Skip to content

Commit c5d276c

Browse files
committed
Merge branch 'mk/http-backend-content-length'
The http-backend (used for smart-http transport) used to slurp the whole input until EOF, without paying attention to CONTENT_LENGTH that is supplied in the environment and instead expecting the Web server to close the input stream. This has been fixed. * mk/http-backend-content-length: t5562: avoid non-portable "export FOO=bar" construct http-backend: respect CONTENT_LENGTH for receive-pack http-backend: respect CONTENT_LENGTH as specified by rfc3875 http-backend: cleanup writing to child process
2 parents c83149a + eebfe40 commit c5d276c

File tree

6 files changed

+282
-15
lines changed

6 files changed

+282
-15
lines changed

config.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -933,7 +933,7 @@ int git_parse_ulong(const char *value, unsigned long *ret)
933933
return 1;
934934
}
935935

936-
static int git_parse_ssize_t(const char *value, ssize_t *ret)
936+
int git_parse_ssize_t(const char *value, ssize_t *ret)
937937
{
938938
intmax_t tmp;
939939
if (!git_parse_signed(value, &tmp, maximum_signed_value_of_type(ssize_t)))

config.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -82,6 +82,7 @@ extern void git_config(config_fn_t fn, void *);
8282
extern int config_with_options(config_fn_t fn, void *,
8383
struct git_config_source *config_source,
8484
const struct config_options *opts);
85+
extern int git_parse_ssize_t(const char *, ssize_t *);
8586
extern int git_parse_ulong(const char *, unsigned long *);
8687
extern int git_parse_maybe_bool(const char *);
8788
extern int git_config_int(const char *, const char *);

help.c

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -693,6 +693,7 @@ int cmd_version(int argc, const char **argv, const char *prefix)
693693
else
694694
printf("no commit associated with this build\n");
695695
printf("sizeof-long: %d\n", (int)sizeof(long));
696+
printf("sizeof-size_t: %d\n", (int)sizeof(size_t));
696697
/* NEEDSWORK: also save and output GIT-BUILD_OPTIONS? */
697698
}
698699
return 0;

http-backend.c

Lines changed: 86 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -279,12 +279,18 @@ static struct rpc_service *select_service(struct strbuf *hdr, const char *name)
279279
return svc;
280280
}
281281

282+
static void write_to_child(int out, const unsigned char *buf, ssize_t len, const char *prog_name)
283+
{
284+
if (write_in_full(out, buf, len) < 0)
285+
die("unable to write to '%s'", prog_name);
286+
}
287+
282288
/*
283289
* This is basically strbuf_read(), except that if we
284290
* hit max_request_buffer we die (we'd rather reject a
285291
* maliciously large request than chew up infinite memory).
286292
*/
287-
static ssize_t read_request(int fd, unsigned char **out)
293+
static ssize_t read_request_eof(int fd, unsigned char **out)
288294
{
289295
size_t len = 0, alloc = 8192;
290296
unsigned char *buf = xmalloc(alloc);
@@ -321,13 +327,54 @@ static ssize_t read_request(int fd, unsigned char **out)
321327
}
322328
}
323329

324-
static void inflate_request(const char *prog_name, int out, int buffer_input)
330+
static ssize_t read_request_fixed_len(int fd, ssize_t req_len, unsigned char **out)
331+
{
332+
unsigned char *buf = NULL;
333+
ssize_t cnt = 0;
334+
335+
if (max_request_buffer < req_len) {
336+
die("request was larger than our maximum size (%lu): "
337+
"%" PRIuMAX "; try setting GIT_HTTP_MAX_REQUEST_BUFFER",
338+
max_request_buffer, (uintmax_t)req_len);
339+
}
340+
341+
buf = xmalloc(req_len);
342+
cnt = read_in_full(fd, buf, req_len);
343+
if (cnt < 0) {
344+
free(buf);
345+
return -1;
346+
}
347+
*out = buf;
348+
return cnt;
349+
}
350+
351+
static ssize_t get_content_length(void)
352+
{
353+
ssize_t val = -1;
354+
const char *str = getenv("CONTENT_LENGTH");
355+
356+
if (str && !git_parse_ssize_t(str, &val))
357+
die("failed to parse CONTENT_LENGTH: %s", str);
358+
return val;
359+
}
360+
361+
static ssize_t read_request(int fd, unsigned char **out, ssize_t req_len)
362+
{
363+
if (req_len < 0)
364+
return read_request_eof(fd, out);
365+
else
366+
return read_request_fixed_len(fd, req_len, out);
367+
}
368+
369+
static void inflate_request(const char *prog_name, int out, int buffer_input, ssize_t req_len)
325370
{
326371
git_zstream stream;
327372
unsigned char *full_request = NULL;
328373
unsigned char in_buf[8192];
329374
unsigned char out_buf[8192];
330375
unsigned long cnt = 0;
376+
int req_len_defined = req_len >= 0;
377+
size_t req_remaining_len = req_len;
331378

332379
memset(&stream, 0, sizeof(stream));
333380
git_inflate_init_gzip_only(&stream);
@@ -339,11 +386,18 @@ static void inflate_request(const char *prog_name, int out, int buffer_input)
339386
if (full_request)
340387
n = 0; /* nothing left to read */
341388
else
342-
n = read_request(0, &full_request);
389+
n = read_request(0, &full_request, req_len);
343390
stream.next_in = full_request;
344391
} else {
345-
n = xread(0, in_buf, sizeof(in_buf));
392+
ssize_t buffer_len;
393+
if (req_len_defined && req_remaining_len <= sizeof(in_buf))
394+
buffer_len = req_remaining_len;
395+
else
396+
buffer_len = sizeof(in_buf);
397+
n = xread(0, in_buf, buffer_len);
346398
stream.next_in = in_buf;
399+
if (req_len_defined && n > 0)
400+
req_remaining_len -= n;
347401
}
348402

349403
if (n <= 0)
@@ -361,9 +415,8 @@ static void inflate_request(const char *prog_name, int out, int buffer_input)
361415
die("zlib error inflating request, result %d", ret);
362416

363417
n = stream.total_out - cnt;
364-
if (write_in_full(out, out_buf, n) < 0)
365-
die("%s aborted reading request", prog_name);
366-
cnt += n;
418+
write_to_child(out, out_buf, stream.total_out - cnt, prog_name);
419+
cnt = stream.total_out;
367420

368421
if (ret == Z_STREAM_END)
369422
goto done;
@@ -376,25 +429,42 @@ static void inflate_request(const char *prog_name, int out, int buffer_input)
376429
free(full_request);
377430
}
378431

379-
static void copy_request(const char *prog_name, int out)
432+
static void copy_request(const char *prog_name, int out, ssize_t req_len)
380433
{
381434
unsigned char *buf;
382-
ssize_t n = read_request(0, &buf);
435+
ssize_t n = read_request(0, &buf, req_len);
383436
if (n < 0)
384437
die_errno("error reading request body");
385-
if (write_in_full(out, buf, n) < 0)
386-
die("%s aborted reading request", prog_name);
438+
write_to_child(out, buf, n, prog_name);
387439
close(out);
388440
free(buf);
389441
}
390442

443+
static void pipe_fixed_length(const char *prog_name, int out, size_t req_len)
444+
{
445+
unsigned char buf[8192];
446+
size_t remaining_len = req_len;
447+
448+
while (remaining_len > 0) {
449+
size_t chunk_length = remaining_len > sizeof(buf) ? sizeof(buf) : remaining_len;
450+
ssize_t n = xread(0, buf, chunk_length);
451+
if (n < 0)
452+
die_errno("Reading request failed");
453+
write_to_child(out, buf, n, prog_name);
454+
remaining_len -= n;
455+
}
456+
457+
close(out);
458+
}
459+
391460
static void run_service(const char **argv, int buffer_input)
392461
{
393462
const char *encoding = getenv("HTTP_CONTENT_ENCODING");
394463
const char *user = getenv("REMOTE_USER");
395464
const char *host = getenv("REMOTE_ADDR");
396465
int gzipped_request = 0;
397466
struct child_process cld = CHILD_PROCESS_INIT;
467+
ssize_t req_len = get_content_length();
398468

399469
if (encoding && !strcmp(encoding, "gzip"))
400470
gzipped_request = 1;
@@ -413,17 +483,19 @@ static void run_service(const char **argv, int buffer_input)
413483
"GIT_COMMITTER_EMAIL=%s@http.%s", user, host);
414484

415485
cld.argv = argv;
416-
if (buffer_input || gzipped_request)
486+
if (buffer_input || gzipped_request || req_len >= 0)
417487
cld.in = -1;
418488
cld.git_cmd = 1;
419489
if (start_command(&cld))
420490
exit(1);
421491

422492
close(1);
423493
if (gzipped_request)
424-
inflate_request(argv[0], cld.in, buffer_input);
494+
inflate_request(argv[0], cld.in, buffer_input, req_len);
425495
else if (buffer_input)
426-
copy_request(argv[0], cld.in);
496+
copy_request(argv[0], cld.in, req_len);
497+
else if (req_len >= 0)
498+
pipe_fixed_length(argv[0], cld.in, req_len);
427499
else
428500
close(0);
429501

Lines changed: 156 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,156 @@
1+
#!/bin/sh
2+
3+
test_description='test git-http-backend respects CONTENT_LENGTH'
4+
. ./test-lib.sh
5+
6+
test_lazy_prereq GZIP 'gzip --version'
7+
8+
verify_http_result() {
9+
# some fatal errors still produce status 200
10+
# so check if there is the error message
11+
if grep 'fatal:' act.err
12+
then
13+
return 1
14+
fi
15+
16+
if ! grep "Status" act.out >act
17+
then
18+
printf "Status: 200 OK\r\n" >act
19+
fi
20+
printf "Status: $1\r\n" >exp &&
21+
test_cmp exp act
22+
}
23+
24+
test_http_env() {
25+
handler_type="$1"
26+
request_body="$2"
27+
shift
28+
env \
29+
CONTENT_TYPE="application/x-git-$handler_type-pack-request" \
30+
QUERY_STRING="/repo.git/git-$handler_type-pack" \
31+
PATH_TRANSLATED="$PWD/.git/git-$handler_type-pack" \
32+
GIT_HTTP_EXPORT_ALL=TRUE \
33+
REQUEST_METHOD=POST \
34+
"$TEST_DIRECTORY"/t5562/invoke-with-content-length.pl \
35+
"$request_body" git http-backend >act.out 2>act.err
36+
}
37+
38+
ssize_b100dots() {
39+
# hardcoded ((size_t) SSIZE_MAX) + 1
40+
case "$(build_option sizeof-size_t)" in
41+
8) echo 9223372036854775808;;
42+
4) echo 2147483648;;
43+
*) die "Unexpected ssize_t size: $(build_option sizeof-size_t)";;
44+
esac
45+
}
46+
47+
test_expect_success 'setup' '
48+
HTTP_CONTENT_ENCODING="identity" &&
49+
export HTTP_CONTENT_ENCODING &&
50+
git config http.receivepack true &&
51+
test_commit c0 &&
52+
test_commit c1 &&
53+
hash_head=$(git rev-parse HEAD) &&
54+
hash_prev=$(git rev-parse HEAD~1) &&
55+
printf "want %s" "$hash_head" | packetize >fetch_body &&
56+
printf 0000 >>fetch_body &&
57+
printf "have %s" "$hash_prev" | packetize >>fetch_body &&
58+
printf done | packetize >>fetch_body &&
59+
test_copy_bytes 10 <fetch_body >fetch_body.trunc &&
60+
hash_next=$(git commit-tree -p HEAD -m next HEAD^{tree}) &&
61+
printf "%s %s refs/heads/newbranch\\0report-status\\n" "$_z40" "$hash_next" | packetize >push_body &&
62+
printf 0000 >>push_body &&
63+
echo "$hash_next" | git pack-objects --stdout >>push_body &&
64+
test_copy_bytes 10 <push_body >push_body.trunc &&
65+
: >empty_body
66+
'
67+
68+
test_expect_success GZIP 'setup, compression related' '
69+
gzip -c fetch_body >fetch_body.gz &&
70+
test_copy_bytes 10 <fetch_body.gz >fetch_body.gz.trunc &&
71+
gzip -c push_body >push_body.gz &&
72+
test_copy_bytes 10 <push_body.gz >push_body.gz.trunc
73+
'
74+
75+
test_expect_success 'fetch plain' '
76+
test_http_env upload fetch_body &&
77+
verify_http_result "200 OK"
78+
'
79+
80+
test_expect_success 'fetch plain truncated' '
81+
test_http_env upload fetch_body.trunc &&
82+
! verify_http_result "200 OK"
83+
'
84+
85+
test_expect_success 'fetch plain empty' '
86+
test_http_env upload empty_body &&
87+
! verify_http_result "200 OK"
88+
'
89+
90+
test_expect_success GZIP 'fetch gzipped' '
91+
test_env HTTP_CONTENT_ENCODING="gzip" test_http_env upload fetch_body.gz &&
92+
verify_http_result "200 OK"
93+
'
94+
95+
test_expect_success GZIP 'fetch gzipped truncated' '
96+
test_env HTTP_CONTENT_ENCODING="gzip" test_http_env upload fetch_body.gz.trunc &&
97+
! verify_http_result "200 OK"
98+
'
99+
100+
test_expect_success GZIP 'fetch gzipped empty' '
101+
test_env HTTP_CONTENT_ENCODING="gzip" test_http_env upload empty_body &&
102+
! verify_http_result "200 OK"
103+
'
104+
105+
test_expect_success GZIP 'push plain' '
106+
test_when_finished "git branch -D newbranch" &&
107+
test_http_env receive push_body &&
108+
verify_http_result "200 OK" &&
109+
git rev-parse newbranch >act.head &&
110+
echo "$hash_next" >exp.head &&
111+
test_cmp act.head exp.head
112+
'
113+
114+
test_expect_success 'push plain truncated' '
115+
test_http_env receive push_body.trunc &&
116+
! verify_http_result "200 OK"
117+
'
118+
119+
test_expect_success 'push plain empty' '
120+
test_http_env receive empty_body &&
121+
! verify_http_result "200 OK"
122+
'
123+
124+
test_expect_success GZIP 'push gzipped' '
125+
test_when_finished "git branch -D newbranch" &&
126+
test_env HTTP_CONTENT_ENCODING="gzip" test_http_env receive push_body.gz &&
127+
verify_http_result "200 OK" &&
128+
git rev-parse newbranch >act.head &&
129+
echo "$hash_next" >exp.head &&
130+
test_cmp act.head exp.head
131+
'
132+
133+
test_expect_success GZIP 'push gzipped truncated' '
134+
test_env HTTP_CONTENT_ENCODING="gzip" test_http_env receive push_body.gz.trunc &&
135+
! verify_http_result "200 OK"
136+
'
137+
138+
test_expect_success GZIP 'push gzipped empty' '
139+
test_env HTTP_CONTENT_ENCODING="gzip" test_http_env receive empty_body &&
140+
! verify_http_result "200 OK"
141+
'
142+
143+
test_expect_success 'CONTENT_LENGTH overflow ssite_t' '
144+
NOT_FIT_IN_SSIZE=$(ssize_b100dots) &&
145+
env \
146+
CONTENT_TYPE=application/x-git-upload-pack-request \
147+
QUERY_STRING=/repo.git/git-upload-pack \
148+
PATH_TRANSLATED="$PWD"/.git/git-upload-pack \
149+
GIT_HTTP_EXPORT_ALL=TRUE \
150+
REQUEST_METHOD=POST \
151+
CONTENT_LENGTH="$NOT_FIT_IN_SSIZE" \
152+
git http-backend </dev/zero >/dev/null 2>err &&
153+
grep "fatal:.*CONTENT_LENGTH" err
154+
'
155+
156+
test_done

t/t5562/invoke-with-content-length.pl

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
#!/usr/bin/perl
2+
use 5.008;
3+
use strict;
4+
use warnings;
5+
6+
my $body_filename = $ARGV[0];
7+
my @command = @ARGV[1 .. $#ARGV];
8+
9+
# read data
10+
my $body_size = -s $body_filename;
11+
$ENV{"CONTENT_LENGTH"} = $body_size;
12+
open(my $body_fh, "<", $body_filename) or die "Cannot open $body_filename: $!";
13+
my $body_data;
14+
defined read($body_fh, $body_data, $body_size) or die "Cannot read $body_filename: $!";
15+
close($body_fh);
16+
17+
my $exited = 0;
18+
$SIG{"CHLD"} = sub {
19+
$exited = 1;
20+
};
21+
22+
# write data
23+
my $pid = open(my $out, "|-", @command);
24+
{
25+
# disable buffering at $out
26+
my $old_selected = select;
27+
select $out;
28+
$| = 1;
29+
select $old_selected;
30+
}
31+
print $out $body_data or die "Cannot write data: $!";
32+
33+
sleep 60; # is interrupted by SIGCHLD
34+
if (!$exited) {
35+
close($out);
36+
die "Command did not exit after reading whole body";
37+
}

0 commit comments

Comments
 (0)