mirror of
https://github.com/git/git.git
synced 2024-11-07 09:43:00 +01:00
git-daemon: timeout, eliminate double DWIM
It turns out that not only did git-daemon do DWIM, but git-upload-pack does as well. This is bad; security checks have to be performed *after* canonicalization, not before. Additionally, the current git-daemon can be trivially DoSed by spewing SYNs at the target port. This patch adds a --strict option to git-upload-pack to disable all DWIM, a --timeout option to git-daemon and git-upload-pack, and an --init-timeout option to git-daemon (which is typically set to a much lower value, since the initial request should come immediately from the client.) Signed-off-by: H. Peter Anvin <hpa@zytor.com> Signed-off-by: Junio C Hamano <junkio@cox.net>
This commit is contained in:
parent
c9ed27b9e8
commit
b7080d8516
2 changed files with 59 additions and 7 deletions
21
daemon.c
21
daemon.c
|
@ -12,7 +12,9 @@
|
||||||
static int log_syslog;
|
static int log_syslog;
|
||||||
static int verbose;
|
static int verbose;
|
||||||
|
|
||||||
static const char daemon_usage[] = "git-daemon [--verbose] [--syslog] [--inetd | --port=n] [--export-all] [directory...]";
|
static const char daemon_usage[] =
|
||||||
|
"git-daemon [--verbose] [--syslog] [--inetd | --port=n] [--export-all]\n"
|
||||||
|
" [--timeout=n] [--init-timeout=n] [directory...]";
|
||||||
|
|
||||||
/* List of acceptable pathname prefixes */
|
/* List of acceptable pathname prefixes */
|
||||||
static char **ok_paths = NULL;
|
static char **ok_paths = NULL;
|
||||||
|
@ -20,6 +22,9 @@ static char **ok_paths = NULL;
|
||||||
/* If this is set, git-daemon-export-ok is not required */
|
/* If this is set, git-daemon-export-ok is not required */
|
||||||
static int export_all_trees = 0;
|
static int export_all_trees = 0;
|
||||||
|
|
||||||
|
/* Timeout, and initial timeout */
|
||||||
|
static unsigned int timeout = 0;
|
||||||
|
static unsigned int init_timeout = 0;
|
||||||
|
|
||||||
static void logreport(int priority, const char *err, va_list params)
|
static void logreport(int priority, const char *err, va_list params)
|
||||||
{
|
{
|
||||||
|
@ -169,6 +174,8 @@ static int upload(char *dir)
|
||||||
/* Enough for the longest path above including final null */
|
/* Enough for the longest path above including final null */
|
||||||
int buflen = strlen(dir)+10;
|
int buflen = strlen(dir)+10;
|
||||||
char *dirbuf = xmalloc(buflen);
|
char *dirbuf = xmalloc(buflen);
|
||||||
|
/* Timeout as string */
|
||||||
|
char timeout_buf[64];
|
||||||
|
|
||||||
loginfo("Request for '%s'", dir);
|
loginfo("Request for '%s'", dir);
|
||||||
|
|
||||||
|
@ -189,8 +196,10 @@ static int upload(char *dir)
|
||||||
*/
|
*/
|
||||||
signal(SIGTERM, SIG_IGN);
|
signal(SIGTERM, SIG_IGN);
|
||||||
|
|
||||||
|
snprintf(timeout_buf, sizeof timeout_buf, "--timeout=%u", timeout);
|
||||||
|
|
||||||
/* git-upload-pack only ever reads stuff, so this is safe */
|
/* git-upload-pack only ever reads stuff, so this is safe */
|
||||||
execlp("git-upload-pack", "git-upload-pack", ".", NULL);
|
execlp("git-upload-pack", "git-upload-pack", "--strict", timeout_buf, ".", NULL);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -199,7 +208,9 @@ static int execute(void)
|
||||||
static char line[1000];
|
static char line[1000];
|
||||||
int len;
|
int len;
|
||||||
|
|
||||||
|
alarm(init_timeout ? init_timeout : timeout);
|
||||||
len = packet_read_line(0, line, sizeof(line));
|
len = packet_read_line(0, line, sizeof(line));
|
||||||
|
alarm(0);
|
||||||
|
|
||||||
if (len && line[len-1] == '\n')
|
if (len && line[len-1] == '\n')
|
||||||
line[--len] = 0;
|
line[--len] = 0;
|
||||||
|
@ -548,6 +559,12 @@ int main(int argc, char **argv)
|
||||||
export_all_trees = 1;
|
export_all_trees = 1;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
if (!strncmp(arg, "--timeout=", 10)) {
|
||||||
|
timeout = atoi(arg+10);
|
||||||
|
}
|
||||||
|
if (!strncmp(arg, "--init-timeout=", 10)) {
|
||||||
|
init_timeout = atoi(arg+15);
|
||||||
|
}
|
||||||
if (!strcmp(arg, "--")) {
|
if (!strcmp(arg, "--")) {
|
||||||
ok_paths = &argv[i+1];
|
ok_paths = &argv[i+1];
|
||||||
break;
|
break;
|
||||||
|
|
|
@ -2,13 +2,19 @@
|
||||||
#include "refs.h"
|
#include "refs.h"
|
||||||
#include "pkt-line.h"
|
#include "pkt-line.h"
|
||||||
|
|
||||||
static const char upload_pack_usage[] = "git-upload-pack <dir>";
|
static const char upload_pack_usage[] = "git-upload-pack [--strict] [--timeout=nn] <dir>";
|
||||||
|
|
||||||
#define MAX_HAS (16)
|
#define MAX_HAS (16)
|
||||||
#define MAX_NEEDS (256)
|
#define MAX_NEEDS (256)
|
||||||
static int nr_has = 0, nr_needs = 0;
|
static int nr_has = 0, nr_needs = 0;
|
||||||
static unsigned char has_sha1[MAX_HAS][20];
|
static unsigned char has_sha1[MAX_HAS][20];
|
||||||
static unsigned char needs_sha1[MAX_NEEDS][20];
|
static unsigned char needs_sha1[MAX_NEEDS][20];
|
||||||
|
static unsigned int timeout = 0;
|
||||||
|
|
||||||
|
static void reset_timeout(void)
|
||||||
|
{
|
||||||
|
alarm(timeout);
|
||||||
|
}
|
||||||
|
|
||||||
static int strip(char *line, int len)
|
static int strip(char *line, int len)
|
||||||
{
|
{
|
||||||
|
@ -98,6 +104,7 @@ static int get_common_commits(void)
|
||||||
|
|
||||||
for(;;) {
|
for(;;) {
|
||||||
len = packet_read_line(0, line, sizeof(line));
|
len = packet_read_line(0, line, sizeof(line));
|
||||||
|
reset_timeout();
|
||||||
|
|
||||||
if (!len) {
|
if (!len) {
|
||||||
packet_write(1, "NAK\n");
|
packet_write(1, "NAK\n");
|
||||||
|
@ -120,6 +127,7 @@ static int get_common_commits(void)
|
||||||
|
|
||||||
for (;;) {
|
for (;;) {
|
||||||
len = packet_read_line(0, line, sizeof(line));
|
len = packet_read_line(0, line, sizeof(line));
|
||||||
|
reset_timeout();
|
||||||
if (!len)
|
if (!len)
|
||||||
continue;
|
continue;
|
||||||
len = strip(line, len);
|
len = strip(line, len);
|
||||||
|
@ -143,6 +151,7 @@ static int receive_needs(void)
|
||||||
for (;;) {
|
for (;;) {
|
||||||
unsigned char dummy[20], *sha1_buf;
|
unsigned char dummy[20], *sha1_buf;
|
||||||
len = packet_read_line(0, line, sizeof(line));
|
len = packet_read_line(0, line, sizeof(line));
|
||||||
|
reset_timeout();
|
||||||
if (!len)
|
if (!len)
|
||||||
return needs;
|
return needs;
|
||||||
|
|
||||||
|
@ -171,6 +180,7 @@ static int send_ref(const char *refname, const unsigned char *sha1)
|
||||||
|
|
||||||
static int upload_pack(void)
|
static int upload_pack(void)
|
||||||
{
|
{
|
||||||
|
reset_timeout();
|
||||||
head_ref(send_ref);
|
head_ref(send_ref);
|
||||||
for_each_ref(send_ref);
|
for_each_ref(send_ref);
|
||||||
packet_flush(1);
|
packet_flush(1);
|
||||||
|
@ -185,18 +195,43 @@ static int upload_pack(void)
|
||||||
int main(int argc, char **argv)
|
int main(int argc, char **argv)
|
||||||
{
|
{
|
||||||
const char *dir;
|
const char *dir;
|
||||||
if (argc != 2)
|
int i;
|
||||||
|
int strict = 0;
|
||||||
|
|
||||||
|
for (i = 1; i < argc; i++) {
|
||||||
|
char *arg = argv[i];
|
||||||
|
|
||||||
|
if (arg[0] != '-')
|
||||||
|
break;
|
||||||
|
if (!strcmp(arg, "--strict")) {
|
||||||
|
strict = 1;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
if (!strncmp(arg, "--timeout=", 10)) {
|
||||||
|
timeout = atoi(arg+10);
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
if (!strcmp(arg, "--")) {
|
||||||
|
i++;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (i != argc-1)
|
||||||
usage(upload_pack_usage);
|
usage(upload_pack_usage);
|
||||||
dir = argv[1];
|
dir = argv[i];
|
||||||
|
|
||||||
/* chdir to the directory. If that fails, try appending ".git" */
|
/* chdir to the directory. If that fails, try appending ".git" */
|
||||||
if (chdir(dir) < 0) {
|
if (chdir(dir) < 0) {
|
||||||
if (chdir(mkpath("%s.git", dir)) < 0)
|
if (strict || chdir(mkpath("%s.git", dir)) < 0)
|
||||||
die("git-upload-pack unable to chdir to %s", dir);
|
die("git-upload-pack unable to chdir to %s", dir);
|
||||||
}
|
}
|
||||||
|
if (!strict)
|
||||||
chdir(".git");
|
chdir(".git");
|
||||||
|
|
||||||
if (access("objects", X_OK) || access("refs", X_OK))
|
if (access("objects", X_OK) || access("refs", X_OK))
|
||||||
die("git-upload-pack: %s doesn't seem to be a git archive", dir);
|
die("git-upload-pack: %s doesn't seem to be a git archive", dir);
|
||||||
|
|
||||||
putenv("GIT_DIR=.");
|
putenv("GIT_DIR=.");
|
||||||
upload_pack();
|
upload_pack();
|
||||||
return 0;
|
return 0;
|
||||||
|
|
Loading…
Reference in a new issue