summaryrefslogtreecommitdiff
path: root/submodule-config.c
diff options
context:
space:
mode:
Diffstat (limited to 'submodule-config.c')
-rw-r--r--submodule-config.c287
1 files changed, 256 insertions, 31 deletions
diff --git a/submodule-config.c b/submodule-config.c
index e175dfb..54130f6 100644
--- a/submodule-config.c
+++ b/submodule-config.c
@@ -1,12 +1,21 @@
-#include "cache.h"
+#include "git-compat-util.h"
#include "dir.h"
+#include "environment.h"
+#include "gettext.h"
+#include "hex.h"
+#include "path.h"
#include "repository.h"
#include "config.h"
#include "submodule-config.h"
#include "submodule.h"
#include "strbuf.h"
-#include "object-store.h"
+#include "object-name.h"
+#include "object-store-ll.h"
#include "parse-options.h"
+#include "thread-utils.h"
+#include "tree-walk.h"
+#include "url.h"
+#include "urlmatch.h"
/*
* submodule cache lookup structure
@@ -37,10 +46,10 @@ enum lookup_type {
lookup_path
};
-static int config_path_cmp(const void *unused_cmp_data,
+static int config_path_cmp(const void *cmp_data UNUSED,
const struct hashmap_entry *eptr,
const struct hashmap_entry *entry_or_key,
- const void *unused_keydata)
+ const void *keydata UNUSED)
{
const struct submodule_entry *a, *b;
@@ -51,10 +60,10 @@ static int config_path_cmp(const void *unused_cmp_data,
!oideq(&a->config->gitmodules_oid, &b->config->gitmodules_oid);
}
-static int config_name_cmp(const void *unused_cmp_data,
+static int config_name_cmp(const void *cmp_data UNUSED,
const struct hashmap_entry *eptr,
const struct hashmap_entry *entry_or_key,
- const void *unused_keydata)
+ const void *keydata UNUSED)
{
const struct submodule_entry *a, *b;
@@ -103,8 +112,8 @@ static void submodule_cache_clear(struct submodule_cache *cache)
ent /* member name */)
free_one_config(entry);
- hashmap_free_entries(&cache->for_path, struct submodule_entry, ent);
- hashmap_free_entries(&cache->for_name, struct submodule_entry, ent);
+ hashmap_clear_and_free(&cache->for_path, struct submodule_entry, ent);
+ hashmap_clear_and_free(&cache->for_name, struct submodule_entry, ent);
cache->initialized = 0;
cache->gitmodules_read = 0;
}
@@ -203,17 +212,17 @@ int check_submodule_name(const char *name)
return -1;
/*
- * Look for '..' as a path component. Check both '/' and '\\' as
+ * Look for '..' as a path component. Check is_xplatform_dir_sep() as
* separators rather than is_dir_sep(), because we want the name rules
* to be consistent across platforms.
*/
goto in_component; /* always start inside component */
while (*name) {
char c = *name++;
- if (c == '/' || c == '\\') {
+ if (is_xplatform_dir_sep(c)) {
in_component:
if (name[0] == '.' && name[1] == '.' &&
- (!name[2] || name[2] == '/' || name[2] == '\\'))
+ (!name[2] || is_xplatform_dir_sep(name[2])))
return -1;
}
}
@@ -221,6 +230,144 @@ in_component:
return 0;
}
+static int starts_with_dot_slash(const char *const path)
+{
+ return path_match_flags(path, PATH_MATCH_STARTS_WITH_DOT_SLASH |
+ PATH_MATCH_XPLATFORM);
+}
+
+static int starts_with_dot_dot_slash(const char *const path)
+{
+ return path_match_flags(path, PATH_MATCH_STARTS_WITH_DOT_DOT_SLASH |
+ PATH_MATCH_XPLATFORM);
+}
+
+static int submodule_url_is_relative(const char *url)
+{
+ return starts_with_dot_slash(url) || starts_with_dot_dot_slash(url);
+}
+
+/*
+ * Count directory components that a relative submodule URL should chop
+ * from the remote_url it is to be resolved against.
+ *
+ * In other words, this counts "../" components at the start of a
+ * submodule URL.
+ *
+ * Returns the number of directory components to chop and writes a
+ * pointer to the next character of url after all leading "./" and
+ * "../" components to out.
+ */
+static int count_leading_dotdots(const char *url, const char **out)
+{
+ int result = 0;
+ while (1) {
+ if (starts_with_dot_dot_slash(url)) {
+ result++;
+ url += strlen("../");
+ continue;
+ }
+ if (starts_with_dot_slash(url)) {
+ url += strlen("./");
+ continue;
+ }
+ *out = url;
+ return result;
+ }
+}
+/*
+ * Check whether a transport is implemented by git-remote-curl.
+ *
+ * If it is, returns 1 and writes the URL that would be passed to
+ * git-remote-curl to the "out" parameter.
+ *
+ * Otherwise, returns 0 and leaves "out" untouched.
+ *
+ * Examples:
+ * http::https://example.com/repo.git -> 1, https://example.com/repo.git
+ * https://example.com/repo.git -> 1, https://example.com/repo.git
+ * git://example.com/repo.git -> 0
+ *
+ * This is for use in checking for previously exploitable bugs that
+ * required a submodule URL to be passed to git-remote-curl.
+ */
+static int url_to_curl_url(const char *url, const char **out)
+{
+ /*
+ * We don't need to check for case-aliases, "http.exe", and so
+ * on because in the default configuration, is_transport_allowed
+ * prevents URLs with those schemes from being cloned
+ * automatically.
+ */
+ if (skip_prefix(url, "http::", out) ||
+ skip_prefix(url, "https::", out) ||
+ skip_prefix(url, "ftp::", out) ||
+ skip_prefix(url, "ftps::", out))
+ return 1;
+ if (starts_with(url, "http://") ||
+ starts_with(url, "https://") ||
+ starts_with(url, "ftp://") ||
+ starts_with(url, "ftps://")) {
+ *out = url;
+ return 1;
+ }
+ return 0;
+}
+
+int check_submodule_url(const char *url)
+{
+ const char *curl_url;
+
+ if (looks_like_command_line_option(url))
+ return -1;
+
+ if (submodule_url_is_relative(url) || starts_with(url, "git://")) {
+ char *decoded;
+ const char *next;
+ int has_nl;
+
+ /*
+ * This could be appended to an http URL and url-decoded;
+ * check for malicious characters.
+ */
+ decoded = url_decode(url);
+ has_nl = !!strchr(decoded, '\n');
+
+ free(decoded);
+ if (has_nl)
+ return -1;
+
+ /*
+ * URLs which escape their root via "../" can overwrite
+ * the host field and previous components, resolving to
+ * URLs like https::example.com/submodule.git and
+ * https:///example.com/submodule.git that were
+ * susceptible to CVE-2020-11008.
+ */
+ if (count_leading_dotdots(url, &next) > 0 &&
+ (*next == ':' || *next == '/'))
+ return -1;
+ }
+
+ else if (url_to_curl_url(url, &curl_url)) {
+ int ret = 0;
+ char *normalized = url_normalize(curl_url, NULL);
+ if (normalized) {
+ char *decoded = url_decode(normalized);
+ if (strchr(decoded, '\n'))
+ ret = -1;
+ free(normalized);
+ free(decoded);
+ } else {
+ ret = -1;
+ }
+
+ return ret;
+ }
+
+ return 0;
+}
+
static int name_and_item_from_var(const char *var, struct strbuf *name,
struct strbuf *item)
{
@@ -297,11 +444,14 @@ static int parse_fetch_recurse(const char *opt, const char *arg,
}
}
-int parse_submodule_fetchjobs(const char *var, const char *value)
+int parse_submodule_fetchjobs(const char *var, const char *value,
+ const struct key_value_info *kvi)
{
- int fetchjobs = git_config_int(var, value);
+ int fetchjobs = git_config_int(var, value, kvi);
if (fetchjobs < 0)
- die(_("negative values not allowed for submodule.fetchjobs"));
+ die(_("negative values not allowed for submodule.fetchJobs"));
+ if (!fetchjobs)
+ fetchjobs = online_cpus();
return fetchjobs;
}
@@ -417,7 +567,8 @@ struct parse_config_parameter {
* config store (.git/config, etc). Callers are responsible for
* checking for overrides in the main config store when appropriate.
*/
-static int parse_config(const char *var, const char *value, void *data)
+static int parse_config(const char *var, const char *value,
+ const struct config_context *ctx UNUSED, void *data)
{
struct parse_config_parameter *me = data;
struct submodule *submodule;
@@ -496,7 +647,7 @@ static int parse_config(const char *var, const char *value, void *data)
else if (parse_submodule_update_strategy(value,
&submodule->update_strategy) < 0 ||
submodule->update_strategy.type == SM_UPDATE_COMMAND)
- die(_("invalid value for %s"), var);
+ die(_("invalid value for '%s'"), var);
} else if (!strcmp(item.buf, "shallow")) {
if (!me->overwrite && submodule->recommend_shallow != -1)
warn_multiple_config(me->treeish_name, submodule->name,
@@ -505,7 +656,9 @@ static int parse_config(const char *var, const char *value, void *data)
submodule->recommend_shallow =
git_config_bool(var, value);
} else if (!strcmp(item.buf, "branch")) {
- if (!me->overwrite && submodule->branch)
+ if (!value)
+ ret = config_error_nonbool(var);
+ else if (!me->overwrite && submodule->branch)
warn_multiple_config(me->treeish_name, submodule->name,
"branch");
else {
@@ -532,7 +685,7 @@ static int gitmodule_oid_from_commit(const struct object_id *treeish_name,
}
strbuf_addf(rev, "%s:.gitmodules", oid_to_hex(treeish_name));
- if (get_oid(rev->buf, gitmodules_oid) >= 0)
+ if (repo_get_oid(the_repository, rev->buf, gitmodules_oid) >= 0)
ret = 1;
return ret;
@@ -585,7 +738,8 @@ static const struct submodule *config_from(struct submodule_cache *cache,
if (submodule)
goto out;
- config = read_object_file(&oid, &type, &config_size);
+ config = repo_read_object_file(the_repository, &oid, &type,
+ &config_size);
if (!config || type != OBJ_BLOB)
goto out;
@@ -595,7 +749,7 @@ static const struct submodule *config_from(struct submodule_cache *cache,
parameter.gitmodules_oid = &oid;
parameter.overwrite = 0;
git_config_from_mem(parse_config, CONFIG_ORIGIN_SUBMODULE_BLOB, rev.buf,
- config, config_size, &parameter, NULL);
+ config, config_size, &parameter, CONFIG_SCOPE_UNKNOWN, NULL);
strbuf_release(&rev);
free(config);
@@ -651,12 +805,12 @@ static void config_from_gitmodules(config_fn_t fn, struct repository *repo, void
repo_get_oid(repo, GITMODULES_HEAD, &oid) >= 0) {
config_source.blob = oidstr = xstrdup(oid_to_hex(&oid));
if (repo != the_repository)
- add_to_alternates_memory(repo->objects->odb->path);
+ add_submodule_odb_by_path(repo->objects->odb->path);
} else {
goto out;
}
- config_with_options(fn, data, &config_source, &opts);
+ config_with_options(fn, data, &config_source, repo, &opts);
out:
free(oidstr);
@@ -664,17 +818,18 @@ out:
}
}
-static int gitmodules_cb(const char *var, const char *value, void *data)
+static int gitmodules_cb(const char *var, const char *value,
+ const struct config_context *ctx, void *data)
{
struct repository *repo = data;
struct parse_config_parameter parameter;
parameter.cache = repo->submodule_cache;
parameter.treeish_name = NULL;
- parameter.gitmodules_oid = &null_oid;
+ parameter.gitmodules_oid = null_oid();
parameter.overwrite = 1;
- return parse_config(var, value, &parameter);
+ return parse_config(var, value, ctx, &parameter);
}
void repo_read_gitmodules(struct repository *repo, int skip_if_read)
@@ -702,7 +857,8 @@ void gitmodules_config_oid(const struct object_id *commit_oid)
if (gitmodule_oid_from_commit(commit_oid, &oid, &rev)) {
git_config_from_blob_oid(gitmodules_cb, rev.buf,
- &oid, the_repository);
+ the_repository, &oid, the_repository,
+ CONFIG_SCOPE_UNKNOWN);
}
strbuf_release(&rev);
@@ -725,13 +881,75 @@ const struct submodule *submodule_from_path(struct repository *r,
return config_from(r->submodule_cache, treeish_name, path, lookup_path);
}
+/**
+ * Used internally by submodules_of_tree(). Recurses into 'treeish_name'
+ * and appends submodule entries to 'out'. The submodule_cache expects
+ * a root-level treeish_name and paths, so keep track of these values
+ * with 'root_tree' and 'prefix'.
+ */
+static void traverse_tree_submodules(struct repository *r,
+ const struct object_id *root_tree,
+ char *prefix,
+ const struct object_id *treeish_name,
+ struct submodule_entry_list *out)
+{
+ struct tree_desc tree;
+ struct submodule_tree_entry *st_entry;
+ struct name_entry *name_entry;
+ char *tree_path = NULL;
+
+ name_entry = xmalloc(sizeof(*name_entry));
+
+ fill_tree_descriptor(r, &tree, treeish_name);
+ while (tree_entry(&tree, name_entry)) {
+ if (prefix)
+ tree_path =
+ mkpathdup("%s/%s", prefix, name_entry->path);
+ else
+ tree_path = xstrdup(name_entry->path);
+
+ if (S_ISGITLINK(name_entry->mode) &&
+ is_tree_submodule_active(r, root_tree, tree_path)) {
+ ALLOC_GROW(out->entries, out->entry_nr + 1,
+ out->entry_alloc);
+ st_entry = &out->entries[out->entry_nr++];
+
+ st_entry->name_entry = xmalloc(sizeof(*st_entry->name_entry));
+ *st_entry->name_entry = *name_entry;
+ st_entry->submodule =
+ submodule_from_path(r, root_tree, tree_path);
+ st_entry->repo = xmalloc(sizeof(*st_entry->repo));
+ if (repo_submodule_init(st_entry->repo, r, tree_path,
+ root_tree))
+ FREE_AND_NULL(st_entry->repo);
+
+ } else if (S_ISDIR(name_entry->mode))
+ traverse_tree_submodules(r, root_tree, tree_path,
+ &name_entry->oid, out);
+ free(tree_path);
+ }
+}
+
+void submodules_of_tree(struct repository *r,
+ const struct object_id *treeish_name,
+ struct submodule_entry_list *out)
+{
+ CALLOC_ARRAY(out->entries, 0);
+ out->entry_nr = 0;
+ out->entry_alloc = 0;
+
+ traverse_tree_submodules(r, treeish_name, NULL, treeish_name, out);
+}
+
void submodule_free(struct repository *r)
{
if (r->submodule_cache)
submodule_cache_clear(r->submodule_cache);
}
-static int config_print_callback(const char *var, const char *value, void *cb_data)
+static int config_print_callback(const char *var, const char *value,
+ const struct config_context *ctx UNUSED,
+ void *cb_data)
{
char *wanted_key = cb_data;
@@ -773,14 +991,20 @@ struct fetch_config {
int *recurse_submodules;
};
-static int gitmodules_fetch_config(const char *var, const char *value, void *cb)
+static int gitmodules_fetch_config(const char *var, const char *value,
+ const struct config_context *ctx,
+ void *cb)
{
struct fetch_config *config = cb;
if (!strcmp(var, "submodule.fetchjobs")) {
- *(config->max_children) = parse_submodule_fetchjobs(var, value);
+ if (config->max_children)
+ *(config->max_children) =
+ parse_submodule_fetchjobs(var, value, ctx->kvi);
return 0;
} else if (!strcmp(var, "fetch.recursesubmodules")) {
- *(config->recurse_submodules) = parse_fetch_recurse_submodules_arg(var, value);
+ if (config->recurse_submodules)
+ *(config->recurse_submodules) =
+ parse_fetch_recurse_submodules_arg(var, value);
return 0;
}
@@ -797,11 +1021,12 @@ void fetch_config_from_gitmodules(int *max_children, int *recurse_submodules)
}
static int gitmodules_update_clone_config(const char *var, const char *value,
+ const struct config_context *ctx,
void *cb)
{
int *max_jobs = cb;
if (!strcmp(var, "submodule.fetchjobs"))
- *max_jobs = parse_submodule_fetchjobs(var, value);
+ *max_jobs = parse_submodule_fetchjobs(var, value, ctx->kvi);
return 0;
}