From: Denton Liu <liu.denton@gmail.com>
To: Git Mailing List <git@vger.kernel.org>
Cc: Jeff King <peff@peff.net>,
Eric Sunshine <sunshine@sunshineco.com>,
Junio C Hamano <gitster@pobox.com>
Subject: [PATCH v3 5/7] remote-curl: error on incomplete packet
Date: Tue, 19 May 2020 06:53:58 -0400 [thread overview]
Message-ID: <91d330620a18e286ec112747ea2f3a9d39066018.1589885479.git.liu.denton@gmail.com> (raw)
In-Reply-To: <cover.1589885479.git.liu.denton@gmail.com>
Currently, remote-curl acts as a proxy and blindly forwards packets
between an HTTP server and fetch-pack. In the case of a stateless RPC
connection where the connection is terminated with a partially written
packet, remote-curl will blindly send the partially written packet
before waiting on more input from fetch-pack. Meanwhile, fetch-pack will
read the partial packet and continue reading, expecting more input. This
results in a deadlock between the two processes.
For a stateless connection, inspect packets before sending them and
error out if a packet line packet is incomplete.
Helped-by: Jeff King <peff@peff.net>
Signed-off-by: Denton Liu <liu.denton@gmail.com>
---
remote-curl.c | 59 ++++++++++++++++++-
t/lib-httpd.sh | 2 +
t/lib-httpd/apache.conf | 8 +++
.../incomplete-body-upload-pack-v2-http.sh | 3 +
.../incomplete-length-upload-pack-v2-http.sh | 3 +
t/t5702-protocol-v2.sh | 34 +++++++++++
6 files changed, 106 insertions(+), 3 deletions(-)
create mode 100644 t/lib-httpd/incomplete-body-upload-pack-v2-http.sh
create mode 100644 t/lib-httpd/incomplete-length-upload-pack-v2-http.sh
diff --git a/remote-curl.c b/remote-curl.c
index da3e07184a..e020140092 100644
--- a/remote-curl.c
+++ b/remote-curl.c
@@ -679,9 +679,53 @@ static curlioerr rpc_ioctl(CURL *handle, int cmd, void *clientp)
}
#endif
+struct check_pktline_state {
+ char len_buf[4];
+ int len_filled;
+ int remaining;
+};
+
+static void check_pktline(struct check_pktline_state *state, const char *ptr, size_t size)
+{
+ while (size) {
+ if (!state->remaining) {
+ int digits_remaining = 4 - state->len_filled;
+ if (digits_remaining > size)
+ digits_remaining = size;
+ memcpy(&state->len_buf[state->len_filled], ptr, digits_remaining);
+ state->len_filled += digits_remaining;
+ ptr += digits_remaining;
+ size -= digits_remaining;
+
+ if (state->len_filled == 4) {
+ state->remaining = packet_length(state->len_buf);
+ if (state->remaining < 0) {
+ die(_("remote-curl: bad line length character: %.4s"), state->len_buf);
+ } else if (state->remaining < 4) {
+ state->remaining = 0;
+ } else {
+ state->remaining -= 4;
+ }
+ state->len_filled = 0;
+ }
+ }
+
+ if (state->remaining) {
+ int remaining = state->remaining;
+ if (remaining > size)
+ remaining = size;
+ ptr += remaining;
+ size -= remaining;
+ state->remaining -= remaining;
+ }
+ }
+}
+
struct rpc_in_data {
struct rpc_state *rpc;
struct active_request_slot *slot;
+ int check_pktline;
+ struct check_pktline_state pktline_state;
};
/*
@@ -702,6 +746,8 @@ static size_t rpc_in(char *ptr, size_t eltsize,
return size;
if (size)
data->rpc->any_written = 1;
+ if (data->check_pktline)
+ check_pktline(&data->pktline_state, ptr, size);
write_or_die(data->rpc->in, ptr, size);
return size;
}
@@ -778,7 +824,7 @@ static curl_off_t xcurl_off_t(size_t len)
* If flush_received is true, do not attempt to read any more; just use what's
* in rpc->buf.
*/
-static int post_rpc(struct rpc_state *rpc, int flush_received)
+static int post_rpc(struct rpc_state *rpc, int stateless_connect, int flush_received)
{
struct active_request_slot *slot;
struct curl_slist *headers = http_copy_default_headers();
@@ -920,6 +966,8 @@ static int post_rpc(struct rpc_state *rpc, int flush_received)
curl_easy_setopt(slot->curl, CURLOPT_WRITEFUNCTION, rpc_in);
rpc_in_data.rpc = rpc;
rpc_in_data.slot = slot;
+ rpc_in_data.check_pktline = stateless_connect;
+ memset(&rpc_in_data.pktline_state, 0, sizeof(rpc_in_data.pktline_state));
curl_easy_setopt(slot->curl, CURLOPT_FILE, &rpc_in_data);
curl_easy_setopt(slot->curl, CURLOPT_FAILONERROR, 0);
@@ -936,6 +984,11 @@ static int post_rpc(struct rpc_state *rpc, int flush_received)
if (!rpc->any_written)
err = -1;
+ if (rpc_in_data.pktline_state.len_filled)
+ err = error(_("%d bytes of length header were received"), rpc_in_data.pktline_state.len_filled);
+ if (rpc_in_data.pktline_state.remaining)
+ err = error(_("%d bytes of body are still expected"), rpc_in_data.pktline_state.remaining);
+
curl_slist_free_all(headers);
free(gzip_body);
return err;
@@ -985,7 +1038,7 @@ static int rpc_service(struct rpc_state *rpc, struct discovery *heads,
break;
rpc->pos = 0;
rpc->len = n;
- err |= post_rpc(rpc, 0);
+ err |= post_rpc(rpc, 0, 0);
}
close(client.in);
@@ -1342,7 +1395,7 @@ static int stateless_connect(const char *service_name)
BUG("The entire rpc->buf should be larger than LARGE_PACKET_MAX");
if (status == PACKET_READ_EOF)
break;
- if (post_rpc(&rpc, status == PACKET_READ_FLUSH))
+ if (post_rpc(&rpc, 1, status == PACKET_READ_FLUSH))
/* We would have an err here */
break;
/* Reset the buffer for next request */
diff --git a/t/lib-httpd.sh b/t/lib-httpd.sh
index 1449ee95e9..d2edfa4c50 100644
--- a/t/lib-httpd.sh
+++ b/t/lib-httpd.sh
@@ -129,6 +129,8 @@ install_script () {
prepare_httpd() {
mkdir -p "$HTTPD_DOCUMENT_ROOT_PATH"
cp "$TEST_PATH"/passwd "$HTTPD_ROOT_PATH"
+ install_script incomplete-length-upload-pack-v2-http.sh
+ install_script incomplete-body-upload-pack-v2-http.sh
install_script broken-smart-http.sh
install_script error-smart-http.sh
install_script error.sh
diff --git a/t/lib-httpd/apache.conf b/t/lib-httpd/apache.conf
index 994e5290d6..afa91e38b0 100644
--- a/t/lib-httpd/apache.conf
+++ b/t/lib-httpd/apache.conf
@@ -117,6 +117,8 @@ Alias /auth/dumb/ www/auth/dumb/
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
SetEnv GIT_HTTP_EXPORT_ALL
</LocationMatch>
+ScriptAlias /smart/incomplete_length/git-upload-pack incomplete-length-upload-pack-v2-http.sh/
+ScriptAlias /smart/incomplete_body/git-upload-pack incomplete-body-upload-pack-v2-http.sh/
ScriptAliasMatch /error_git_upload_pack/(.*)/git-upload-pack error.sh/
ScriptAliasMatch /smart_*[^/]*/(.*) ${GIT_EXEC_PATH}/git-http-backend/$1
ScriptAlias /broken_smart/ broken-smart-http.sh/
@@ -126,6 +128,12 @@ ScriptAliasMatch /one_time_perl/(.*) apply-one-time-perl.sh/$1
<Directory ${GIT_EXEC_PATH}>
Options FollowSymlinks
</Directory>
+<Files incomplete-length-upload-pack-v2-http.sh>
+ Options ExecCGI
+</Files>
+<Files incomplete-body-upload-pack-v2-http.sh>
+ Options ExecCGI
+</Files>
<Files broken-smart-http.sh>
Options ExecCGI
</Files>
diff --git a/t/lib-httpd/incomplete-body-upload-pack-v2-http.sh b/t/lib-httpd/incomplete-body-upload-pack-v2-http.sh
new file mode 100644
index 0000000000..2f5ed9fcf6
--- /dev/null
+++ b/t/lib-httpd/incomplete-body-upload-pack-v2-http.sh
@@ -0,0 +1,3 @@
+printf "Content-Type: text/%s\n" "application/x-git-upload-pack-result"
+echo
+printf "%s%s\n" "0079" "45"
diff --git a/t/lib-httpd/incomplete-length-upload-pack-v2-http.sh b/t/lib-httpd/incomplete-length-upload-pack-v2-http.sh
new file mode 100644
index 0000000000..86c6e648c9
--- /dev/null
+++ b/t/lib-httpd/incomplete-length-upload-pack-v2-http.sh
@@ -0,0 +1,3 @@
+printf "Content-Type: text/%s\n" "application/x-git-upload-pack-result"
+echo
+printf "%s\n" "00"
diff --git a/t/t5702-protocol-v2.sh b/t/t5702-protocol-v2.sh
index 5039e66dc4..4eb81ba2d4 100755
--- a/t/t5702-protocol-v2.sh
+++ b/t/t5702-protocol-v2.sh
@@ -586,6 +586,40 @@ test_expect_success 'clone with http:// using protocol v2' '
! grep "Send header: Transfer-Encoding: chunked" log
'
+test_expect_success 'clone repository with http:// using protocol v2 with incomplete pktline length' '
+ test_when_finished "rm -f log" &&
+
+ git init "$HTTPD_DOCUMENT_ROOT_PATH/incomplete_length" &&
+ test_commit -C "$HTTPD_DOCUMENT_ROOT_PATH/incomplete_length" file &&
+
+ test_must_fail env GIT_TRACE_PACKET="$(pwd)/log" GIT_TRACE_CURL="$(pwd)/log" git -c protocol.version=2 \
+ clone "$HTTPD_URL/smart/incomplete_length" incomplete_length_child 2>err &&
+
+ # Client requested to use protocol v2
+ grep "Git-Protocol: version=2" log &&
+ # Server responded using protocol v2
+ grep "git< version 2" log &&
+ # Client reported appropriate failure
+ test_i18ngrep "bytes of length header were received" err
+'
+
+test_expect_success 'clone repository with http:// using protocol v2 with incomplete pktline body' '
+ test_when_finished "rm -f log" &&
+
+ git init "$HTTPD_DOCUMENT_ROOT_PATH/incomplete_body" &&
+ test_commit -C "$HTTPD_DOCUMENT_ROOT_PATH/incomplete_body" file &&
+
+ test_must_fail env GIT_TRACE_PACKET="$(pwd)/log" GIT_TRACE_CURL="$(pwd)/log" git -c protocol.version=2 \
+ clone "$HTTPD_URL/smart/incomplete_body" incomplete_body_child 2>err &&
+
+ # Client requested to use protocol v2
+ grep "Git-Protocol: version=2" log &&
+ # Server responded using protocol v2
+ grep "git< version 2" log &&
+ # Client reported appropriate failure
+ test_i18ngrep "bytes of body are still expected" err
+'
+
test_expect_success 'clone big repository with http:// using protocol v2' '
test_when_finished "rm -f log" &&
--
2.26.2.706.g87896c9627
next prev parent reply other threads:[~2020-05-19 10:54 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-13 18:04 [PATCH 0/6] remote-curl: partial fix for a deadlock with stateless rpc Denton Liu
2020-05-13 18:04 ` [PATCH 1/6] remote-curl: fix typo Denton Liu
2020-05-13 18:04 ` [PATCH 2/6] remote-curl: remove label indentation Denton Liu
2020-05-13 18:04 ` [PATCH 3/6] transport: combine common cases with a fallthrough Denton Liu
2020-05-13 23:14 ` Eric Sunshine
2020-05-18 9:18 ` Denton Liu
2020-05-18 17:43 ` Eric Sunshine
2020-05-13 18:04 ` [PATCH 4/6] pkt-line: extern packet_length() Denton Liu
2020-05-13 23:23 ` Eric Sunshine
2020-05-15 20:56 ` Jeff King
2020-05-15 20:57 ` Jeff King
2020-05-13 18:04 ` [PATCH 5/6] remote-curl: error on incomplete packet Denton Liu
2020-05-15 21:38 ` Jeff King
2020-05-18 9:08 ` Denton Liu
2020-05-18 15:49 ` Jeff King
2020-05-13 18:04 ` [PATCH 6/6] remote-curl: ensure last packet is a flush Denton Liu
2020-05-15 21:02 ` Denton Liu
2020-05-15 21:41 ` Jeff King
2020-05-18 16:34 ` Junio C Hamano
2020-05-18 16:52 ` Jeff King
2020-05-18 21:00 ` Jeff King
2020-05-18 15:47 ` [PATCH v2 0/7] remote-curl: fix deadlocks when remote server disconnects Denton Liu
2020-05-18 15:47 ` [PATCH v2 1/7] remote-curl: fix typo Denton Liu
2020-05-18 15:47 ` [PATCH v2 2/7] remote-curl: remove label indentation Denton Liu
2020-05-18 18:37 ` Junio C Hamano
2020-05-18 15:47 ` [PATCH v2 3/7] transport: extract common fetch_pack() call Denton Liu
2020-05-18 18:40 ` Junio C Hamano
2020-05-18 15:47 ` [PATCH v2 4/7] pkt-line: extern packet_length() Denton Liu
2020-05-18 16:04 ` Jeff King
2020-05-18 17:50 ` Eric Sunshine
2020-05-18 20:08 ` Jeff King
2020-05-18 18:44 ` Junio C Hamano
2020-05-18 15:47 ` [PATCH v2 5/7] remote-curl: error on incomplete packet Denton Liu
2020-05-18 16:22 ` Jeff King
2020-05-18 16:51 ` Denton Liu
2020-05-18 15:47 ` [PATCH v2 6/7] pkt-line: PACKET_READ_RESPONSE_END Denton Liu
2020-05-18 15:47 ` [PATCH v2 7/7] stateless-connect: send response end packet Denton Liu
2020-05-18 16:43 ` Jeff King
2020-05-18 17:12 ` Denton Liu
2020-05-18 17:26 ` Jeff King
2020-05-18 16:50 ` [PATCH v2 0/7] remote-curl: fix deadlocks when remote server disconnects Jeff King
2020-05-18 17:36 ` Denton Liu
2020-05-18 20:58 ` Jeff King
2020-05-18 22:52 ` Junio C Hamano
2020-05-19 2:38 ` Jeff King
2020-05-18 19:36 ` Junio C Hamano
2020-05-19 10:53 ` [PATCH v3 " Denton Liu
2020-05-19 10:53 ` [PATCH v3 1/7] remote-curl: fix typo Denton Liu
2020-05-19 10:53 ` [PATCH v3 2/7] remote-curl: remove label indentation Denton Liu
2020-05-19 10:53 ` [PATCH v3 3/7] transport: extract common fetch_pack() call Denton Liu
2020-05-19 10:53 ` [PATCH v3 4/7] pkt-line: extern packet_length() Denton Liu
2020-05-19 16:23 ` Eric Sunshine
2020-05-19 10:53 ` Denton Liu [this message]
2020-05-19 10:53 ` [PATCH v3 6/7] pkt-line: define PACKET_READ_RESPONSE_END Denton Liu
2020-05-19 10:54 ` [PATCH v3 7/7] stateless-connect: send response end packet Denton Liu
2020-05-19 18:40 ` [PATCH v3 0/7] remote-curl: fix deadlocks when remote server disconnects Jeff King
2020-05-19 21:14 ` Denton Liu
2020-05-19 20:51 ` [PATCH v3 8/7] fixup! pkt-line: extern packet_length() Denton Liu
2020-05-22 13:33 ` [PATCH v3 9/9] fixup! remote-curl: error on incomplete packet Denton Liu
2020-05-22 15:54 ` Jeff King
2020-05-22 16:05 ` Denton Liu
2020-05-22 16:31 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=91d330620a18e286ec112747ea2f3a9d39066018.1589885479.git.liu.denton@gmail.com \
--to=liu.denton@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=peff@peff.net \
--cc=sunshine@sunshineco.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).