/usr/ports/src/got/libexec/got-read-tree/../../lib/privsep.c

Bug Summary

File:	/usr/ports/src/got/libexec/got-read-tree/../../lib/privsep.c
Warning:	line 1110, column 3 Value stored to 'len' is never read

Annotated Source Code

Press '?' to see keyboard shortcuts

Show analyzer invocation

clang -cc1 -triple amd64-unknown-openbsd6.6 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name privsep.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -mrelocation-model pic -pic-level 1 -pic-is-pie -mthread-model posix -mdisable-fp-elim -relaxed-aliasing -masm-verbose -mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -dwarf-column-info -debugger-tuning=gdb -resource-dir /usr/local/lib/clang/8.0.1 -I /usr/ports/src/got/libexec/got-read-tree/../../include -I /usr/ports/src/got/libexec/got-read-tree/../../lib -D GOT_LIBEXECDIR=/root/bin -D GOT_VERSION=0.19-current -O0 -fdebug-compilation-dir /usr/ports/src/got/libexec/got-read-tree -ferror-limit 19 -fmessage-length 0 -fwrapv -D_RET_PROTECTOR -ret-protector -fobjc-runtime=gnustep -fdiagnostics-show-option -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -o /tmp/scan-build-2019-10-25-192004-30128-1 -x c /usr/ports/src/got/libexec/got-read-tree/../../lib/privsep.c -faddrsig

1	/*
2	* Copyright (c) 2018, 2019 Stefan Sperling <stsp@openbsd.org>
3	*
4	* Permission to use, copy, modify, and distribute this software for any
5	* purpose with or without fee is hereby granted, provided that the above
6	* copyright notice and this permission notice appear in all copies.
7	*
8	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15	*/
16
17	#include <sys/types.h>
18	#include <sys/queue.h>
19	#include <sys/uio.h>
20	#include <sys/syslimits.h>
21	#include <sys/wait.h>
22
23	#include <stdio.h>
24	#include <stdlib.h>
25	#include <string.h>
26	#include <errno(*__errno()).h>
27	#include <stdint.h>
28	#include <poll.h>
29	#include <imsg.h>
30	#include <sha1.h>
31	#include <zlib.h>
32	#include <time.h>
33
34	#include "got_object.h"
35	#include "got_error.h"
36
37	#include "got_lib_sha1.h"
38	#include "got_lib_delta.h"
39	#include "got_lib_inflate.h"
40	#include "got_lib_object.h"
41	#include "got_lib_object_parse.h"
42	#include "got_lib_privsep.h"
43	#include "got_lib_pack.h"
44
45	#ifndef MIN
46	#define MIN(_a,_b)((_a) < (_b) ? (_a) : (_b)) ((_a) < (_b) ? (_a) : (_b))
47	#endif
48
49	#ifndef nitems
50	#define nitems(_a)(sizeof((_a)) / sizeof((_a)[0])) (sizeof((_a)) / sizeof((_a)[0]))
51	#endif
52
53	static const struct got_error *
54	poll_fd(int fd, int events, int timeout)
55	{
56	struct pollfd pfd[1];
57	int n;
58
59	pfd[0].fd = fd;
60	pfd[0].events = events;
61
62	n = poll(pfd, 1, timeout);
63	if (n == -1)
64	return got_error_from_errno("poll");
65	if (n == 0)
66	return got_error(GOT_ERR_TIMEOUT33);
67	if (pfd[0].revents & (POLLERR0x0008 \| POLLNVAL0x0020))
68	return got_error_from_errno("poll error");
69	if (pfd[0].revents & (events \| POLLHUP0x0010))
70	return NULL((void *)0);
71
72	return got_error(GOT_ERR_INTERRUPT34);
73	}
74
75	static const struct got_error *
76	read_imsg(struct imsgbuf *ibuf)
77	{
78	const struct got_error *err;
79	size_t n;
80
81	err = poll_fd(ibuf->fd, POLLIN0x0001, INFTIM(-1));
82	if (err)
83	return err;
84
85	n = imsg_read(ibuf);
86	if (n == -1) {
87	if (errno(__errno()) == EAGAIN35) / Could be a file-descriptor leak. */
88	return got_error(GOT_ERR_PRIVSEP_NO_FD38);
89	return got_error(GOT_ERR_PRIVSEP_READ35);
90	}
91	if (n == 0)
92	return got_error(GOT_ERR_PRIVSEP_PIPE37);
93
94	return NULL((void *)0);
95	}
96
97	const struct got_error *
98	got_privsep_wait_for_child(pid_t pid)
99	{
100	int child_status;
101
102	if (waitpid(pid, &child_status, 0) == -1)
103	return got_error_from_errno("waitpid");
104
105	if (!WIFEXITED(child_status)(((child_status) & 0177) == 0))
106	return got_error(GOT_ERR_PRIVSEP_DIED40);
107
108	if (WEXITSTATUS(child_status)(int)(((unsigned)(child_status) >> 8) & 0xff) != 0)
109	return got_error(GOT_ERR_PRIVSEP_EXIT41);
110
111	return NULL((void *)0);
112	}
113
114	static const struct got_error *
115	recv_imsg_error(struct imsg *imsg, size_t datalen)
116	{
117	struct got_imsg_error *ierr;
118
119	if (datalen != sizeof(*ierr))
120	return got_error(GOT_ERR_PRIVSEP_LEN36);
121
122	ierr = imsg->data;
123	if (ierr->code == GOT_ERR_ERRNO1) {
124	static struct got_error serr;
125	serr.code = GOT_ERR_ERRNO1;
126	serr.msg = strerror(ierr->errno_code);
127	return &serr;
128	}
129
130	return got_error(ierr->code);
131	}
132
133	const struct got_error *
134	got_privsep_recv_imsg(struct imsg imsg, struct imsgbuf ibuf,
135	size_t min_datalen)
136	{
137	const struct got_error *err;
138	ssize_t n;
139
140	n = imsg_get(ibuf, imsg);
141	if (n == -1)
142	return got_error_from_errno("imsg_get");
143
144	while (n == 0) {
145	err = read_imsg(ibuf);
146	if (err)
147	return err;
148	n = imsg_get(ibuf, imsg);
149	}
150
151	if (imsg->hdr.len < IMSG_HEADER_SIZEsizeof(struct imsg_hdr) + min_datalen)
152	return got_error(GOT_ERR_PRIVSEP_LEN36);
153
154	if (imsg->hdr.type == GOT_IMSG_ERROR) {
155	size_t datalen = imsg->hdr.len - IMSG_HEADER_SIZEsizeof(struct imsg_hdr);
156	return recv_imsg_error(imsg, datalen);
157	}
158
159	return NULL((void *)0);
160	}
161
162	/* Attempt to send an error in an imsg. Complain on stderr as a last resort. */
163	void
164	got_privsep_send_error(struct imsgbuf ibuf, const struct got_error err)
165	{
166	const struct got_error *poll_err;
167	struct got_imsg_error ierr;
168	int ret;
169
170	ierr.code = err->code;
171	if (err->code == GOT_ERR_ERRNO1)
172	ierr.errno_code = errno(*__errno());
173	else
174	ierr.errno_code = 0;
175	ret = imsg_compose(ibuf, GOT_IMSG_ERROR, 0, 0, -1, &ierr, sizeof(ierr));
176	if (ret == -1) {
177	fprintf(stderr(&__sF[2]), "%s: error %d \"%s\": imsg_compose: %s\n",
178	getprogname(), err->code, err->msg, strerror(errno(*__errno())));
179	return;
180	}
181
182	poll_err = poll_fd(ibuf->fd, POLLOUT0x0004, INFTIM(-1));
183	if (poll_err) {
184	fprintf(stderr(&__sF[2]), "%s: error %d \"%s\": poll: %s\n",
185	getprogname(), err->code, err->msg, poll_err->msg);
186	return;
187	}
188
189	ret = imsg_flush(ibuf);
190	if (ret == -1) {
191	fprintf(stderr(&__sF[2]), "%s: error %d \"%s\": imsg_flush: %s\n",
192	getprogname(), err->code, err->msg, strerror(errno(*__errno())));
193	return;
194	}
195	}
196
197	static const struct got_error *
198	flush_imsg(struct imsgbuf *ibuf)
199	{
200	const struct got_error *err;
201
202	err = poll_fd(ibuf->fd, POLLOUT0x0004, INFTIM(-1));
203	if (err)
204	return err;
205
206	if (imsg_flush(ibuf) == -1)
207	return got_error_from_errno("imsg_flush");
208
209	return NULL((void *)0);
210	}
211
212	const struct got_error *
213	got_privsep_send_stop(int fd)
214	{
215	const struct got_error err = NULL((void )0);
216	struct imsgbuf ibuf;
217
218	imsg_init(&ibuf, fd);
219
220	if (imsg_compose(&ibuf, GOT_IMSG_STOP, 0, 0, -1, NULL((void *)0), 0) == -1)
221	return got_error_from_errno("imsg_compose STOP");
222
223	err = flush_imsg(&ibuf);
224	imsg_clear(&ibuf);
225	return err;
226	}
227
228	const struct got_error *
229	got_privsep_send_obj_req(struct imsgbuf *ibuf, int fd)
230	{
231	if (imsg_compose(ibuf, GOT_IMSG_OBJECT_REQUEST, 0, 0, fd, NULL((void *)0), 0)
232	== -1)
233	return got_error_from_errno("imsg_compose OBJECT_REQUEST");
234
235	return flush_imsg(ibuf);
236	}
237
238	const struct got_error *
239	got_privsep_send_commit_req(struct imsgbuf *ibuf, int fd,
240	struct got_object_id *id, int pack_idx)
241	{
242	const struct got_error err = NULL((void )0);
243	struct got_imsg_packed_object iobj, *iobjp;
244	size_t len;
245
246	if (id) { /* commit is packed */
247	iobj.idx = pack_idx;
248	memcpy(iobj.id, id->sha1, sizeof(iobj.id));
249	iobjp = &iobj;
250	len = sizeof(iobj);
251	} else {
252	iobjp = NULL((void *)0);
253	len = 0;
254	}
255
256	if (imsg_compose(ibuf, GOT_IMSG_COMMIT_REQUEST, 0, 0, fd, iobjp, len)
257	== -1) {
258	err = got_error_from_errno("imsg_compose COMMIT_REQUEST");
259	close(fd);
260	return err;
261	}
262
263	return flush_imsg(ibuf);
264	}
265
266	const struct got_error *
267	got_privsep_send_tree_req(struct imsgbuf *ibuf, int fd,
268	struct got_object_id *id, int pack_idx)
269	{
270	const struct got_error err = NULL((void )0);
271	struct got_imsg_packed_object iobj, *iobjp;
272	size_t len;
273
274	if (id) { /* tree is packed */
275	iobj.idx = pack_idx;
276	memcpy(iobj.id, id->sha1, sizeof(iobj.id));
277	iobjp = &iobj;
278	len = sizeof(iobj);
279	} else {
280	iobjp = NULL((void *)0);
281	len = 0;
282	}
283
284	if (imsg_compose(ibuf, GOT_IMSG_TREE_REQUEST, 0, 0, fd, iobjp, len)
285	== -1) {
286	err = got_error_from_errno("imsg_compose TREE_REQUEST");
287	close(fd);
288	return err;
289	}
290
291	return flush_imsg(ibuf);
292	}
293
294	const struct got_error *
295	got_privsep_send_tag_req(struct imsgbuf *ibuf, int fd,
296	struct got_object_id *id, int pack_idx)
297	{
298	struct got_imsg_packed_object iobj, *iobjp;
299	size_t len;
300
301	if (id) { /* tag is packed */
302	iobj.idx = pack_idx;
303	memcpy(iobj.id, id->sha1, sizeof(iobj.id));
304	iobjp = &iobj;
305	len = sizeof(iobj);
306	} else {
307	iobjp = NULL((void *)0);
308	len = 0;
309	}
310
311	if (imsg_compose(ibuf, GOT_IMSG_TAG_REQUEST, 0, 0, fd, iobjp, len)
312	== -1)
313	return got_error_from_errno("imsg_compose TAG_REQUEST");
314
315	return flush_imsg(ibuf);
316	}
317
318	const struct got_error *
319	got_privsep_send_blob_req(struct imsgbuf *ibuf, int infd,
320	struct got_object_id *id, int pack_idx)
321	{
322	const struct got_error err = NULL((void )0);
323	struct got_imsg_packed_object iobj, *iobjp;
324	size_t len;
325
326	if (id) { /* blob is packed */
327	iobj.idx = pack_idx;
328	memcpy(iobj.id, id->sha1, sizeof(iobj.id));
329	iobjp = &iobj;
330	len = sizeof(iobj);
331	} else {
332	iobjp = NULL((void *)0);
333	len = 0;
334	}
335
336	if (imsg_compose(ibuf, GOT_IMSG_BLOB_REQUEST, 0, 0, infd, iobjp, len)
337	== -1) {
338	err = got_error_from_errno("imsg_compose BLOB_REQUEST");
339	close(infd);
340	return err;
341	}
342
343	return flush_imsg(ibuf);
344	}
345
346	const struct got_error *
347	got_privsep_send_blob_outfd(struct imsgbuf *ibuf, int outfd)
348	{
349	const struct got_error err = NULL((void )0);
350
351	if (imsg_compose(ibuf, GOT_IMSG_BLOB_OUTFD, 0, 0, outfd, NULL((void *)0), 0)
352	== -1) {
353	err = got_error_from_errno("imsg_compose BLOB_OUTFD");
354	close(outfd);
355	return err;
356	}
357
358	return flush_imsg(ibuf);
359	}
360
361	const struct got_error *
362	got_privsep_send_tmpfd(struct imsgbuf *ibuf, int fd)
363	{
364	const struct got_error err = NULL((void )0);
365
366	if (imsg_compose(ibuf, GOT_IMSG_TMPFD, 0, 0, fd, NULL((void *)0), 0)
367	== -1) {
368	err = got_error_from_errno("imsg_compose TMPFD");
369	close(fd);
370	return err;
371	}
372
373	return flush_imsg(ibuf);
374	}
375
376	const struct got_error *
377	got_privsep_send_obj(struct imsgbuf ibuf, struct got_object obj)
378	{
379	struct got_imsg_object iobj;
380
381	memcpy(iobj.id, obj->id.sha1, sizeof(iobj.id));
382	iobj.type = obj->type;
383	iobj.flags = obj->flags;
384	iobj.hdrlen = obj->hdrlen;
385	iobj.size = obj->size;
386	if (iobj.flags & GOT_OBJ_FLAG_PACKED0x01) {
387	iobj.pack_offset = obj->pack_offset;
388	iobj.pack_idx = obj->pack_idx;
389	}
390
391	if (imsg_compose(ibuf, GOT_IMSG_OBJECT, 0, 0, -1, &iobj, sizeof(iobj))
392	== -1)
393	return got_error_from_errno("imsg_compose OBJECT");
394
395	return flush_imsg(ibuf);
396	}
397
398	const struct got_error *
399	got_privsep_get_imsg_obj(struct got_object *obj, struct imsg imsg,
400	struct imsgbuf *ibuf)
401	{
402	const struct got_error err = NULL((void )0);
403	struct got_imsg_object *iobj;
404	size_t datalen = imsg->hdr.len - IMSG_HEADER_SIZEsizeof(struct imsg_hdr);
405
406	if (datalen != sizeof(*iobj))
407	return got_error(GOT_ERR_PRIVSEP_LEN36);
408	iobj = imsg->data;
409
410	obj = calloc(1, sizeof(*obj));
411	if (obj == NULL((void )0))
412	return got_error_from_errno("calloc");
413
414	memcpy((*obj)->id.sha1, iobj->id, SHA1_DIGEST_LENGTH20);
415	(*obj)->type = iobj->type;
416	(*obj)->flags = iobj->flags;
417	(*obj)->hdrlen = iobj->hdrlen;
418	(*obj)->size = iobj->size;
419	/* path_packfile is handled by caller */
420	if (iobj->flags & GOT_OBJ_FLAG_PACKED0x01) {
421	(*obj)->pack_offset = iobj->pack_offset;
422	(*obj)->pack_idx = iobj->pack_idx;
423	}
424
425	return err;
426	}
427
428	const struct got_error *
429	got_privsep_recv_obj(struct got_object *obj, struct imsgbuf ibuf)
430	{
431	const struct got_error err = NULL((void )0);
432	struct imsg imsg;
433	const size_t min_datalen =
434	MIN(sizeof(struct got_imsg_error), sizeof(struct got_imsg_object))((sizeof(struct got_imsg_error)) < (sizeof(struct got_imsg_object )) ? (sizeof(struct got_imsg_error)) : (sizeof(struct got_imsg_object )));
435
436	obj = NULL((void )0);
437
438	err = got_privsep_recv_imsg(&imsg, ibuf, min_datalen);
439	if (err)
440	return err;
441
442	switch (imsg.hdr.type) {
443	case GOT_IMSG_OBJECT:
444	err = got_privsep_get_imsg_obj(obj, &imsg, ibuf);
445	break;
446	default:
447	err = got_error(GOT_ERR_PRIVSEP_MSG39);
448	break;
449	}
450
451	imsg_free(&imsg);
452
453	return err;
454	}
455
456	static const struct got_error *
457	send_commit_logmsg(struct imsgbuf ibuf, struct got_commit_object commit,
458	size_t logmsg_len)
459	{
460	const struct got_error err = NULL((void )0);
461	size_t offset, remain;
462
463	offset = 0;
464	remain = logmsg_len;
465	while (remain > 0) {
466	size_t n = MIN(MAX_IMSGSIZE - IMSG_HEADER_SIZE, remain)((16384 - sizeof(struct imsg_hdr)) < (remain) ? (16384 - sizeof (struct imsg_hdr)) : (remain));
467
468	if (imsg_compose(ibuf, GOT_IMSG_COMMIT_LOGMSG, 0, 0, -1,
469	commit->logmsg + offset, n) == -1) {
470	err = got_error_from_errno("imsg_compose "
471	"COMMIT_LOGMSG");
472	break;
473	}
474
475	err = flush_imsg(ibuf);
476	if (err)
477	break;
478
479	offset += n;
480	remain -= n;
481	}
482
483	return err;
484	}
485
486	const struct got_error *
487	got_privsep_send_commit(struct imsgbuf ibuf, struct got_commit_object commit)
488	{
489	const struct got_error err = NULL((void )0);
490	struct got_imsg_commit_object *icommit;
491	uint8_t *buf;
492	size_t len, total;
493	struct got_object_qid *qid;
494	size_t author_len = strlen(commit->author);
495	size_t committer_len = strlen(commit->committer);
496	size_t logmsg_len = strlen(commit->logmsg);
497
498	total = sizeof(*icommit) + author_len + committer_len +
499	commit->nparents * SHA1_DIGEST_LENGTH20;
500
501	buf = malloc(total);
502	if (buf == NULL((void *)0))
503	return got_error_from_errno("malloc");
504
505	icommit = (struct got_imsg_commit_object *)buf;
506	memcpy(icommit->tree_id, commit->tree_id->sha1,
507	sizeof(icommit->tree_id));
508	icommit->author_len = author_len;
509	icommit->author_time = commit->author_time;
510	icommit->author_gmtoff = commit->author_gmtoff;
511	icommit->committer_len = committer_len;
512	icommit->committer_time = commit->committer_time;
513	icommit->committer_gmtoff = commit->committer_gmtoff;
514	icommit->logmsg_len = logmsg_len;
515	icommit->nparents = commit->nparents;
516
517	len = sizeof(*icommit);
518	memcpy(buf + len, commit->author, author_len);
519	len += author_len;
520	memcpy(buf + len, commit->committer, committer_len);
521	len += committer_len;
522	SIMPLEQ_FOREACH(qid, &commit->parent_ids, entry)for((qid) = ((&commit->parent_ids)->sqh_first); (qid ) != ((void *)0); (qid) = ((qid)->entry.sqe_next)) {
523	memcpy(buf + len, qid->id, SHA1_DIGEST_LENGTH20);
524	len += SHA1_DIGEST_LENGTH20;
525	}
526
527	if (imsg_compose(ibuf, GOT_IMSG_COMMIT, 0, 0, -1, buf, len) == -1) {
528	err = got_error_from_errno("imsg_compose COMMIT");
529	goto done;
530	}
531
532	if (logmsg_len == 0 \|\|
533	logmsg_len + len > MAX_IMSGSIZE16384 - IMSG_HEADER_SIZEsizeof(struct imsg_hdr)) {
534	err = flush_imsg(ibuf);
535	if (err)
536	goto done;
537	}
538	err = send_commit_logmsg(ibuf, commit, logmsg_len);
539	done:
540	free(buf);
541	return err;
542	}
543
544	const struct got_error *
545	got_privsep_recv_commit(struct got_commit_object *commit, struct imsgbuf ibuf)
546	{
547	const struct got_error err = NULL((void )0);
548	struct imsg imsg;
549	struct got_imsg_commit_object *icommit;
550	size_t len, datalen;
551	int i;
552	const size_t min_datalen =
553	MIN(sizeof(struct got_imsg_error),((sizeof(struct got_imsg_error)) < (sizeof(struct got_imsg_commit_object )) ? (sizeof(struct got_imsg_error)) : (sizeof(struct got_imsg_commit_object )))
554	sizeof(struct got_imsg_commit_object))((sizeof(struct got_imsg_error)) < (sizeof(struct got_imsg_commit_object )) ? (sizeof(struct got_imsg_error)) : (sizeof(struct got_imsg_commit_object )));
555
556	commit = NULL((void )0);
557
558	err = got_privsep_recv_imsg(&imsg, ibuf, min_datalen);
559	if (err)
560	return err;
561
562	datalen = imsg.hdr.len - IMSG_HEADER_SIZEsizeof(struct imsg_hdr);
563	len = 0;
564
565	switch (imsg.hdr.type) {
566	case GOT_IMSG_COMMIT:
567	if (datalen < sizeof(*icommit)) {
568	err = got_error(GOT_ERR_PRIVSEP_LEN36);
569	break;
570	}
571	icommit = imsg.data;
572	if (datalen != sizeof(*icommit) + icommit->author_len +
573	icommit->committer_len +
574	icommit->nparents * SHA1_DIGEST_LENGTH20) {
575	err = got_error(GOT_ERR_PRIVSEP_LEN36);
576	break;
577	}
578	if (icommit->nparents < 0) {
579	err = got_error(GOT_ERR_PRIVSEP_LEN36);
580	break;
581	}
582	len += sizeof(*icommit);
583
584	*commit = got_object_commit_alloc_partial();
585	if (commit == NULL((void )0)) {
586	err = got_error_from_errno(
587	"got_object_commit_alloc_partial");
588	break;
589	}
590
591	memcpy((*commit)->tree_id->sha1, icommit->tree_id,
592	SHA1_DIGEST_LENGTH20);
593	(*commit)->author_time = icommit->author_time;
594	(*commit)->author_gmtoff = icommit->author_gmtoff;
595	(*commit)->committer_time = icommit->committer_time;
596	(*commit)->committer_gmtoff = icommit->committer_gmtoff;
597
598	if (icommit->author_len == 0) {
599	(*commit)->author = strdup("");
600	if ((commit)->author == NULL((void )0)) {
601	err = got_error_from_errno("strdup");
602	break;
603	}
604	} else {
605	(*commit)->author = malloc(icommit->author_len + 1);
606	if ((commit)->author == NULL((void )0)) {
607	err = got_error_from_errno("malloc");
608	break;
609	}
610	memcpy((*commit)->author, imsg.data + len,
611	icommit->author_len);
612	(*commit)->author[icommit->author_len] = '\0';
613	}
614	len += icommit->author_len;
615
616	if (icommit->committer_len == 0) {
617	(*commit)->committer = strdup("");
618	if ((commit)->committer == NULL((void )0)) {
619	err = got_error_from_errno("strdup");
620	break;
621	}
622	} else {
623	(*commit)->committer =
624	malloc(icommit->committer_len + 1);
625	if ((commit)->committer == NULL((void )0)) {
626	err = got_error_from_errno("malloc");
627	break;
628	}
629	memcpy((*commit)->committer, imsg.data + len,
630	icommit->committer_len);
631	(*commit)->committer[icommit->committer_len] = '\0';
632	}
633	len += icommit->committer_len;
634
635	if (icommit->logmsg_len == 0) {
636	(*commit)->logmsg = strdup("");
637	if ((commit)->logmsg == NULL((void )0)) {
638	err = got_error_from_errno("strdup");
639	break;
640	}
641	} else {
642	size_t offset = 0, remain = icommit->logmsg_len;
643
644	(*commit)->logmsg = malloc(icommit->logmsg_len + 1);
645	if ((commit)->logmsg == NULL((void )0)) {
646	err = got_error_from_errno("malloc");
647	break;
648	}
649	while (remain > 0) {
650	struct imsg imsg_log;
651	size_t n = MIN(MAX_IMSGSIZE - IMSG_HEADER_SIZE,((16384 - sizeof(struct imsg_hdr)) < (remain) ? (16384 - sizeof (struct imsg_hdr)) : (remain))
652	remain)((16384 - sizeof(struct imsg_hdr)) < (remain) ? (16384 - sizeof (struct imsg_hdr)) : (remain));
653
654	err = got_privsep_recv_imsg(&imsg_log, ibuf, n);
655	if (err)
656	return err;
657
658	if (imsg_log.hdr.type != GOT_IMSG_COMMIT_LOGMSG)
659	return got_error(GOT_ERR_PRIVSEP_MSG39);
660
661	memcpy((*commit)->logmsg + offset,
662	imsg_log.data, n);
663	imsg_free(&imsg_log);
664	offset += n;
665	remain -= n;
666	}
667	(*commit)->logmsg[icommit->logmsg_len] = '\0';
668	}
669
670	for (i = 0; i < icommit->nparents; i++) {
671	struct got_object_qid *qid;
672
673	err = got_object_qid_alloc_partial(&qid);
674	if (err)
675	break;
676	memcpy(qid->id, imsg.data + len +
677	i * SHA1_DIGEST_LENGTH20, sizeof(*qid->id));
678	SIMPLEQ_INSERT_TAIL(&(commit)->parent_ids, qid, entry)do { (qid)->entry.sqe_next = ((void )0); (&(commit) ->parent_ids)->sqh_last = (qid); (&(*commit)->parent_ids )->sqh_last = &(qid)->entry.sqe_next; } while (0);
679	(*commit)->nparents++;
680	}
681	break;
682	default:
683	err = got_error(GOT_ERR_PRIVSEP_MSG39);
684	break;
685	}
686
687	imsg_free(&imsg);
688
689	return err;
690	}
691
692	const struct got_error *
693	got_privsep_send_tree(struct imsgbuf ibuf, struct got_tree_object tree)
694	{
695	const struct got_error err = NULL((void )0);
696	struct got_imsg_tree_object itree;
697	struct got_tree_entry *te;
698	size_t totlen;
699	int nimsg; /* number of imsg queued in ibuf */
700
701	itree.nentries = tree->entries.nentries;
702	if (imsg_compose(ibuf, GOT_IMSG_TREE, 0, 0, -1, &itree, sizeof(itree))
703	== -1)
704	return got_error_from_errno("imsg_compose TREE");
705
706	totlen = sizeof(itree);
707	nimsg = 1;
708	SIMPLEQ_FOREACH(te, &tree->entries.head, entry)for((te) = ((&tree->entries.head)->sqh_first); (te) != ((void *)0); (te) = ((te)->entry.sqe_next)) {
709	struct got_imsg_tree_entry *ite;
710	uint8_t buf = NULL((void )0);
711	size_t len = sizeof(*ite) + strlen(te->name);
712
713	if (len > MAX_IMSGSIZE16384)
714	return got_error(GOT_ERR_NO_SPACE9);
715
716	nimsg++;
717	if (totlen + len >= MAX_IMSGSIZE16384 - (IMSG_HEADER_SIZEsizeof(struct imsg_hdr) * nimsg)) {
718	err = flush_imsg(ibuf);
719	if (err)
720	return err;
721	nimsg = 0;
722	}
723
724	buf = malloc(len);
725	if (buf == NULL((void *)0))
726	return got_error_from_errno("malloc");
727
728	ite = (struct got_imsg_tree_entry *)buf;
729	memcpy(ite->id, te->id->sha1, sizeof(ite->id));
730	ite->mode = te->mode;
731	memcpy(buf + sizeof(*ite), te->name, strlen(te->name));
732
733	if (imsg_compose(ibuf, GOT_IMSG_TREE_ENTRY, 0, 0, -1,
734	buf, len) == -1)
735	err = got_error_from_errno("imsg_compose TREE_ENTRY");
736	free(buf);
737	if (err)
738	return err;
739	totlen += len;
740	}
741
742	return flush_imsg(ibuf);
743	}
744
745	const struct got_error *
746	got_privsep_recv_tree(struct got_tree_object *tree, struct imsgbuf ibuf)
747	{
748	const struct got_error err = NULL((void )0);
749	const size_t min_datalen =
750	MIN(sizeof(struct got_imsg_error),((sizeof(struct got_imsg_error)) < (sizeof(struct got_imsg_tree_object )) ? (sizeof(struct got_imsg_error)) : (sizeof(struct got_imsg_tree_object )))
751	sizeof(struct got_imsg_tree_object))((sizeof(struct got_imsg_error)) < (sizeof(struct got_imsg_tree_object )) ? (sizeof(struct got_imsg_error)) : (sizeof(struct got_imsg_tree_object )));
752	struct got_imsg_tree_object *itree;
753	int nentries = 0;
754
755	tree = NULL((void )0);
756	get_more:
757	err = read_imsg(ibuf);
758	if (err)
759	goto done;
760
761	for (;;) {
762	struct imsg imsg;
763	size_t n;
764	size_t datalen;
765	struct got_imsg_tree_entry *ite;
766	struct got_tree_entry te = NULL((void )0);
767
768	n = imsg_get(ibuf, &imsg);
769	if (n == 0) {
770	if (tree && (tree)->entries.nentries != nentries)
771	goto get_more;
772	break;
773	}
774
775	if (imsg.hdr.len < IMSG_HEADER_SIZEsizeof(struct imsg_hdr) + min_datalen)
776	return got_error(GOT_ERR_PRIVSEP_LEN36);
777
778	datalen = imsg.hdr.len - IMSG_HEADER_SIZEsizeof(struct imsg_hdr);
779
780	switch (imsg.hdr.type) {
781	case GOT_IMSG_ERROR:
782	err = recv_imsg_error(&imsg, datalen);
783	break;
784	case GOT_IMSG_TREE:
785	/* This message should only appear once. */
786	if (tree != NULL((void )0)) {
787	err = got_error(GOT_ERR_PRIVSEP_MSG39);
788	break;
789	}
790	if (datalen != sizeof(*itree)) {
791	err = got_error(GOT_ERR_PRIVSEP_LEN36);
792	break;
793	}
794	itree = imsg.data;
795	tree = malloc(sizeof(*tree));
796	if (tree == NULL((void )0)) {
797	err = got_error_from_errno("malloc");
798	break;
799	}
800	(*tree)->entries.nentries = itree->nentries;
801	SIMPLEQ_INIT(&(tree)->entries.head)do { (&(tree)->entries.head)->sqh_first = ((void * )0); (&(tree)->entries.head)->sqh_last = &(& (tree)->entries.head)->sqh_first; } while (0);
802	(*tree)->refcnt = 0;
803	break;
804	case GOT_IMSG_TREE_ENTRY:
805	/* This message should be preceeded by GOT_IMSG_TREE. */
806	if (tree == NULL((void )0)) {
807	err = got_error(GOT_ERR_PRIVSEP_MSG39);
808	break;
809	}
810	if (datalen < sizeof(*ite) \|\| datalen > MAX_IMSGSIZE16384) {
811	err = got_error(GOT_ERR_PRIVSEP_LEN36);
812	break;
813	}
814
815	/* Remaining data contains the entry's name. */
816	datalen -= sizeof(*ite);
817	if (datalen == 0 \|\| datalen > MAX_IMSGSIZE16384) {
818	err = got_error(GOT_ERR_PRIVSEP_LEN36);
819	break;
820	}
821	ite = imsg.data;
822
823	te = got_alloc_tree_entry_partial();
824	if (te == NULL((void *)0)) {
825	err = got_error_from_errno(
826	"got_alloc_tree_entry_partial");
827	break;
828	}
829	te->name = malloc(datalen + 1);
830	if (te->name == NULL((void *)0)) {
831	free(te);
832	err = got_error_from_errno("malloc");
833	break;
834	}
835	memcpy(te->name, imsg.data + sizeof(*ite), datalen);
836	te->name[datalen] = '\0';
837
838	memcpy(te->id->sha1, ite->id, SHA1_DIGEST_LENGTH20);
839	te->mode = ite->mode;
840	SIMPLEQ_INSERT_TAIL(&(tree)->entries.head, te, entry)do { (te)->entry.sqe_next = ((void )0); (&(tree)-> entries.head)->sqh_last = (te); (&(*tree)->entries. head)->sqh_last = &(te)->entry.sqe_next; } while (0 );
841	nentries++;
842	break;
843	default:
844	err = got_error(GOT_ERR_PRIVSEP_MSG39);
845	break;
846	}
847
848	imsg_free(&imsg);
849	}
850	done:
851	if (tree && (tree)->entries.nentries != nentries) {
852	if (err == NULL((void *)0))
853	err = got_error(GOT_ERR_PRIVSEP_LEN36);
854	got_object_tree_close(*tree);
855	tree = NULL((void )0);
856	}
857
858	return err;
859	}
860
861	const struct got_error *
862	got_privsep_send_blob(struct imsgbuf *ibuf, size_t size, size_t hdrlen,
863	const uint8_t *data)
864	{
865	struct got_imsg_blob iblob;
866
867	iblob.size = size;
868	iblob.hdrlen = hdrlen;
869
870	if (data) {
871	uint8_t *buf;
872
873	if (size > GOT_PRIVSEP_INLINE_BLOB_DATA_MAX(16384 - sizeof(struct imsg_hdr) - sizeof(struct got_imsg_blob )))
874	return got_error(GOT_ERR_NO_SPACE9);
875
876	buf = malloc(sizeof(iblob) + size);
877	if (buf == NULL((void *)0))
878	return got_error_from_errno("malloc");
879
880	memcpy(buf, &iblob, sizeof(iblob));
881	memcpy(buf + sizeof(iblob), data, size);
882	if (imsg_compose(ibuf, GOT_IMSG_BLOB, 0, 0, -1, buf,
883	sizeof(iblob) + size) == -1) {
884	free(buf);
885	return got_error_from_errno("imsg_compose BLOB");
886	}
887	free(buf);
888	} else {
889	/* Data has already been written to file descriptor. */
890	if (imsg_compose(ibuf, GOT_IMSG_BLOB, 0, 0, -1, &iblob,
891	sizeof(iblob)) == -1)
892	return got_error_from_errno("imsg_compose BLOB");
893	}
894
895
896	return flush_imsg(ibuf);
897	}
898
899	const struct got_error *
900	got_privsep_recv_blob(uint8_t *outbuf, size_t size, size_t *hdrlen,
901	struct imsgbuf *ibuf)
902	{
903	const struct got_error err = NULL((void )0);
904	struct imsg imsg;
905	struct got_imsg_blob *iblob;
906	size_t datalen;
907
908	outbuf = NULL((void )0);
909
910	err = got_privsep_recv_imsg(&imsg, ibuf, 0);
911	if (err)
912	return err;
913
914	datalen = imsg.hdr.len - IMSG_HEADER_SIZEsizeof(struct imsg_hdr);
915
916	switch (imsg.hdr.type) {
917	case GOT_IMSG_BLOB:
918	if (datalen < sizeof(*iblob)) {
919	err = got_error(GOT_ERR_PRIVSEP_LEN36);
920	break;
921	}
922	iblob = imsg.data;
923	*size = iblob->size;
924	*hdrlen = iblob->hdrlen;
925
926	if (datalen == sizeof(*iblob)) {
927	/* Data has been written to file descriptor. */
928	break;
929	}
930
931	if (*size > GOT_PRIVSEP_INLINE_BLOB_DATA_MAX(16384 - sizeof(struct imsg_hdr) - sizeof(struct got_imsg_blob ))) {
932	err = got_error(GOT_ERR_PRIVSEP_LEN36);
933	break;
934	}
935
936	outbuf = malloc(size);
937	if (outbuf == NULL((void )0)) {
938	err = got_error_from_errno("malloc");
939	break;
940	}
941	memcpy(outbuf, imsg.data + sizeof(iblob), *size);
942	break;
943	default:
944	err = got_error(GOT_ERR_PRIVSEP_MSG39);
945	break;
946	}
947
948	imsg_free(&imsg);
949
950	return err;
951	}
952
953	static const struct got_error *
954	send_tagmsg(struct imsgbuf ibuf, struct got_tag_object tag, size_t tagmsg_len)
955	{
956	const struct got_error err = NULL((void )0);
957	size_t offset, remain;
958
959	offset = 0;
960	remain = tagmsg_len;
961	while (remain > 0) {
962	size_t n = MIN(MAX_IMSGSIZE - IMSG_HEADER_SIZE, remain)((16384 - sizeof(struct imsg_hdr)) < (remain) ? (16384 - sizeof (struct imsg_hdr)) : (remain));
963
964	if (imsg_compose(ibuf, GOT_IMSG_TAG_TAGMSG, 0, 0, -1,
965	tag->tagmsg + offset, n) == -1) {
966	err = got_error_from_errno("imsg_compose TAG_TAGMSG");
967	break;
968	}
969
970	err = flush_imsg(ibuf);
971	if (err)
972	break;
973
974	offset += n;
975	remain -= n;
976	}
977
978	return err;
979	}
980
981	const struct got_error *
982	got_privsep_send_tag(struct imsgbuf ibuf, struct got_tag_object tag)
983	{
984	const struct got_error err = NULL((void )0);
985	struct got_imsg_tag_object *itag;
986	uint8_t *buf;
987	size_t len, total;
988	size_t tag_len = strlen(tag->tag);
989	size_t tagger_len = strlen(tag->tagger);
990	size_t tagmsg_len = strlen(tag->tagmsg);
991
992	total = sizeof(*itag) + tag_len + tagger_len + tagmsg_len;
993
994	buf = malloc(total);
995	if (buf == NULL((void *)0))
996	return got_error_from_errno("malloc");
997
998	itag = (struct got_imsg_tag_object *)buf;
999	memcpy(itag->id, tag->id.sha1, sizeof(itag->id));
1000	itag->obj_type = tag->obj_type;
1001	itag->tag_len = tag_len;
1002	itag->tagger_len = tagger_len;
1003	itag->tagger_time = tag->tagger_time;
1004	itag->tagger_gmtoff = tag->tagger_gmtoff;
1005	itag->tagmsg_len = tagmsg_len;
1006
1007	len = sizeof(*itag);
1008	memcpy(buf + len, tag->tag, tag_len);
1009	len += tag_len;
1010	memcpy(buf + len, tag->tagger, tagger_len);
1011	len += tagger_len;
1012
1013	if (imsg_compose(ibuf, GOT_IMSG_TAG, 0, 0, -1, buf, len) == -1) {
1014	err = got_error_from_errno("imsg_compose TAG");
1015	goto done;
1016	}
1017
1018	if (tagmsg_len == 0 \|\|
1019	tagmsg_len + len > MAX_IMSGSIZE16384 - IMSG_HEADER_SIZEsizeof(struct imsg_hdr)) {
1020	err = flush_imsg(ibuf);
1021	if (err)
1022	goto done;
1023	}
1024	err = send_tagmsg(ibuf, tag, tagmsg_len);
1025	done:
1026	free(buf);
1027	return err;
1028	}
1029
1030	const struct got_error *
1031	got_privsep_recv_tag(struct got_tag_object *tag, struct imsgbuf ibuf)
1032	{
1033	const struct got_error err = NULL((void )0);
1034	struct imsg imsg;
1035	struct got_imsg_tag_object *itag;
1036	size_t len, datalen;
1037	const size_t min_datalen =
1038	MIN(sizeof(struct got_imsg_error),((sizeof(struct got_imsg_error)) < (sizeof(struct got_imsg_tag_object )) ? (sizeof(struct got_imsg_error)) : (sizeof(struct got_imsg_tag_object )))
1039	sizeof(struct got_imsg_tag_object))((sizeof(struct got_imsg_error)) < (sizeof(struct got_imsg_tag_object )) ? (sizeof(struct got_imsg_error)) : (sizeof(struct got_imsg_tag_object )));
1040
1041	tag = NULL((void )0);
1042
1043	err = got_privsep_recv_imsg(&imsg, ibuf, min_datalen);
1044	if (err)
1045	return err;
1046
1047	datalen = imsg.hdr.len - IMSG_HEADER_SIZEsizeof(struct imsg_hdr);
1048	len = 0;
1049
1050	switch (imsg.hdr.type) {
1051	case GOT_IMSG_TAG:
1052	if (datalen < sizeof(*itag)) {
1053	err = got_error(GOT_ERR_PRIVSEP_LEN36);
1054	break;
1055	}
1056	itag = imsg.data;
1057	if (datalen != sizeof(*itag) + itag->tag_len +
1058	itag->tagger_len) {
1059	err = got_error(GOT_ERR_PRIVSEP_LEN36);
1060	break;
1061	}
1062	len += sizeof(*itag);
1063
1064	tag = calloc(1, sizeof(*tag));
1065	if (tag == NULL((void )0)) {
1066	err = got_error_from_errno("calloc");
1067	break;
1068	}
1069
1070	memcpy((*tag)->id.sha1, itag->id, SHA1_DIGEST_LENGTH20);
1071
1072	if (itag->tag_len == 0) {
1073	(*tag)->tag = strdup("");
1074	if ((tag)->tag == NULL((void )0)) {
1075	err = got_error_from_errno("strdup");
1076	break;
1077	}
1078	} else {
1079	(*tag)->tag = malloc(itag->tag_len + 1);
1080	if ((tag)->tag == NULL((void )0)) {
1081	err = got_error_from_errno("malloc");
1082	break;
1083	}
1084	memcpy((*tag)->tag, imsg.data + len,
1085	itag->tag_len);
1086	(*tag)->tag[itag->tag_len] = '\0';
1087	}
1088	len += itag->tag_len;
1089
1090	(*tag)->obj_type = itag->obj_type;
1091	(*tag)->tagger_time = itag->tagger_time;
1092	(*tag)->tagger_gmtoff = itag->tagger_gmtoff;
1093
1094	if (itag->tagger_len == 0) {
1095	(*tag)->tagger = strdup("");
1096	if ((tag)->tagger == NULL((void )0)) {
1097	err = got_error_from_errno("strdup");
1098	break;
1099	}
1100	} else {
1101	(*tag)->tagger = malloc(itag->tagger_len + 1);
1102	if ((tag)->tagger == NULL((void )0)) {
1103	err = got_error_from_errno("malloc");
1104	break;
1105	}
1106	memcpy((*tag)->tagger, imsg.data + len,
1107	itag->tagger_len);
1108	(*tag)->tagger[itag->tagger_len] = '\0';
1109	}
1110	len += itag->tagger_len;
	Value stored to 'len' is never read
1111
1112	if (itag->tagmsg_len == 0) {
1113	(*tag)->tagmsg = strdup("");
1114	if ((tag)->tagmsg == NULL((void )0)) {
1115	err = got_error_from_errno("strdup");
1116	break;
1117	}
1118	} else {
1119	size_t offset = 0, remain = itag->tagmsg_len;
1120
1121	(*tag)->tagmsg = malloc(itag->tagmsg_len + 1);
1122	if ((tag)->tagmsg == NULL((void )0)) {
1123	err = got_error_from_errno("malloc");
1124	break;
1125	}
1126	while (remain > 0) {
1127	struct imsg imsg_log;
1128	size_t n = MIN(MAX_IMSGSIZE - IMSG_HEADER_SIZE,((16384 - sizeof(struct imsg_hdr)) < (remain) ? (16384 - sizeof (struct imsg_hdr)) : (remain))
1129	remain)((16384 - sizeof(struct imsg_hdr)) < (remain) ? (16384 - sizeof (struct imsg_hdr)) : (remain));
1130
1131	err = got_privsep_recv_imsg(&imsg_log, ibuf, n);
1132	if (err)
1133	return err;
1134
1135	if (imsg_log.hdr.type != GOT_IMSG_TAG_TAGMSG)
1136	return got_error(GOT_ERR_PRIVSEP_MSG39);
1137
1138	memcpy((*tag)->tagmsg + offset, imsg_log.data,
1139	n);
1140	imsg_free(&imsg_log);
1141	offset += n;
1142	remain -= n;
1143	}
1144	(*tag)->tagmsg[itag->tagmsg_len] = '\0';
1145	}
1146
1147	break;
1148	default:
1149	err = got_error(GOT_ERR_PRIVSEP_MSG39);
1150	break;
1151	}
1152
1153	imsg_free(&imsg);
1154
1155	return err;
1156	}
1157
1158	const struct got_error *
1159	got_privsep_init_pack_child(struct imsgbuf ibuf, struct got_pack pack,
1160	struct got_packidx *packidx)
1161	{
1162	const struct got_error err = NULL((void )0);
1163	struct got_imsg_packidx ipackidx;
1164	struct got_imsg_pack ipack;
1165	int fd;
1166
1167	ipackidx.len = packidx->len;
1168	fd = dup(packidx->fd);
1169	if (fd == -1)
1170	return got_error_from_errno("dup");
1171
1172	if (imsg_compose(ibuf, GOT_IMSG_PACKIDX, 0, 0, fd, &ipackidx,
1173	sizeof(ipackidx)) == -1) {
1174	err = got_error_from_errno("imsg_compose PACKIDX");
1175	close(fd);
1176	return err;
1177	}
1178
1179	if (strlcpy(ipack.path_packfile, pack->path_packfile,
1180	sizeof(ipack.path_packfile)) >= sizeof(ipack.path_packfile))
1181	return got_error(GOT_ERR_NO_SPACE9);
1182	ipack.filesize = pack->filesize;
1183
1184	fd = dup(pack->fd);
1185	if (fd == -1)
1186	return got_error_from_errno("dup");
1187
1188	if (imsg_compose(ibuf, GOT_IMSG_PACK, 0, 0, fd, &ipack, sizeof(ipack))
1189	== -1) {
1190	err = got_error_from_errno("imsg_compose PACK");
1191	close(fd);
1192	return err;
1193	}
1194
1195	return flush_imsg(ibuf);
1196	}
1197
1198	const struct got_error *
1199	got_privsep_send_packed_obj_req(struct imsgbuf *ibuf, int idx,
1200	struct got_object_id *id)
1201	{
1202	struct got_imsg_packed_object iobj;
1203
1204	iobj.idx = idx;
1205	memcpy(iobj.id, id->sha1, sizeof(iobj.id));
1206
1207	if (imsg_compose(ibuf, GOT_IMSG_PACKED_OBJECT_REQUEST, 0, 0, -1,
1208	&iobj, sizeof(iobj)) == -1)
1209	return got_error_from_errno("imsg_compose "
1210	"PACKED_OBJECT_REQUEST");
1211
1212	return flush_imsg(ibuf);
1213	}
1214
1215	const struct got_error *
1216	got_privsep_send_gitconfig_parse_req(struct imsgbuf *ibuf, int fd)
1217	{
1218	const struct got_error err = NULL((void )0);
1219
1220	if (imsg_compose(ibuf, GOT_IMSG_GITCONFIG_PARSE_REQUEST, 0, 0, fd,
1221	NULL((void *)0), 0) == -1) {
1222	err = got_error_from_errno("imsg_compose "
1223	"GITCONFIG_PARSE_REQUEST");
1224	close(fd);
1225	return err;
1226	}
1227
1228	return flush_imsg(ibuf);
1229	}
1230
1231	const struct got_error *
1232	got_privsep_send_gitconfig_repository_format_version_req(struct imsgbuf *ibuf)
1233	{
1234	if (imsg_compose(ibuf,
1235	GOT_IMSG_GITCONFIG_REPOSITORY_FORMAT_VERSION_REQUEST, 0, 0, -1,
1236	NULL((void *)0), 0) == -1)
1237	return got_error_from_errno("imsg_compose "
1238	"GITCONFIG_REPOSITORY_FORMAT_VERSION_REQUEST");
1239
1240	return flush_imsg(ibuf);
1241	}
1242
1243	const struct got_error *
1244	got_privsep_send_gitconfig_author_name_req(struct imsgbuf *ibuf)
1245	{
1246	if (imsg_compose(ibuf,
1247	GOT_IMSG_GITCONFIG_AUTHOR_NAME_REQUEST, 0, 0, -1, NULL((void *)0), 0) == -1)
1248	return got_error_from_errno("imsg_compose "
1249	"GITCONFIG_AUTHOR_NAME_REQUEST");
1250
1251	return flush_imsg(ibuf);
1252	}
1253
1254	const struct got_error *
1255	got_privsep_send_gitconfig_author_email_req(struct imsgbuf *ibuf)
1256	{
1257	if (imsg_compose(ibuf,
1258	GOT_IMSG_GITCONFIG_AUTHOR_EMAIL_REQUEST, 0, 0, -1, NULL((void *)0), 0) == -1)
1259	return got_error_from_errno("imsg_compose "
1260	"GITCONFIG_AUTHOR_EMAIL_REQUEST");
1261
1262	return flush_imsg(ibuf);
1263	}
1264
1265	const struct got_error *
1266	got_privsep_send_gitconfig_str(struct imsgbuf ibuf, const char value)
1267	{
1268	size_t len = value ? strlen(value) + 1 : 0;
1269
1270	if (imsg_compose(ibuf, GOT_IMSG_GITCONFIG_STR_VAL, 0, 0, -1,
1271	value, len) == -1)
1272	return got_error_from_errno("imsg_compose GITCONFIG_STR_VAL");
1273
1274	return flush_imsg(ibuf);
1275	}
1276
1277	const struct got_error *
1278	got_privsep_recv_gitconfig_str(char *str, struct imsgbuf ibuf)
1279	{
1280	const struct got_error err = NULL((void )0);
1281	struct imsg imsg;
1282	size_t datalen;
1283	const size_t min_datalen = 0;
1284
1285	str = NULL((void )0);
1286
1287	err = got_privsep_recv_imsg(&imsg, ibuf, min_datalen);
1288	if (err)
1289	return err;
1290	datalen = imsg.hdr.len - IMSG_HEADER_SIZEsizeof(struct imsg_hdr);
1291
1292	switch (imsg.hdr.type) {
1293	case GOT_IMSG_GITCONFIG_STR_VAL:
1294	if (datalen == 0)
1295	break;
1296	*str = malloc(datalen);
1297	if (str == NULL((void )0)) {
1298	err = got_error_from_errno("malloc");
1299	break;
1300	}
1301	if (strlcpy(*str, imsg.data, datalen) >= datalen)
1302	err = got_error(GOT_ERR_NO_SPACE9);
1303	break;
1304	default:
1305	err = got_error(GOT_ERR_PRIVSEP_MSG39);
1306	break;
1307	}
1308
1309	imsg_free(&imsg);
1310	return err;
1311	}
1312
1313	const struct got_error *
1314	got_privsep_send_gitconfig_int(struct imsgbuf *ibuf, int value)
1315	{
1316	if (imsg_compose(ibuf, GOT_IMSG_GITCONFIG_INT_VAL, 0, 0, -1,
1317	&value, sizeof(value)) == -1)
1318	return got_error_from_errno("imsg_compose GITCONFIG_INT_VAL");
1319
1320	return flush_imsg(ibuf);
1321	}
1322
1323	const struct got_error *
1324	got_privsep_recv_gitconfig_int(int val, struct imsgbuf ibuf)
1325	{
1326	const struct got_error err = NULL((void )0);
1327	struct imsg imsg;
1328	size_t datalen;
1329	const size_t min_datalen =
1330	MIN(sizeof(struct got_imsg_error), sizeof(int))((sizeof(struct got_imsg_error)) < (sizeof(int)) ? (sizeof (struct got_imsg_error)) : (sizeof(int)));
1331
1332	*val = 0;
1333
1334	err = got_privsep_recv_imsg(&imsg, ibuf, min_datalen);
1335	if (err)
1336	return err;
1337	datalen = imsg.hdr.len - IMSG_HEADER_SIZEsizeof(struct imsg_hdr);
1338
1339	switch (imsg.hdr.type) {
1340	case GOT_IMSG_GITCONFIG_INT_VAL:
1341	if (datalen != sizeof(*val)) {
1342	err = got_error(GOT_ERR_PRIVSEP_LEN36);
1343	break;
1344	}
1345	memcpy(val, imsg.data, sizeof(*val));
1346	break;
1347	default:
1348	err = got_error(GOT_ERR_PRIVSEP_MSG39);
1349	break;
1350	}
1351
1352	imsg_free(&imsg);
1353	return err;
1354	}
1355
1356	const struct got_error *
1357	got_privsep_unveil_exec_helpers(void)
1358	{
1359	const char *helpers[] = {
1360	GOT_PATH_PROG_READ_PACK"/root/bin" "/" "got-read-pack",
1361	GOT_PATH_PROG_READ_OBJECT"/root/bin" "/" "got-read-object",
1362	GOT_PATH_PROG_READ_COMMIT"/root/bin" "/" "got-read-commit",
1363	GOT_PATH_PROG_READ_TREE"/root/bin" "/" "got-read-tree",
1364	GOT_PATH_PROG_READ_BLOB"/root/bin" "/" "got-read-blob",
1365	GOT_PATH_PROG_READ_TAG"/root/bin" "/" "got-read-tag",
1366	GOT_PATH_PROG_READ_GITCONFIG"/root/bin" "/" "got-read-gitconfig",
1367	};
1368	int i;
1369
1370	for (i = 0; i < nitems(helpers)(sizeof((helpers)) / sizeof((helpers)[0])); i++) {
1371	if (unveil(helpers[i], "x") == 0)
1372	continue;
1373	return got_error_from_errno2("unveil", helpers[i]);
1374	}
1375
1376	return NULL((void *)0);
1377	}
1378
1379	void
1380	got_privsep_exec_child(int imsg_fds[2], const char path, const char repo_path)
1381	{
1382	if (close(imsg_fds[0]) != 0) {
1383	fprintf(stderr(&__sF[2]), "%s: %s\n", getprogname(), strerror(errno(*__errno())));
1384	_exit(1);
1385	}
1386
1387	if (dup2(imsg_fds[1], GOT_IMSG_FD_CHILD(2 + 1)) == -1) {
1388	fprintf(stderr(&__sF[2]), "%s: %s\n", getprogname(), strerror(errno(*__errno())));
1389	_exit(1);
1390	}
1391	if (closefrom(GOT_IMSG_FD_CHILD(2 + 1) + 1) == -1) {
1392	fprintf(stderr(&__sF[2]), "%s: %s\n", getprogname(), strerror(errno(*__errno())));
1393	_exit(1);
1394	}
1395
1396	if (execl(path, path, repo_path, (char )NULL((void )0)) == -1) {
1397	fprintf(stderr(&__sF[2]), "%s: %s: %s\n", getprogname(), path,
1398	strerror(errno(*__errno())));
1399	_exit(1);
1400	}
1401	}