVSEP_MSG39); |
1137 | |
1138 | memcpy((*tag)->tagmsg + offset, imsg_log.data, |
1139 | n); |
1140 | imsg_free(&imsg_log); |
1141 | offset += n; |
1142 | remain -= n; |
1143 | } |
1144 | (*tag)->tagmsg[itag->tagmsg_len] = '\0'; |
1145 | } |
1146 | |
1147 | break; |
1148 | default: |
1149 | err = got_error(GOT_ERR_PRIVSEP_MSG39); |
1150 | break; |
1151 | } |
1152 | |
1153 | imsg_free(&imsg); |
1154 | |
1155 | return err; |
1156 | } |
1157 | |
1158 | const struct got_error * |
1159 | got_privsep_init_pack_child(struct imsgbuf *ibuf, struct got_pack *pack, |
1160 | struct got_packidx *packidx) |
1161 | { |
1162 | const struct got_error *err = NULL((void *)0); |
1163 | struct got_imsg_packidx ipackidx; |
1164 | struct got_imsg_pack ipack; |
1165 | int fd; |
1166 | |
1167 | ipackidx.len = packidx->len; |
1168 | fd = dup(packidx->fd); |
1169 | if (fd == -1) |
1170 | return got_error_from_errno("dup"); |
1171 | |
1172 | if (imsg_compose(ibuf, GOT_IMSG_PACKIDX, 0, 0, fd, &ipackidx, |
1173 | sizeof(ipackidx)) == -1) { |
1174 | err = got_error_from_errno("imsg_compose PACKIDX"); |
1175 | close(fd); |
1176 | return err; |
1177 | } |
1178 | |
1179 | if (strlcpy(ipack.path_packfile, pack->path_packfile, |
1180 | sizeof(ipack.path_packfile)) >= sizeof(ipack.path_packfile)) |
1181 | return got_error(GOT_ERR_NO_SPACE9); |
1182 | ipack.filesize = pack->filesize; |
1183 | |
1184 | fd = dup(pack->fd); |
1185 | if (fd == -1) |
1186 | return got_error_from_errno("dup"); |
1187 | |
1188 | if (imsg_compose(ibuf, GOT_IMSG_PACK, 0, 0, fd, &ipack, sizeof(ipack)) |
1189 | == -1) { |
1190 | err = got_error_from_errno("imsg_compose PACK"); |
1191 | close(fd); |
1192 | return err; |
1193 | } |
1194 | |
1195 | return flush_imsg(ibuf); |
1196 | } |
1197 | |
1198 | const struct got_error * |
1199 | got_privsep_send_packed_obj_req(struct imsgbuf *ibuf, int idx, |
1200 | struct got_object_id *id) |
1201 | { |
1202 | struct got_imsg_packed_object iobj; |
1203 | |
1204 | iobj.idx = idx; |
1205 | memcpy(iobj.id, id->sha1, sizeof(iobj.id)); |
1206 | |
1207 | if (imsg_compose(ibuf, GOT_IMSG_PACKED_OBJECT_REQUEST, 0, 0, -1, |
1208 | &iobj, sizeof(iobj)) == -1) |
1209 | return got_error_from_errno("imsg_compose " |
1210 | "PACKED_OBJECT_REQUEST"); |
1211 | |
1212 | return flush_imsg(ibuf); |
1213 | } |
1214 | |
1215 | const struct got_error * |
1216 | got_privsep_send_gitconfig_parse_req(struct imsgbuf *ibuf, int fd) |
1217 | { |
1218 | const struct got_error *err = NULL((void *)0); |
1219 | |
1220 | if (imsg_compose(ibuf, GOT_IMSG_GITCONFIG_PARSE_REQUEST, 0, 0, fd, |
1221 | NULL((void *)0), 0) == -1) { |
1222 | err = got_error_from_errno("imsg_compose " |
1223 | "GITCONFIG_PARSE_REQUEST"); |
1224 | close(fd); |
1225 | return err; |
1226 | } |
1227 | |
1228 | return flush_imsg(ibuf); |
1229 | } |
1230 | |
1231 | const struct got_error * |
1232 | got_privsep_send_gitconfig_repository_format_version_req(struct imsgbuf *ibuf) |
1233 | { |
1234 | if (imsg_compose(ibuf, |
1235 | GOT_IMSG_GITCONFIG_REPOSITORY_FORMAT_VERSION_REQUEST, 0, 0, -1, |
1236 | NULL((void *)0), 0) == -1) |
1237 | return got_error_from_errno("imsg_compose " |
1238 | "GITCONFIG_REPOSITORY_FORMAT_VERSION_REQUEST"); |
1239 | |
1240 | return flush_imsg(ibuf); |
1241 | } |
1242 | |
1243 | const struct got_error * |
1244 | got_privsep_send_gitconfig_author_name_req(struct imsgbuf *ibuf) |
1245 | { |
1246 | if (imsg_compose(ibuf, |
1247 | GOT_IMSG_GITCONFIG_AUTHOR_NAME_REQUEST, 0, 0, -1, NULL((void *)0), 0) == -1) |
1248 | return got_error_from_errno("imsg_compose " |
1249 | "GITCONFIG_AUTHOR_NAME_REQUEST"); |
1250 | |
1251 | return flush_imsg(ibuf); |
1252 | } |
1253 | |
1254 | const struct got_error * |
1255 | got_privsep_send_gitconfig_author_email_req(struct imsgbuf *ibuf) |
1256 | { |
1257 | if (imsg_compose(ibuf, |
1258 | GOT_IMSG_GITCONFIG_AUTHOR_EMAIL_REQUEST, 0, 0, -1, NULL((void *)0), 0) == -1) |
1259 | return got_error_from_errno("imsg_compose " |
1260 | "GITCONFIG_AUTHOR_EMAIL_REQUEST"); |
1261 | |
1262 | return flush_imsg(ibuf); |
1263 | } |
1264 | |
1265 | const struct got_error * |
1266 | got_privsep_send_gitconfig_str(struct imsgbuf *ibuf, const char *value) |
1267 | { |
1268 | size_t len = value ? strlen(value) + 1 : 0; |
1269 | |
1270 | if (imsg_compose(ibuf, GOT_IMSG_GITCONFIG_STR_VAL, 0, 0, -1, |
1271 | value, len) == -1) |
1272 | return got_error_from_errno("imsg_compose GITCONFIG_STR_VAL"); |
1273 | |
1274 | return flush_imsg(ibuf); |
1275 | } |
1276 | |
1277 | const struct got_error * |
1278 | got_privsep_recv_gitconfig_str(char **str, struct imsgbuf *ibuf) |
1279 | { |
1280 | const struct got_error *err = NULL((void *)0); |
1281 | struct imsg imsg; |
1282 | size_t datalen; |
1283 | const size_t min_datalen = 0; |
1284 | |
1285 | *str = NULL((void *)0); |
1286 | |
1287 | err = got_privsep_recv_imsg(&imsg, ibuf, min_datalen); |
1288 | if (err) |
1289 | return err; |
1290 | datalen = imsg.hdr.len - IMSG_HEADER_SIZEsizeof(struct imsg_hdr); |
1291 | |
1292 | switch (imsg.hdr.type) { |
1293 | case GOT_IMSG_GITCONFIG_STR_VAL: |
1294 | if (datalen == 0) |
1295 | break; |
1296 | *str = malloc(datalen); |
1297 | if (*str == NULL((void *)0)) { |
1298 | err = got_error_from_errno("malloc"); |
1299 | break; |
1300 | } |
1301 | if (strlcpy(*str, imsg.data, datalen) >= datalen) |
1302 | err = got_error(GOT_ERR_NO_SPACE9); |
1303 | break; |
1304 | default: |
1305 | err = got_error(GOT_ERR_PRIVSEP_MSG39); |
1306 | break; |
1307 | } |
1308 | |
1309 | imsg_free(&imsg); |
1310 | return err; |
1311 | } |
1312 | |
1313 | const struct got_error * |
1314 | got_privsep_send_gitconfig_int(struct imsgbuf *ibuf, int value) |
1315 | { |
1316 | if (imsg_compose(ibuf, GOT_IMSG_GITCONFIG_INT_VAL, 0, 0, -1, |
1317 | &value, sizeof(value)) == -1) |
1318 | return got_error_from_errno("imsg_compose GITCONFIG_INT_VAL"); |
1319 | |
1320 | return flush_imsg(ibuf); |
1321 | } |
1322 | |
1323 | const struct got_error * |
1324 | got_privsep_recv_gitconfig_int(int *val, struct imsgbuf *ibuf) |
1325 | { |
1326 | const struct got_error *err = NULL((void *)0); |
1327 | struct imsg imsg; |
1328 | size_t datalen; |
1329 | const size_t min_datalen = |
1330 | MIN(sizeof(struct got_imsg_error), sizeof(int))((sizeof(struct got_imsg_error)) < (sizeof(int)) ? (sizeof (struct got_imsg_error)) : (sizeof(int))); |
1331 | |
1332 | *val = 0; |
1333 | |
1334 | err = got_privsep_recv_imsg(&imsg, ibuf, min_datalen); |
1335 | if (err) |
1336 | return err; |
1337 | datalen = imsg.hdr.len - IMSG_HEADER_SIZEsizeof(struct imsg_hdr); |
1338 | |
1339 | switch (imsg.hdr.type) { |
1340 | case GOT_IMSG_GITCONFIG_INT_VAL: |
1341 | if (datalen != sizeof(*val)) { |
1342 | err = got_error(GOT_ERR_PRIVSEP_LEN36); |
1343 | break; |
1344 | } |
1345 | memcpy(val, imsg.data, sizeof(*val)); |
1346 | break; |
1347 | default: |
1348 | err = got_error(GOT_ERR_PRIVSEP_MSG39); |
1349 | break; |
1350 | } |
1351 | |
1352 | imsg_free(&imsg); |
1353 | return err; |
1354 | } |
1355 | |
1356 | const struct got_error * |
1357 | got_privsep_unveil_exec_helpers(void) |
1358 | { |
1359 | const char *helpers[] = { |
1360 | GOT_PATH_PROG_READ_PACK"/root/bin" "/" "got-read-pack", |
1361 | GOT_PATH_PROG_READ_OBJECT"/root/bin" "/" "got-read-object", |
1362 | GOT_PATH_PROG_READ_COMMIT"/root/bin" "/" "got-read-commit", |
1363 | GOT_PATH_PROG_READ_TREE"/root/bin" "/" "got-read-tree", |
1364 | GOT_PATH_PROG_READ_BLOB"/root/bin" "/" "got-read-blob", |
1365 | GOT_PATH_PROG_READ_TAG"/root/bin" "/" "got-read-tag", |
1366 | GOT_PATH_PROG_READ_GITCONFIG"/root/bin" "/" "got-read-gitconfig", |
1367 | }; |
1368 | int i; |
1369 | |
1370 | for (i = 0; i < nitems(helpers)(sizeof((helpers)) / sizeof((helpers)[0])); i++) { |
1371 | if (unveil(helpers[i], "x") == 0) |
1372 | continue; |
1373 | return got_error_from_errno2("unveil", helpers[i]); |
1374 | } |
1375 | |
1376 | return NULL((void *)0); |
1377 | } |
1378 | |
1379 | void |
1380 | got_privsep_exec_child(int imsg_fds[2], const char *path, const char *repo_path) |
1381 | { |
1382 | if (close(imsg_fds[0]) != 0) { |
1383 | fprintf(stderr(&__sF[2]), "%s: %s\n", getprogname(), strerror(errno(*__errno()))); |
1384 | _exit(1); |
1385 | } |
1386 | |
1387 | if (dup2(imsg_fds[1], GOT_IMSG_FD_CHILD(2 + 1)) == -1) { |
1388 | fprintf(stderr(&__sF[2]), "%s: %s\n", getprogname(), strerror(errno(*__errno()))); |
1389 | _exit(1); |
1390 | } |
1391 | if (closefrom(GOT_IMSG_FD_CHILD(2 + 1) + 1) == -1) { |
1392 | fprintf(stderr(&__sF[2]), "%s: %s\n", getprogname(), strerror(errno(*__errno()))); |
1393 | _exit(1); |
1394 | } |
1395 | |
1396 | if (execl(path, path, repo_path, (char *)NULL((void *)0)) == -1) { |
1397 | fprintf(stderr(&__sF[2]), "%s: %s: %s\n", getprogname(), path, |
1398 | strerror(errno(*__errno()))); |
1399 | _exit(1); |
1400 | } |
1401 | } |