Gotweb

Blob

Date:: Mon Jun 11 01:17:51 2018 UTC
Message:: promote commit graph's open_commit() helper to public API
Actions:: History | Blame | Raw File
1 /*
2  * Copyright (c) 2018 Stefan Sperling <stsp@openbsd.org>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include <sys/types.h>
18 #include <sys/stat.h>
19 #include <sys/queue.h>
20 #include <sys/uio.h>
21 #include <sys/socket.h>
22 #include <sys/wait.h>
23 
24 #include <errno.h>
25 #include <fcntl.h>
26 #include <stdio.h>
27 #include <stdlib.h>
28 #include <string.h>
29 #include <stdint.h>
30 #include <sha1.h>
31 #include <zlib.h>
32 #include <ctype.h>
33 #include <limits.h>
34 #include <imsg.h>
35 
36 #include "got_error.h"
37 #include "got_object.h"
38 #include "got_repository.h"
39 #include "got_opentemp.h"
40 
41 #include "got_lib_sha1.h"
42 #include "got_lib_delta.h"
43 #include "got_lib_pack.h"
44 #include "got_lib_path.h"
45 #include "got_lib_zbuf.h"
46 #include "got_lib_object.h"
47 #include "got_lib_privsep.h"
48 
49 #ifndef MIN
50 #define	MIN(_a,_b) ((_a) < (_b) ? (_a) : (_b))
51 #endif
52 
53 #ifndef nitems
54 #define nitems(_a) (sizeof(_a) / sizeof((_a)[0]))
55 #endif
56 
57 #define GOT_OBJ_TAG_COMMIT	"commit"
58 #define GOT_OBJ_TAG_TREE	"tree"
59 #define GOT_OBJ_TAG_BLOB	"blob"
60 
61 #define GOT_COMMIT_TAG_TREE		"tree "
62 #define GOT_COMMIT_TAG_PARENT		"parent "
63 #define GOT_COMMIT_TAG_AUTHOR		"author "
64 #define GOT_COMMIT_TAG_COMMITTER	"committer "
65 
66 const struct got_error *
67 got_object_id_str(char **outbuf, struct got_object_id *id)
68 {
69 	static const size_t len = SHA1_DIGEST_STRING_LENGTH;
70 
71 	*outbuf = calloc(1, len);
72 	if (*outbuf == NULL)
73 		return got_error_from_errno();
74 
75 	if (got_sha1_digest_to_str(id->sha1, *outbuf, len) == NULL) {
76 		free(*outbuf);
77 		*outbuf = NULL;
78 		return got_error(GOT_ERR_BAD_OBJ_ID_STR);
79 	}
80 
81 	return NULL;
82 }
83 
84 int
85 got_object_id_cmp(struct got_object_id *id1, struct got_object_id *id2)
86 {
87 	return memcmp(id1->sha1, id2->sha1, SHA1_DIGEST_LENGTH);
88 }
89 
90 struct got_object_id *
91 got_object_id_dup(struct got_object_id *id1)
92 {
93 	struct got_object_id *id2;
94 
95 	id2 = malloc(sizeof(*id2));
96 	if (id2 == NULL)
97 		return NULL;
98 	memcpy(id2, id1, sizeof(*id2));
99 	return id2;
100 }
101 
102 struct got_object_id *
103 got_object_get_id(struct got_object *obj)
104 {
105 	return got_object_id_dup(&obj->id);
106 }
107 
108 const struct got_error *
109 got_object_get_id_str(char **outbuf, struct got_object *obj)
110 {
111 	return got_object_id_str(outbuf, &obj->id);
112 }
113 
114 int
115 got_object_get_type(struct got_object *obj)
116 {
117 	switch (obj->type) {
118 	case GOT_OBJ_TYPE_COMMIT:
119 	case GOT_OBJ_TYPE_TREE:
120 	case GOT_OBJ_TYPE_BLOB:
121 	case GOT_OBJ_TYPE_TAG:
122 		return obj->type;
123 	default:
124 		abort();
125 		break;
126 	}
127 
128 	/* not reached */
129 	return 0;
130 }
131 
132 static const struct got_error *
133 parse_object_header(struct got_object **obj, char *buf, size_t len)
134 {
135 	const char *obj_tags[] = {
136 		GOT_OBJ_TAG_COMMIT,
137 		GOT_OBJ_TAG_TREE,
138 		GOT_OBJ_TAG_BLOB
139 	};
140 	const int obj_types[] = {
141 		GOT_OBJ_TYPE_COMMIT,
142 		GOT_OBJ_TYPE_TREE,
143 		GOT_OBJ_TYPE_BLOB,
144 	};
145 	int type = 0;
146 	size_t size = 0, hdrlen = 0;
147 	int i;
148 	char *p = strchr(buf, '\0');
149 
150 	if (p == NULL)
151 		return got_error(GOT_ERR_BAD_OBJ_HDR);
152 
153 	hdrlen = strlen(buf) + 1 /* '\0' */;
154 
155 	for (i = 0; i < nitems(obj_tags); i++) {
156 		const char *tag = obj_tags[i];
157 		size_t tlen = strlen(tag);
158 		const char *errstr;
159 
160 		if (strncmp(buf, tag, tlen) != 0)
161 			continue;
162 
163 		type = obj_types[i];
164 		if (len <= tlen)
165 			return got_error(GOT_ERR_BAD_OBJ_HDR);
166 		size = strtonum(buf + tlen, 0, LONG_MAX, &errstr);
167 		if (errstr != NULL)
168 			return got_error(GOT_ERR_BAD_OBJ_HDR);
169 		break;
170 	}
171 
172 	if (type == 0)
173 		return got_error(GOT_ERR_BAD_OBJ_HDR);
174 
175 	*obj = calloc(1, sizeof(**obj));
176 	if (*obj == NULL)
177 		return got_error_from_errno();
178 	(*obj)->type = type;
179 	(*obj)->hdrlen = hdrlen;
180 	(*obj)->size = size;
181 	return NULL;
182 }
183 
184 static const struct got_error *
185 read_object_header(struct got_object **obj, FILE *f)
186 {
187 	const struct got_error *err;
188 	struct got_zstream_buf zb;
189 	char *buf;
190 	const size_t zbsize = 64;
191 	size_t outlen, totlen;
192 	int i;
193 
194 	buf = calloc(zbsize, sizeof(char));
195 	if (buf == NULL)
196 		return got_error_from_errno();
197 
198 	err = got_inflate_init(&zb, NULL, zbsize);
199 	if (err)
200 		return err;
201 
202 	i = 0;
203 	totlen = 0;
204 	do {
205 		err = got_inflate_read(&zb, f, &outlen);
206 		if (err)
207 			goto done;
208 		if (strchr(zb.outbuf, '\0') == NULL) {
209 			buf = recallocarray(buf, 1 + i, 2 + i, zbsize);
210 			if (buf == NULL) {
211 				err = got_error_from_errno();
212 				goto done;
213 			}
214 		}
215 		memcpy(buf + totlen, zb.outbuf, outlen);
216 		totlen += outlen;
217 		i++;
218 	} while (strchr(zb.outbuf, '\0') == NULL);
219 
220 	err = parse_object_header(obj, buf, totlen);
221 done:
222 	got_inflate_end(&zb);
223 	return err;
224 }
225 
226 static void
227 read_object_header_privsep_child(int obj_fd, int imsg_fds[2])
228 {
229 	const struct got_error *err = NULL;
230 	struct got_object *obj = NULL;
231 	struct imsgbuf ibuf;
232 	FILE *f = NULL;
233 	int status = 0;
234 
235 	setproctitle("read object header");
236 	close(imsg_fds[0]);
237 	imsg_init(&ibuf, imsg_fds[1]);
238 
239 	/* revoke access to most system calls */
240 	if (pledge("stdio", NULL) == -1) {
241 		err = got_error_from_errno();
242 		goto done;
243 	}
244 
245 	f = fdopen(obj_fd, "rb");
246 	if (f == NULL) {
247 		err = got_error_from_errno();
248 		close(obj_fd);
249 		goto done;
250 	}
251 
252 	err = read_object_header(&obj, f);
253 	if (err)
254 		goto done;
255 
256 	err = got_privsep_send_obj(&ibuf, obj, 0);
257 done:
258 	if (obj)
259 		got_object_close(obj);
260 	if (err) {
261 		got_privsep_send_error(&ibuf, err);
262 		status = 1;
263 	}
264 	if (f)
265 		fclose(f);
266 	imsg_clear(&ibuf);
267 	close(imsg_fds[1]);
268 	_exit(status);
269 }
270 
271 static const struct got_error *
272 wait_for_child(pid_t pid)
273 {
274 	int child_status;
275 
276 	waitpid(pid, &child_status, 0);
277 
278 	if (!WIFEXITED(child_status))
279 		return got_error(GOT_ERR_PRIVSEP_DIED);
280 
281 	if (WEXITSTATUS(child_status) != 0)
282 		return got_error(GOT_ERR_PRIVSEP_EXIT);
283 
284 	return NULL;
285 }
286 
287 static const struct got_error *
288 read_object_header_privsep(struct got_object **obj, int fd)
289 {
290 	struct imsgbuf parent_ibuf;
291 	int imsg_fds[2];
292 	const struct got_error *err = NULL, *err_child = NULL;
293 	pid_t pid;
294 
295 	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, imsg_fds) == -1)
296 		return got_error_from_errno();
297 
298 	pid = fork();
299 	if (pid == -1)
300 		return got_error_from_errno();
301 	else if (pid == 0) {
302 		read_object_header_privsep_child(fd, imsg_fds);
303 		/* not reached */
304 	}
305 
306 	close(imsg_fds[1]);
307 	imsg_init(&parent_ibuf, imsg_fds[0]);
308 	err = got_privsep_recv_obj(obj, &parent_ibuf);
309 	imsg_clear(&parent_ibuf);
310 	err_child = wait_for_child(pid);
311 	close(imsg_fds[0]);
312 	return err ? err : err_child;
313 }
314 
315 static const struct got_error *
316 object_path(char **path, struct got_object_id *id, struct got_repository *repo)
317 {
318 	const struct got_error *err = NULL;
319 	char *hex;
320 	char *path_objects = got_repo_get_path_objects(repo);
321 
322 	*path = NULL;
323 
324 	if (path_objects == NULL)
325 		return got_error_from_errno();
326 
327 	err = got_object_id_str(&hex, id);
328 	if (err)
329 		return err;
330 
331 	if (asprintf(path, "%s/%.2x/%s", path_objects,
332 	    id->sha1[0], hex + 2) == -1)
333 		err = got_error_from_errno();
334 
335 	free(hex);
336 	free(path_objects);
337 	return err;
338 }
339 
340 static const struct got_error *
341 open_loose_object(int *fd, struct got_object *obj, struct got_repository *repo)
342 {
343 	const struct got_error *err = NULL;
344 	char *path;
345 
346 	err = object_path(&path, &obj->id, repo);
347 	if (err)
348 		return err;
349 	*fd = open(path, O_RDONLY | O_NOFOLLOW, GOT_DEFAULT_FILE_MODE);
350 	if (*fd == -1) {
351 		err = got_error_from_errno();
352 		goto done;
353 	}
354 done:
355 	free(path);
356 	return err;
357 }
358 
359 const struct got_error *
360 got_object_open(struct got_object **obj, struct got_repository *repo,
361     struct got_object_id *id)
362 {
363 	const struct got_error *err = NULL;
364 	char *path;
365 	int fd;
366 
367 	err = object_path(&path, id, repo);
368 	if (err)
369 		return err;
370 
371 	fd = open(path, O_RDONLY | O_NOFOLLOW, GOT_DEFAULT_FILE_MODE);
372 	if (fd == -1) {
373 		if (errno != ENOENT) {
374 			err = got_error_from_errno();
375 			goto done;
376 		}
377 		err = got_packfile_open_object(obj, id, repo);
378 		if (err)
379 			goto done;
380 		if (*obj == NULL)
381 			err = got_error(GOT_ERR_NO_OBJ);
382 	} else {
383 		err = read_object_header_privsep(obj, fd);
384 		if (err)
385 			goto done;
386 		memcpy((*obj)->id.sha1, id->sha1, SHA1_DIGEST_LENGTH);
387 	}
388 done:
389 	free(path);
390 	if (fd != -1)
391 		close(fd);
392 	return err;
393 
394 }
395 
396 const struct got_error *
397 got_object_open_by_id_str(struct got_object **obj, struct got_repository *repo,
398     const char *id_str)
399 {
400 	struct got_object_id id;
401 
402 	if (!got_parse_sha1_digest(id.sha1, id_str))
403 		return got_error(GOT_ERR_BAD_OBJ_ID_STR);
404 
405 	return got_object_open(obj, repo, &id);
406 }
407 
408 void
409 got_object_close(struct got_object *obj)
410 {
411 	if (obj->flags & GOT_OBJ_FLAG_DELTIFIED) {
412 		struct got_delta *delta;
413 		while (!SIMPLEQ_EMPTY(&obj->deltas.entries)) {
414 			delta = SIMPLEQ_FIRST(&obj->deltas.entries);
415 			SIMPLEQ_REMOVE_HEAD(&obj->deltas.entries, entry);
416 			got_delta_close(delta);
417 		}
418 	}
419 	if (obj->flags & GOT_OBJ_FLAG_PACKED)
420 		free(obj->path_packfile);
421 	free(obj);
422 }
423 
424 struct got_commit_object *
425 got_object_commit_alloc_partial(void)
426 {
427 	struct got_commit_object *commit;
428 
429 	commit = calloc(1, sizeof(*commit));
430 	if (commit == NULL)
431 		return NULL;
432 	commit->tree_id = calloc(1, sizeof(*commit->tree_id));
433 	if (commit->tree_id == NULL) {
434 		free(commit);
435 		return NULL;
436 	}
437 
438 	SIMPLEQ_INIT(&commit->parent_ids);
439 
440 	return commit;
441 }
442 
443 const struct got_error *
444 got_object_open_as_commit(struct got_commit_object **commit,
445     struct got_repository *repo, struct got_object_id *id)
446 {
447 	const struct got_error *err;
448 	struct got_object *obj;
449 
450 	err = got_object_open(&obj, repo, id);
451 	if (err)
452 		return err;
453 	if (got_object_get_type(obj) != GOT_OBJ_TYPE_COMMIT) {
454 		err = got_error(GOT_ERR_OBJ_TYPE);
455 		goto done;
456 	}
457 
458 	err = got_object_commit_open(commit, repo, obj);
459 done:
460 	got_object_close(obj);
461 	return err;
462 }
463 
464 const struct got_error *
465 got_object_commit_add_parent(struct got_commit_object *commit,
466     const char *id_str)
467 {
468 	const struct got_error *err = NULL;
469 	struct got_object_qid *qid;
470 
471 	qid = calloc(1, sizeof(*qid));
472 	if (qid == NULL)
473 		return got_error_from_errno();
474 
475 	qid->id = calloc(1, sizeof(*qid->id));
476 	if (qid->id == NULL) {
477 		err = got_error_from_errno();
478 		free(qid);
479 		return err;
480 	}
481 
482 	if (!got_parse_sha1_digest(qid->id->sha1, id_str)) {
483 		err = got_error(GOT_ERR_BAD_OBJ_DATA);
484 		free(qid->id);
485 		free(qid);
486 		return err;
487 	}
488 
489 	SIMPLEQ_INSERT_TAIL(&commit->parent_ids, qid, entry);
490 	commit->nparents++;
491 
492 	return NULL;
493 }
494 
495 static const struct got_error *
496 parse_commit_time(time_t *time, char **tzoff, char *committer)
497 {
498 	const char *errstr;
499 	char *space;
500 
501 	*time = 0;
502 
503 	/* Parse and then strip trailing timezone indicator. */
504 	space = strrchr(committer, ' ');
505 	if (space == NULL)
506 		return got_error(GOT_ERR_BAD_OBJ_DATA);
507 	*tzoff = strdup(space + 1);
508 	if (*tzoff == NULL)
509 		return got_error_from_errno();
510 	*space = '\0';
511 
512 	/* Timestamp is separated from committer name + email by space. */
513 	space = strrchr(committer, ' ');
514 	if (space == NULL)
515 		return got_error(GOT_ERR_BAD_OBJ_DATA);
516 
517 	*time = strtonum(space + 1, 0, INT64_MAX, &errstr);
518 	if (errstr)
519 		return got_error(GOT_ERR_BAD_OBJ_DATA);
520 
521 	/* Strip off parsed time information, leaving just author and email. */
522 	*space = '\0';
523 	return NULL;
524 }
525 
526 static const struct got_error *
527 parse_commit_object(struct got_commit_object **commit, char *buf, size_t len)
528 {
529 	const struct got_error *err = NULL;
530 	char *s = buf;
531 	size_t tlen;
532 	ssize_t remain = (ssize_t)len;
533  
534 	*commit = got_object_commit_alloc_partial();
535 	if (*commit == NULL)
536 		return got_error_from_errno();
537 
538 	tlen = strlen(GOT_COMMIT_TAG_TREE);
539 	if (strncmp(s, GOT_COMMIT_TAG_TREE, tlen) == 0) {
540 		remain -= tlen;
541 		if (remain < SHA1_DIGEST_STRING_LENGTH) {
542 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
543 			goto done;
544 		}
545 		s += tlen;
546 		if (!got_parse_sha1_digest((*commit)->tree_id->sha1, s)) {
547 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
548 			goto done;
549 		}
550 		remain -= SHA1_DIGEST_STRING_LENGTH;
551 		s += SHA1_DIGEST_STRING_LENGTH;
552 	} else {
553 		err = got_error(GOT_ERR_BAD_OBJ_DATA);
554 		goto done;
555 	}
556 
557 	tlen = strlen(GOT_COMMIT_TAG_PARENT);
558 	while (strncmp(s, GOT_COMMIT_TAG_PARENT, tlen) == 0) {
559 		remain -= tlen;
560 		if (remain < SHA1_DIGEST_STRING_LENGTH) {
561 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
562 			goto done;
563 		}
564 		s += tlen;
565 		err = got_object_commit_add_parent(*commit, s);
566 		if (err)
567 			goto done;
568 
569 		remain -= SHA1_DIGEST_STRING_LENGTH;
570 		s += SHA1_DIGEST_STRING_LENGTH;
571 	}
572 
573 	tlen = strlen(GOT_COMMIT_TAG_AUTHOR);
574 	if (strncmp(s, GOT_COMMIT_TAG_AUTHOR, tlen) == 0) {
575 		char *p;
576 		size_t slen;
577 
578 		remain -= tlen;
579 		if (remain <= 0) {
580 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
581 			goto done;
582 		}
583 		s += tlen;
584 		p = strchr(s, '\n');
585 		if (p == NULL) {
586 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
587 			goto done;
588 		}
589 		*p = '\0';
590 		slen = strlen(s);
591 		err = parse_commit_time(&(*commit)->author_time,
592 		    &(*commit)->author_tzoff, s);
593 		if (err)
594 			goto done;
595 		(*commit)->author = strdup(s);
596 		if ((*commit)->author == NULL) {
597 			err = got_error_from_errno();
598 			goto done;
599 		}
600 		s += slen + 1;
601 		remain -= slen + 1;
602 	}
603 
604 	tlen = strlen(GOT_COMMIT_TAG_COMMITTER);
605 	if (strncmp(s, GOT_COMMIT_TAG_COMMITTER, tlen) == 0) {
606 		char *p;
607 		size_t slen;
608 
609 		remain -= tlen;
610 		if (remain <= 0) {
611 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
612 			goto done;
613 		}
614 		s += tlen;
615 		p = strchr(s, '\n');
616 		if (p == NULL) {
617 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
618 			goto done;
619 		}
620 		*p = '\0';
621 		slen = strlen(s);
622 		err = parse_commit_time(&(*commit)->committer_time,
623 		    &(*commit)->committer_tzoff, s);
624 		if (err)
625 			goto done;
626 		(*commit)->committer = strdup(s);
627 		if ((*commit)->committer == NULL) {
628 			err = got_error_from_errno();
629 			goto done;
630 		}
631 		s += slen + 1;
632 		remain -= slen + 1;
633 	}
634 
635 	(*commit)->logmsg = strndup(s, remain);
636 	if ((*commit)->logmsg == NULL) {
637 		err = got_error_from_errno();
638 		goto done;
639 	}
640 done:
641 	if (err) {
642 		got_object_commit_close(*commit);
643 		*commit = NULL;
644 	}
645 	return err;
646 }
647 
648 static void
649 tree_entry_close(struct got_tree_entry *te)
650 {
651 	free(te->id);
652 	free(te->name);
653 	free(te);
654 }
655 
656 struct got_tree_entry *
657 got_alloc_tree_entry_partial(void)
658 {
659 	struct got_tree_entry *te;
660 
661 	te = calloc(1, sizeof(*te));
662 	if (te == NULL)
663 		return NULL;
664 
665 	te->id = calloc(1, sizeof(*te->id));
666 	if (te->id == NULL) {
667 		free(te);
668 		te = NULL;
669 	}
670 	return te;
671 }
672 
673 static const struct got_error *
674 parse_tree_entry(struct got_tree_entry **te, size_t *elen, char *buf,
675     size_t maxlen)
676 {
677 	char *p = buf, *space;
678 	const struct got_error *err = NULL;
679 
680 	*te = got_alloc_tree_entry_partial();
681 	if (*te == NULL)
682 		return got_error_from_errno();
683 
684 	*elen = strlen(buf) + 1;
685 	if (*elen > maxlen) {
686 		free(*te);
687 		*te = NULL;
688 		return got_error(GOT_ERR_BAD_OBJ_DATA);
689 	}
690 
691 	space = strchr(buf, ' ');
692 	if (space == NULL) {
693 		err = got_error(GOT_ERR_BAD_OBJ_DATA);
694 		free(*te);
695 		*te = NULL;
696 		return err;
697 	}
698 	while (*p != ' ') {
699 		if (*p < '0' && *p > '7') {
700 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
701 			goto done;
702 		}
703 		(*te)->mode <<= 3;
704 		(*te)->mode |= *p - '0';
705 		p++;
706 	}
707 
708 	(*te)->name = strdup(space + 1);
709 	if (*elen > maxlen || maxlen - *elen < SHA1_DIGEST_LENGTH) {
710 		err = got_error(GOT_ERR_BAD_OBJ_DATA);
711 		goto done;
712 	}
713 	buf += strlen(buf) + 1;
714 	memcpy((*te)->id->sha1, buf, SHA1_DIGEST_LENGTH);
715 	*elen += SHA1_DIGEST_LENGTH;
716 done:
717 	if (err) {
718 		tree_entry_close(*te);
719 		*te = NULL;
720 	}
721 	return err;
722 }
723 
724 static const struct got_error *
725 parse_tree_object(struct got_tree_object **tree, uint8_t *buf, size_t len)
726 {
727 	const struct got_error *err;
728 	size_t remain = len;
729 
730 	*tree = calloc(1, sizeof(**tree));
731 	if (*tree == NULL)
732 		return got_error_from_errno();
733 
734 	SIMPLEQ_INIT(&(*tree)->entries);
735 
736 	while (remain > 0) {
737 		struct got_tree_entry *te;
738 		size_t elen;
739 
740 		err = parse_tree_entry(&te, &elen, buf, remain);
741 		if (err)
742 			return err;
743 		(*tree)->nentries++;
744 		SIMPLEQ_INSERT_TAIL(&(*tree)->entries, te, entry);
745 		buf += elen;
746 		remain -= elen;
747 	}
748 
749 	if (remain != 0) {
750 		got_object_tree_close(*tree);
751 		return got_error(GOT_ERR_BAD_OBJ_DATA);
752 	}
753 
754 	return NULL;
755 }
756 
757 static const struct got_error *
758 read_to_mem(uint8_t **outbuf, size_t *outlen, FILE *f)
759 {
760 	const struct got_error *err = NULL;
761 	static const size_t blocksize = 512;
762 	size_t n, total, remain;
763 	uint8_t *buf;
764 
765 	*outbuf = NULL;
766 	*outlen = 0;
767 
768 	buf = calloc(1, blocksize);
769 	if (buf == NULL)
770 		return got_error_from_errno();
771 
772 	remain = blocksize;
773 	total = 0;
774 	while (1) {
775 		if (remain == 0) {
776 			uint8_t *newbuf;
777 			newbuf = reallocarray(buf, 1, total + blocksize);
778 			if (newbuf == NULL) {
779 				err = got_error_from_errno();
780 				goto done;
781 			}
782 			buf = newbuf;
783 			remain += blocksize;
784 		}
785 		n = fread(buf + total, 1, remain, f);
786 		if (n == 0) {
787 			if (ferror(f)) {
788 				err = got_ferror(f, GOT_ERR_IO);
789 				goto done;
790 			}
791 			break; /* EOF */
792 		}
793 		remain -= n;
794 		total += n;
795 	};
796 
797 done:
798 	if (err == NULL) {
799 		*outbuf = buf;
800 		*outlen = total;
801 	} else
802 		free(buf);
803 	return err;
804 }
805 
806 static const struct got_error *
807 read_commit_object(struct got_commit_object **commit, struct got_object *obj,
808     FILE *f)
809 {
810 	const struct got_error *err = NULL;
811 	size_t len;
812 	uint8_t *p;
813 
814 	if (obj->flags & GOT_OBJ_FLAG_PACKED)
815 		err = read_to_mem(&p, &len, f);
816 	else
817 		err = got_inflate_to_mem(&p, &len, f);
818 	if (err)
819 		return err;
820 
821 	if (len < obj->hdrlen + obj->size) {
822 		err = got_error(GOT_ERR_BAD_OBJ_DATA);
823 		goto done;
824 	}
825 
826 	/* Skip object header. */
827 	len -= obj->hdrlen;
828 	err = parse_commit_object(commit, p + obj->hdrlen, len);
829 	free(p);
830 done:
831 	return err;
832 }
833 
834 static void
835 read_commit_object_privsep_child(struct got_object *obj, int obj_fd,
836     int imsg_fds[2])
837 {
838 	const struct got_error *err = NULL;
839 	struct got_commit_object *commit = NULL;
840 	struct imsgbuf ibuf;
841 	FILE *f = NULL;
842 	int status = 0;
843 
844 	setproctitle("read commit object");
845 	close(imsg_fds[0]);
846 	imsg_init(&ibuf, imsg_fds[1]);
847 
848 	/* revoke access to most system calls */
849 	if (pledge("stdio", NULL) == -1) {
850 		err = got_error_from_errno();
851 		goto done;
852 	}
853 
854 	f = fdopen(obj_fd, "rb");
855 	if (f == NULL) {
856 		err = got_error_from_errno();
857 		close(obj_fd);
858 		goto done;
859 	}
860 
861 	err = read_commit_object(&commit, obj, f);
862 	if (err)
863 		goto done;
864 
865 	err = got_privsep_send_commit(&ibuf, commit);
866 done:
867 	if (commit)
868 		got_object_commit_close(commit);
869 	if (err) {
870 		got_privsep_send_error(&ibuf, err);
871 		status = 1;
872 	}
873 	if (f)
874 		fclose(f);
875 	imsg_clear(&ibuf);
876 	close(imsg_fds[1]);
877 	_exit(status);
878 }
879 
880 static const struct got_error *
881 read_commit_object_privsep(struct got_commit_object **commit,
882     struct got_repository *repo, struct got_object *obj, int fd)
883 {
884 	const struct got_error *err = NULL, *err_child = NULL;
885 	struct imsgbuf parent_ibuf;
886 	int imsg_fds[2];
887 	pid_t pid;
888 
889 	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, imsg_fds) == -1)
890 		return got_error_from_errno();
891 
892 	pid = fork();
893 	if (pid == -1)
894 		return got_error_from_errno();
895 	else if (pid == 0) {
896 		read_commit_object_privsep_child(obj, fd, imsg_fds);
897 		/* not reached */
898 	}
899 
900 	close(imsg_fds[1]);
901 	imsg_init(&parent_ibuf, imsg_fds[0]);
902 	err = got_privsep_recv_commit(commit, &parent_ibuf);
903 	imsg_clear(&parent_ibuf);
904 	err_child = wait_for_child(pid);
905 	close(imsg_fds[0]);
906 	return err ? err : err_child;
907 }
908 
909 const struct got_error *
910 got_object_commit_open(struct got_commit_object **commit,
911     struct got_repository *repo, struct got_object *obj)
912 {
913 	const struct got_error *err = NULL;
914 
915 	if (obj->type != GOT_OBJ_TYPE_COMMIT)
916 		return got_error(GOT_ERR_OBJ_TYPE);
917 
918 	if (obj->flags & GOT_OBJ_FLAG_PACKED) {
919 		uint8_t *buf;
920 		size_t len;
921 		err = got_packfile_extract_object_to_mem(&buf, &len, obj, repo);
922 		if (err)
923 			return err;
924 		obj->size = len;
925 		err = parse_commit_object(commit, buf, len);
926 		free(buf);
927 	} else {
928 		int fd;
929 		err = open_loose_object(&fd, obj, repo);
930 		if (err)
931 			return err;
932 		err = read_commit_object_privsep(commit, repo, obj, fd);
933 		close(fd);
934 	}
935 	return err;
936 }
937 
938 void
939 got_object_commit_close(struct got_commit_object *commit)
940 {
941 	struct got_object_qid *qid;
942 
943 	while (!SIMPLEQ_EMPTY(&commit->parent_ids)) {
944 		qid = SIMPLEQ_FIRST(&commit->parent_ids);
945 		SIMPLEQ_REMOVE_HEAD(&commit->parent_ids, entry);
946 		free(qid->id);
947 		free(qid);
948 	}
949 
950 	free(commit->tree_id);
951 	free(commit->author);
952 	free(commit->author_tzoff);
953 	free(commit->committer);
954 	free(commit->committer_tzoff);
955 	free(commit->logmsg);
956 	free(commit);
957 }
958 
959 static const struct got_error *
960 read_tree_object(struct got_tree_object **tree, struct got_object *obj, FILE *f)
961 {
962 	const struct got_error *err = NULL;
963 	size_t len;
964 	uint8_t *p;
965 
966 	if (obj->flags & GOT_OBJ_FLAG_PACKED)
967 		err = read_to_mem(&p, &len, f);
968 	else
969 		err = got_inflate_to_mem(&p, &len, f);
970 	if (err)
971 		return err;
972 
973 	if (len < obj->hdrlen + obj->size) {
974 		err = got_error(GOT_ERR_BAD_OBJ_DATA);
975 		goto done;
976 	}
977 
978 	/* Skip object header. */
979 	len -= obj->hdrlen;
980 	err = parse_tree_object(tree, p + obj->hdrlen, len);
981 	free(p);
982 done:
983 	return err;
984 }
985 
986 static void
987 read_tree_object_privsep_child(struct got_object *obj, int obj_fd,
988     int imsg_fds[2])
989 {
990 	const struct got_error *err = NULL;
991 	struct got_tree_object *tree = NULL;
992 	struct imsgbuf ibuf;
993 	FILE *f = NULL;
994 	int status = 0;
995 
996 	setproctitle("read tree object");
997 	close(imsg_fds[0]);
998 	imsg_init(&ibuf, imsg_fds[1]);
999 
1000 	/* revoke access to most system calls */
1001 	if (pledge("stdio", NULL) == -1) {
1002 		err = got_error_from_errno();
1003 		goto done;
1004 	}
1005 
1006 	f = fdopen(obj_fd, "rb");
1007 	if (f == NULL) {
1008 		err = got_error_from_errno();
1009 		close(obj_fd);
1010 		goto done;
1011 	}
1012 
1013 	err = read_tree_object(&tree, obj, f);
1014 	if (err)
1015 		goto done;
1016 
1017 	err = got_privsep_send_tree(&ibuf, tree);
1018 done:
1019 	if (tree)
1020 		got_object_tree_close(tree);
1021 	if (err) {
1022 		got_privsep_send_error(&ibuf, err);
1023 		status = 1;
1024 	}
1025 	if (f)
1026 		fclose(f);
1027 	imsg_clear(&ibuf);
1028 	close(imsg_fds[1]);
1029 	_exit(status);
1030 }
1031 
1032 static const struct got_error *
1033 read_tree_object_privsep(struct got_tree_object **tree, struct got_object *obj,
1034     int fd)
1035 {
1036 	const struct got_error *err = NULL, *err_child = NULL;
1037 	struct imsgbuf parent_ibuf;
1038 	int imsg_fds[2];
1039 	pid_t pid;
1040 
1041 	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, imsg_fds) == -1)
1042 		return got_error_from_errno();
1043 
1044 	pid = fork();
1045 	if (pid == -1)
1046 		return got_error_from_errno();
1047 	else if (pid == 0) {
1048 		read_tree_object_privsep_child(obj, fd, imsg_fds);
1049 		/* not reached */
1050 	}
1051 
1052 	close(imsg_fds[1]);
1053 	imsg_init(&parent_ibuf, imsg_fds[0]);
1054 	err = got_privsep_recv_tree(tree, &parent_ibuf);
1055 	imsg_clear(&parent_ibuf);
1056 	err_child = wait_for_child(pid);
1057 	close(imsg_fds[0]);
1058 	return err ? err : err_child;
1059 }
1060 
1061 const struct got_error *
1062 got_object_tree_open(struct got_tree_object **tree,
1063     struct got_repository *repo, struct got_object *obj)
1064 {
1065 	const struct got_error *err = NULL;
1066 
1067 	if (obj->type != GOT_OBJ_TYPE_TREE)
1068 		return got_error(GOT_ERR_OBJ_TYPE);
1069 
1070 	if (obj->flags & GOT_OBJ_FLAG_PACKED) {
1071 		uint8_t *buf;
1072 		size_t len;
1073 		err = got_packfile_extract_object_to_mem(&buf, &len, obj, repo);
1074 		if (err)
1075 			return err;
1076 		obj->size = len;
1077 		err = parse_tree_object(tree, buf, len);
1078 		free(buf);
1079 	} else {
1080 		int fd;
1081 		err = open_loose_object(&fd, obj, repo);
1082 		if (err)
1083 			return err;
1084 		err = read_tree_object_privsep(tree, obj, fd);
1085 		close(fd);
1086 	}
1087 	return err;
1088 }
1089 
1090 void
1091 got_object_tree_close(struct got_tree_object *tree)
1092 {
1093 	struct got_tree_entry *te;
1094 
1095 	while (!SIMPLEQ_EMPTY(&tree->entries)) {
1096 		te = SIMPLEQ_FIRST(&tree->entries);
1097 		SIMPLEQ_REMOVE_HEAD(&tree->entries, entry);
1098 		tree_entry_close(te);
1099 	}
1100 
1101 	free(tree);
1102 }
1103 
1104 static const struct got_error *
1105 read_blob_object_privsep_child(int outfd, int infd, int imsg_fds[2])
1106 {
1107 	const struct got_error *err = NULL;
1108 	struct imsgbuf ibuf;
1109 	int status = 0;
1110 	size_t size;
1111 	FILE *infile = NULL;
1112 
1113 	setproctitle("read blob object");
1114 	close(imsg_fds[0]);
1115 	imsg_init(&ibuf, imsg_fds[1]);
1116 
1117 	/* revoke access to most system calls */
1118 	if (pledge("stdio", NULL) == -1) {
1119 		err = got_error_from_errno();
1120 		goto done;
1121 	}
1122 
1123 	infile = fdopen(infd, "rb");
1124 	if (infile == NULL) {
1125 		err = got_error_from_errno();
1126 		close(infd);
1127 		goto done;
1128 	}
1129 	err = got_inflate_to_fd(&size, infile, outfd);
1130 	fclose(infile);
1131 	if (err)
1132 		goto done;
1133 
1134 	err = got_privsep_send_blob(&ibuf, size);
1135 done:
1136 	if (err) {
1137 		got_privsep_send_error(&ibuf, err);
1138 		status = 1;
1139 	}
1140 	close(outfd);
1141 	imsg_clear(&ibuf);
1142 	close(imsg_fds[1]);
1143 	_exit(status);
1144 }
1145 
1146 static const struct got_error *
1147 read_blob_object_privsep(size_t *size, int outfd, int infd)
1148 {
1149 	struct imsgbuf parent_ibuf;
1150 	int imsg_fds[2];
1151 	const struct got_error *err = NULL, *err_child = NULL;
1152 	pid_t pid;
1153 
1154 	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, imsg_fds) == -1)
1155 		return got_error_from_errno();
1156 
1157 	pid = fork();
1158 	if (pid == -1)
1159 		return got_error_from_errno();
1160 	else if (pid == 0) {
1161 		read_blob_object_privsep_child(outfd, infd, imsg_fds);
1162 		/* not reached */
1163 	}
1164 
1165 	close(imsg_fds[1]);
1166 	imsg_init(&parent_ibuf, imsg_fds[0]);
1167 	err = got_privsep_recv_blob(size, &parent_ibuf);
1168 	imsg_clear(&parent_ibuf);
1169 	err_child = wait_for_child(pid);
1170 	close(imsg_fds[0]);
1171 	if (lseek(outfd, SEEK_SET, 0) == -1)
1172 		err = got_error_from_errno();
1173 	return err ? err : err_child;
1174 }
1175 
1176 const struct got_error *
1177 got_object_blob_open(struct got_blob_object **blob,
1178     struct got_repository *repo, struct got_object *obj, size_t blocksize)
1179 {
1180 	const struct got_error *err = NULL;
1181 
1182 	if (obj->type != GOT_OBJ_TYPE_BLOB)
1183 		return got_error(GOT_ERR_OBJ_TYPE);
1184 
1185 	if (blocksize < obj->hdrlen)
1186 		return got_error(GOT_ERR_NO_SPACE);
1187 
1188 	*blob = calloc(1, sizeof(**blob));
1189 	if (*blob == NULL)
1190 		return got_error_from_errno();
1191 
1192 	(*blob)->read_buf = calloc(1, blocksize);
1193 	if ((*blob)->read_buf == NULL) {
1194 		err = got_error_from_errno();
1195 		goto done;
1196 	}
1197 	if (obj->flags & GOT_OBJ_FLAG_PACKED) {
1198 		err = got_packfile_extract_object(&((*blob)->f), obj, repo);
1199 		if (err)
1200 			goto done;
1201 	} else {
1202 		int infd, outfd;
1203 		size_t size;
1204 		struct stat sb;
1205 
1206 		err = open_loose_object(&infd, obj, repo);
1207 		if (err)
1208 			goto done;
1209 
1210 
1211 		outfd = got_opentempfd();
1212 		if (outfd == -1) {
1213 			err = got_error_from_errno();
1214 			close(infd);
1215 			goto done;
1216 		}
1217 
1218 		err = read_blob_object_privsep(&size, outfd, infd);
1219 		close(infd);
1220 		if (err)
1221 			goto done;
1222 
1223 		if (size != obj->hdrlen + obj->size) {
1224 			err = got_error(GOT_ERR_PRIVSEP_LEN);
1225 			close(outfd);
1226 			goto done;
1227 		}
1228 
1229 		if (fstat(outfd, &sb) == -1) {
1230 			err = got_error_from_errno();
1231 			close(outfd);
1232 			goto done;
1233 		}
1234 
1235 		if (sb.st_size != size) {
1236 			err = got_error(GOT_ERR_PRIVSEP_LEN);
1237 			close(outfd);
1238 			goto done;
1239 		}
1240 
1241 		(*blob)->f = fdopen(outfd, "rb");
1242 		if ((*blob)->f == NULL) {
1243 			err = got_error_from_errno();
1244 			close(outfd);
1245 			goto done;
1246 		}
1247 	}
1248 
1249 	(*blob)->hdrlen = obj->hdrlen;
1250 	(*blob)->blocksize = blocksize;
1251 	memcpy(&(*blob)->id.sha1, obj->id.sha1, SHA1_DIGEST_LENGTH);
1252 
1253 done:
1254 	if (err && *blob) {
1255 		if ((*blob)->f)
1256 			fclose((*blob)->f);
1257 		free((*blob)->read_buf);
1258 		free(*blob);
1259 		*blob = NULL;
1260 	}
1261 	return err;
1262 }
1263 
1264 void
1265 got_object_blob_close(struct got_blob_object *blob)
1266 {
1267 	free(blob->read_buf);
1268 	fclose(blob->f);
1269 	free(blob);
1270 }
1271 
1272 char *
1273 got_object_blob_id_str(struct got_blob_object *blob, char *buf, size_t size)
1274 {
1275 	return got_sha1_digest_to_str(blob->id.sha1, buf, size);
1276 }
1277 
1278 size_t
1279 got_object_blob_get_hdrlen(struct got_blob_object *blob)
1280 {
1281 	return blob->hdrlen;
1282 }
1283 
1284 const uint8_t *
1285 got_object_blob_get_read_buf(struct got_blob_object *blob)
1286 {
1287 	return blob->read_buf;
1288 }
1289 
1290 const struct got_error *
1291 got_object_blob_read_block(size_t *outlenp, struct got_blob_object *blob)
1292 {
1293 	size_t n;
1294 
1295 	n = fread(blob->read_buf, 1, blob->blocksize, blob->f);
1296 	if (n == 0 && ferror(blob->f))
1297 		return got_ferror(blob->f, GOT_ERR_IO);
1298 	*outlenp = n;
1299 	return NULL;
1300 }