| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
The repository-specific repository path validation belongs in the
repository class, not the generic path class.
|
| | |
|
| |
|
|
| |
been added.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
The `git_buf_text` namespace is unnecessary and strange. Remove it,
just keep the functions prefixed with `git_buf`.
|
| |
|
|
|
|
|
| |
Validate that working directory paths honor `core.longpaths` where
appropriate. Paths to the submodule gitdirs must always honor the
operating system length restrictions; `core.longpaths` does not affect
gitdir paths.
|
| |
|
|
|
|
|
| |
If we want to validate more and different types of paths, the name
`git_path_validate` makes that easier and more expressive. We can add,
for example, `git_path_validate_foo` while the current name makes that
less ergonomic.
|
| |
|
|
| |
Also repurposed an unused function and deleted another one.
|
| |
|
|
|
|
|
|
|
|
| |
This change makes that anything that calls `git_diff__from_iterators`
(any of the `git_diff_xxx` functions) only need to parse the
`.gitmodules` file once. This can be avoided by calling
`git_repository_submodule_cache_all(...)`, but we can do that safely for
the user with no change in semantics.
Fixes: #5725
|
| | |
|
| |
|
|
|
|
| |
`git_buf_sanitize` is called with user-input, and wants to sanity-check
that input. Allow it to return a value if the input was malformed in a
way that we cannot cope.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When compiling libgit2 with -DDEPRECATE_HARD, we add a preprocessor
definition `GIT_DEPRECATE_HARD` which causes the "git2/deprecated.h"
header to be empty. As a result, no function declarations are made
available to callers, but the implementations are still available to
link against. This has the problem that function declarations also
aren't visible to the implementations, meaning that the symbol's
visibility will not be set up correctly. As a result, the resulting
library may not expose those deprecated symbols at all on some platforms
and thus cause linking errors.
Fix the issue by conditionally compiling deprecated functions, only.
While it becomes impossible to link against such a library in case one
uses deprecated functions, distributors of libgit2 aren't expected to
pass -DDEPRECATE_HARD anyway. Instead, users of libgit2 should manually
define GIT_DEPRECATE_HARD to hide deprecated functions. Using "real"
hard deprecation still makes sense in the context of CI to test we don't
use deprecated symbols ourselves and in case a dependant uses libgit2 in
a vendored way and knows it won't ever use any of the deprecated symbols
anyway.
|
| |
|
|
|
|
|
| |
We've accumulated quite some functions which are never used outside of
their respective code unit, but which are lacking the `static` keyword.
Add it to reduce their linkage scope and allow the compiler to optimize
better.
|
| |
|
|
|
|
| |
The submodule code has grown out-of-date regarding its coding style.
Update `git_submodule_reload` and `git_submodule_sync` to more closely
resemble what the rest of our code base uses.
|
| | |
|
| |
|
|
|
| |
git_submodule_sync should resolve submodule before writing to .git/config
to have the same behavior as git_submodule_init, which does the right thing.
|
| | |
|
| |
|
|
|
| |
`cvar` is an unhelpful name. Refactor its usage to `configmap` for more
clarity.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In libgit2 nomenclature, when we need to verb a direct object, we name
a function `git_directobject_verb`. Thus, if we need to init an options
structure named `git_foo_options`, then the name of the function that
does that should be `git_foo_options_init`.
The previous names of `git_foo_init_options` is close - it _sounds_ as
if it's initializing the options of a `foo`, but in fact
`git_foo_options` is its own noun that should be respected.
Deprecate the old names; they'll now call directly to the new ones.
|
| |
|
|
|
|
| |
Some callers were still using the tightly-coupled pattern of `lookup_index` and
`valid_index` to verify that an entry exists in a map. Instead, use the more
high-level `exists` functions to decouple map users from its implementation.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Currently, one would use the function `git_strmap_insert` to insert key/value
pairs into a map. This function has historically been a macro, which is why its
syntax is kind of weird: instead of returning an error code directly, it instead
has to be passed a pointer to where the return value shall be stored. This does
not match libgit2's common idiom of directly returning error codes.
Introduce a new function `git_strmap_set`, which takes as parameters the map,
key and value and directly returns an error code. Convert all callers of
`git_strmap_insert` to make use of it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current way of looking up an entry from a map is tightly coupled with the
map implementation, as one first has to look up the index of the key and then
retrieve the associated value by using the index. As a caller, you usually do
not care about any indices at all, though, so this is more complicated than
really necessary. Furthermore, it invites for errors to happen if the correct
error checking sequence is not being followed.
Introduce a new high-level function `git_strmap_get` that takes a map and a key
and returns a pointer to the associated value if such a key exists. Otherwise,
a `NULL` pointer is returned. Adjust all callers that can trivially be
converted.
|
| |
|
|
|
|
|
|
|
| |
There currently exist two different function names for getting the entry count
of maps, where offmaps offset and string maps use `num_entries` and OID maps use
`size`. In most programming languages with built-in map types, this is simply
called `size`, which is also shorter to type. Thus, this commit renames the
other two functions `num_entries` to match the common way and adjusts all
callers.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the lifecycle functions for maps (allocation, deallocation, resize)
are not named in a uniform way and do not have a uniform function signature.
Rename the functions to fix that, and stick to libgit2's naming scheme of saying
`git_foo_new`. This results in the following new interface for allocation:
- `int git_<t>map_new(git_<t>map **out)` to allocate a new map, returning an
error code if we ran out of memory
- `void git_<t>map_free(git_<t>map *map)` to free a map
- `void git_<t>map_clear(git<t>map *map)` to remove all entries from a map
This commit also fixes all existing callers.
|
| |
|
|
|
| |
Move to the `git_error` name in the internal API for error-related
functions.
|
| |
|
|
|
|
|
|
| |
Previously, an error in `git_config_next` would be mistaken as a
successful load, because the previous call would have succeeded.
Coverity saw the subsequent check for a completed iteration as dead, so
let's make it useful again.
CID 1391374
|
| |
|
|
| |
Use the new object_type enumeration names within the codebase.
|
| |
|
|
| |
Use the new-style index names throughout our own codebase.
|
| |
|
|
|
|
|
| |
Instead of using the `khiter_t`, `git_strmap_iter` and `khint_t` types,
simply use `size_t` instead. This decouples code from the khash stuff
and makes it possible to move the khash includes into the implementation
files.
|
| |
|
|
|
|
|
| |
The submodule code currently has its own implementation of a string map,
which overrides the hashing and hash equals functions with functions
that ignore potential trailing slashes. These functions aren't actually
used by our code, making them useless.
|
| |
|
|
|
|
|
|
|
|
|
| |
These can be used to inject options in an implementation which performs a
recursive clone by executing an external command via crafted url and path
attributes such that it triggers a local executable to be run.
The library is not vulnerable as we do not rely on external executables but a
user of the library might be relying on that so we add this protection.
This matches this aspect of git's fix for CVE-2018-17456.
|
| |
|
|
|
|
|
|
|
|
| |
The header "config_file.h" has a list of inline-functions to access the
contents of a config backend without directly messing with the struct's
function pointers. While all these functions are called
"git_config_file_*", they are in fact completely backend-agnostic and
don't care whether it is a file or not. Rename all the function to
instead be backend-agnostic versions called "git_config_backend_*" and
rename the header to match.
|
| |
|
|
|
|
|
|
|
|
| |
When populating the list of submodule names, we use the submodule
configuration entry's name as the key in the map of submodule names.
This creates a hidden dependency on the liveliness of the configuration
that was used to parse the submodule, which is fragile and unexpected.
Fix the issue by duplicating the string before writing it into the
submodule name map.
|
| |
|
| |
Reported by Coverity, CID 1393237
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previous to dfda2f68e (submodule: remove the per-repo cache,
2015-04-27), we tried to cache our submodules per repository to avoid
having to reload it too frequently. As it created some headaches with
regards to multithreading, we removed that cache.
Previous to that removal, we had to compute what submodule status to
refresh. The mask computation was not removed, though, resulting in
confusing and actually dead code. While it seems like the mask is
currently in use in a conditional, it is not, as we unconditionally
assign to the mask previous to that condition.
Remove all mask computations to clean up stale code.
|
| |
|
|
|
|
|
|
|
| |
The function `load_submodule_names` was always being called with a
newly allocated string map, which was then getting filled by the
function. Move the string map allocation into `load_submodule_names`,
instead, and pass the whole map back to the caller in case no error
occurs. This change helps to avoid misuse by handing in pre-populated
maps.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When loading submodule names, we build a map of submodule paths and
their respective names. While looping over the configuration keys,
we do not check though whether a submodule path was seen already. This
leads to a memory leak in case we have multiple submodules with the same
path, as we just overwrite the old value in the map in that case.
Fix the error by verifying that the path to be added is not yet part of
the string map. Git does not allow to have multiple submodules for a
path anyway, so we now do the same and detect this duplication,
reporting it to the user.
|
| | |
|
| | |
|
| |
|
|
|
| |
We might modify caches due to us trying to load the configuration to figure out
what kinds of filesystem protections we should have.
|
| |
|
|
|
|
|
|
| |
Any part of the library which asks the question can pass in the mode to have it
checked against `.gitmodules` being a symlink.
This is particularly relevant for adding entries to the index from the worktree
and for checking out files.
|
| |
|
|
|
|
|
|
| |
Otherwise we would also admit `..\..\foo\bar` as a valid path and fail to
protect Windows users.
Ideally we would check for both separators without the need for the copied
string, but this'll get us over the RCE.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the we decide that the "name" of the submodule (i.e. its path inside
`.git/modules/`) is trying to escape that directory or otherwise trick us, we
ignore the configuration for that submodule.
This leaves us with a half-configured submodule when looking it up by path, but
it's the same result as if the configuration really were missing.
The name check is potentially more strict than it needs to be, but it lets us
re-use the check we're doing for the checkout. The function that encapsulates
this logic is ready to be exported but we don't want to do that in a security
release so it remains internal for now.
|
| |\
| |
| | |
Submodules-API should report .gitmodules parse errors instead of ignoring them
|
| | |
| |
| |
| | |
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
| | | |
|
| | | |
|
