Gotweb

Blob

Date:: Fri Oct 8 12:21:31 2021 UTC
Message:: plug memory leaks in got-fetch-pack and got-send-pack ok naddy
Actions:: History | Blame | Raw File
1 /*
2  * Copyright (c) 2019 Ori Bernstein <ori@openbsd.org>
3  * Copyright (c) 2021 Stefan Sperling <stsp@openbsd.org>
4  *
5  * Permission to use, copy, modify, and distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 #include <sys/types.h>
19 #include <sys/uio.h>
20 #include <sys/time.h>
21 #include <sys/stat.h>
22 
23 #include <stdint.h>
24 #include <errno.h>
25 #include <limits.h>
26 #include <signal.h>
27 #include <stdio.h>
28 #include <stdlib.h>
29 #include <string.h>
30 #include <ctype.h>
31 #include <fcntl.h>
32 #include <unistd.h>
33 #include <zlib.h>
34 #include <err.h>
35 
36 #include "got_error.h"
37 #include "got_object.h"
38 #include "got_path.h"
39 #include "got_version.h"
40 #include "got_fetch.h"
41 #include "got_reference.h"
42 
43 #include "got_lib_sha1.h"
44 #include "got_lib_delta.h"
45 #include "got_lib_object.h"
46 #include "got_lib_object_parse.h"
47 #include "got_lib_privsep.h"
48 #include "got_lib_pack.h"
49 #include "got_lib_pkt.h"
50 #include "got_lib_gitproto.h"
51 
52 #ifndef nitems
53 #define nitems(_a)	(sizeof((_a)) / sizeof((_a)[0]))
54 #endif
55 
56 struct got_object *indexed;
57 static int chattygot;
58 
59 static const struct got_capability got_capabilities[] = {
60 	{ GOT_CAPA_AGENT, "got/" GOT_VERSION_STR },
61 	{ GOT_CAPA_OFS_DELTA, NULL },
62 #if 0
63 	{ GOT_CAPA_SIDE_BAND_64K, NULL },
64 #endif
65 	{ GOT_CAPA_REPORT_STATUS, NULL },
66 	{ GOT_CAPA_DELETE_REFS, NULL },
67 };
68 
69 static const struct got_error *
70 send_upload_progress(struct imsgbuf *ibuf, off_t bytes)
71 {
72 	if (imsg_compose(ibuf, GOT_IMSG_SEND_UPLOAD_PROGRESS, 0, 0, -1,
73 	    &bytes, sizeof(bytes)) == -1)
74 		return got_error_from_errno(
75 		    "imsg_compose SEND_UPLOAD_PROGRESS");
76 
77 	return got_privsep_flush_imsg(ibuf);
78 }
79 
80 static const struct got_error *
81 send_pack_request(struct imsgbuf *ibuf)
82 {
83 	if (imsg_compose(ibuf, GOT_IMSG_SEND_PACK_REQUEST, 0, 0, -1,
84 	    NULL, 0) == -1)
85 		return got_error_from_errno("imsg_compose SEND_PACK_REQUEST");
86 	return got_privsep_flush_imsg(ibuf);
87 }
88 
89 static const struct got_error *
90 send_done(struct imsgbuf *ibuf)
91 {
92 	if (imsg_compose(ibuf, GOT_IMSG_SEND_DONE, 0, 0, -1, NULL, 0) == -1)
93 		return got_error_from_errno("imsg_compose SEND_DONE");
94 	return got_privsep_flush_imsg(ibuf);
95 }
96 
97 static const struct got_error *
98 recv_packfd(int *packfd, struct imsgbuf *ibuf)
99 {
100 	const struct got_error *err;
101 	struct imsg imsg;
102 
103 	*packfd = -1;
104 
105 	err = got_privsep_recv_imsg(&imsg, ibuf, 0);
106 	if (err)
107 		return err;
108 		
109 	if (imsg.hdr.type == GOT_IMSG_STOP) {
110 		err = got_error(GOT_ERR_CANCELLED);
111 		goto done;
112 	}
113 
114 	if (imsg.hdr.type != GOT_IMSG_SEND_PACKFD) {
115 		err = got_error(GOT_ERR_PRIVSEP_MSG);
116 		goto done;
117 	}
118 
119 	if (imsg.hdr.len - IMSG_HEADER_SIZE != 0) {
120 		err = got_error(GOT_ERR_PRIVSEP_LEN);
121 		goto done;
122 	}
123 
124 	*packfd = imsg.fd;
125 done:
126 	imsg_free(&imsg);
127 	return err;
128 }
129 
130 static const struct got_error *
131 send_pack_file(int sendfd, int packfd, struct imsgbuf *ibuf)
132 {
133 	const struct got_error *err;
134 	unsigned char buf[8192];
135 	ssize_t r, w;
136 	off_t wtotal = 0;
137 
138 	if (lseek(packfd, 0L, SEEK_SET) == -1)
139 		return got_error_from_errno("lseek");
140 
141 	for (;;) {
142 		r = read(packfd, buf, sizeof(buf));
143 		if (r == -1)
144 			return got_error_from_errno("read");
145 		if (r == 0)
146 			break;
147 		w = write(sendfd, buf, r);
148 		if (w == -1)
149 			return got_error_from_errno("write");
150 		if (w != r)
151 			return got_error(GOT_ERR_IO);
152 		wtotal += w;
153 		err = send_upload_progress(ibuf, wtotal);
154 		if (err)
155 			return err;
156 	}
157 
158 	return NULL;
159 }
160 
161 static const struct got_error *
162 send_error(const char *buf, size_t len)
163 {
164 	static char msg[1024];
165 	size_t i;
166 
167 	for (i = 0; i < len && i < sizeof(msg) - 1; i++) {
168 		if (!isprint(buf[i]))
169 			return got_error_msg(GOT_ERR_BAD_PACKET,
170 			    "non-printable error message received from server");
171 		msg[i] = buf[i];
172 	}
173 	msg[i] = '\0';
174 	return got_error_msg(GOT_ERR_SEND_FAILED, msg);
175 }
176 
177 static const struct got_error *
178 send_their_ref(struct imsgbuf *ibuf, struct got_object_id *refid,
179     const char *refname)
180 {
181 	const struct got_error *err = NULL;
182 	struct ibuf *wbuf;
183 	size_t len, reflen = strlen(refname);
184 
185 	len = sizeof(struct got_imsg_send_remote_ref) + reflen;
186 	if (len >= MAX_IMSGSIZE - IMSG_HEADER_SIZE)
187 		return got_error(GOT_ERR_NO_SPACE);
188 
189 	wbuf = imsg_create(ibuf, GOT_IMSG_SEND_REMOTE_REF, 0, 0, len);
190 	if (wbuf == NULL)
191 		return got_error_from_errno("imsg_create SEND_REMOTE_REF");
192 
193 	/* Keep in sync with struct got_imsg_send_remote_ref definition! */
194 	if (imsg_add(wbuf, refid->sha1, SHA1_DIGEST_LENGTH) == -1) {
195 		err = got_error_from_errno("imsg_add SEND_REMOTE_REF");
196 		ibuf_free(wbuf);
197 		return err;
198 	}
199 	if (imsg_add(wbuf, &reflen, sizeof(reflen)) == -1) {
200 		err = got_error_from_errno("imsg_add SEND_REMOTE_REF");
201 		ibuf_free(wbuf);
202 		return err;
203 	}
204 	if (imsg_add(wbuf, refname, reflen) == -1) {
205 		err = got_error_from_errno("imsg_add SEND_REMOTE_REF");
206 		ibuf_free(wbuf);
207 		return err;
208 	}
209 
210 	wbuf->fd = -1;
211 	imsg_close(ibuf, wbuf);
212 	return got_privsep_flush_imsg(ibuf);
213 }
214 
215 static const struct got_error *
216 send_ref_status(struct imsgbuf *ibuf, const char *refname, int success,
217     struct got_pathlist_head *refs, struct got_pathlist_head *delete_refs)
218 {
219 	const struct got_error *err = NULL;
220 	struct ibuf *wbuf;
221 	size_t len, reflen = strlen(refname);
222 	struct got_pathlist_entry *pe;
223 	int ref_valid = 0;
224 	char *eol;
225 
226 	eol = strchr(refname, '\n');
227 	if (eol == NULL) {
228 		return got_error_msg(GOT_ERR_BAD_PACKET,
229 		    "unexpected message from server");
230 	}
231 	*eol = '\0';
232 
233 	TAILQ_FOREACH(pe, refs, entry) {
234 		if (strcmp(refname, pe->path) == 0) {
235 			ref_valid = 1;
236 			break;
237 		}
238 	}
239 	if (!ref_valid) {
240 		TAILQ_FOREACH(pe, delete_refs, entry) {
241 			if (strcmp(refname, pe->path) == 0) {
242 				ref_valid = 1;
243 				break;
244 			}
245 		}
246 	}
247 	if (!ref_valid) {
248 		return got_error_msg(GOT_ERR_BAD_PACKET,
249 		    "unexpected message from server");
250 	}
251 
252 	len = sizeof(struct got_imsg_send_ref_status) + reflen;
253 	if (len >= MAX_IMSGSIZE - IMSG_HEADER_SIZE)
254 		return got_error(GOT_ERR_NO_SPACE);
255 
256 	wbuf = imsg_create(ibuf, GOT_IMSG_SEND_REF_STATUS,
257 	    0, 0, len);
258 	if (wbuf == NULL)
259 		return got_error_from_errno("imsg_create SEND_REF_STATUS");
260 
261 	/* Keep in sync with struct got_imsg_send_ref_status definition! */
262 	if (imsg_add(wbuf, &success, sizeof(success)) == -1) {
263 		err = got_error_from_errno("imsg_add SEND_REF_STATUS");
264 		ibuf_free(wbuf);
265 		return err;
266 	}
267 	if (imsg_add(wbuf, &reflen, sizeof(reflen)) == -1) {
268 		err = got_error_from_errno("imsg_add SEND_REF_STATUS");
269 		ibuf_free(wbuf);
270 		return err;
271 	}
272 	if (imsg_add(wbuf, refname, reflen) == -1) {
273 		err = got_error_from_errno("imsg_add SEND_REF_STATUS");
274 		ibuf_free(wbuf);
275 		return err;
276 	}
277 
278 	wbuf->fd = -1;
279 	imsg_close(ibuf, wbuf);
280 	return got_privsep_flush_imsg(ibuf);
281 }
282 
283 static const struct got_error *
284 describe_refchange(int *n, int *sent_my_capabilites,
285     const char *my_capabilities, char *buf, size_t bufsize,
286     const char *refname, const char *old_hashstr, const char *new_hashstr)
287 {
288 	*n = snprintf(buf, bufsize, "%s %s %s",
289 	    old_hashstr, new_hashstr, refname);
290 	if (*n >= bufsize)
291 		return got_error(GOT_ERR_NO_SPACE);
292 
293 	/*
294 	 * We must announce our capabilities along with the first
295 	 * reference. Unfortunately, the protocol requires an embedded
296 	 * NUL as a separator between reference name and capabilities,
297 	 * which we have to deal with here.
298 	 * It also requires a linefeed for terminating packet data.
299 	 */
300 	if (!*sent_my_capabilites && my_capabilities != NULL) {
301 		int m;
302 		if (*n >= bufsize - 1)
303 			return got_error(GOT_ERR_NO_SPACE);
304 		m = snprintf(buf + *n + 1, /* offset after '\0' */
305 		    bufsize - (*n + 1), "%s\n", my_capabilities);
306 		if (*n + m >= bufsize)
307 			return got_error(GOT_ERR_NO_SPACE);
308 		*n += m;
309 		*sent_my_capabilites = 1;
310 	} else {
311 		*n = strlcat(buf, "\n", bufsize);
312 		if (*n >= bufsize)
313 			return got_error(GOT_ERR_NO_SPACE);
314 	}
315 
316 	return NULL;
317 }
318 
319 static const struct got_error *
320 send_pack(int fd, struct got_pathlist_head *refs,
321     struct got_pathlist_head *delete_refs, struct imsgbuf *ibuf)
322 {
323 	const struct got_error *err = NULL;
324 	char buf[GOT_PKT_MAX];
325 	unsigned char zero_id[SHA1_DIGEST_LENGTH] = { 0 };
326 	char old_hashstr[SHA1_DIGEST_STRING_LENGTH];
327 	char new_hashstr[SHA1_DIGEST_STRING_LENGTH];
328 	struct got_pathlist_head their_refs;
329 	int is_firstpkt = 1;
330 	int n, nsent = 0;
331 	int packfd = -1;
332 	char *id_str = NULL, *refname = NULL;
333 	struct got_object_id *id = NULL;
334 	char *server_capabilities = NULL, *my_capabilities = NULL;
335 	struct got_pathlist_entry *pe;
336 	int sent_my_capabilites = 0;
337 
338 	TAILQ_INIT(&their_refs);
339 
340 	if (TAILQ_EMPTY(refs) && TAILQ_EMPTY(delete_refs))
341 		return got_error(GOT_ERR_SEND_EMPTY);
342 
343 	while (1) {
344 		err = got_pkt_readpkt(&n, fd, buf, sizeof(buf), chattygot);
345 		if (err)
346 			goto done;
347 		if (n == 0)
348 			break;
349 		if (n >= 4 && strncmp(buf, "ERR ", 4) == 0) {
350 			err = send_error(&buf[4], n - 4);
351 			goto done;
352 		}
353 		free(id_str);
354 		free(refname);
355 		err = got_gitproto_parse_refline(&id_str, &refname,
356 		    &server_capabilities, buf, n);
357 		if (err)
358 			goto done;
359 		if (is_firstpkt) {
360 			if (chattygot && server_capabilities[0] != '\0')
361 				fprintf(stderr, "%s: server capabilities: %s\n",
362 				    getprogname(), server_capabilities);
363 			err = got_gitproto_match_capabilities(&my_capabilities,
364 			    NULL, server_capabilities, got_capabilities,
365 			    nitems(got_capabilities));
366 			if (err)
367 				goto done;
368 			if (chattygot)
369 				fprintf(stderr, "%s: my capabilities:%s\n",
370 				    getprogname(), my_capabilities);
371 			is_firstpkt = 0;
372 		}
373 		if (strstr(refname, "^{}")) {
374 			if (chattygot) {
375 				fprintf(stderr, "%s: ignoring %s\n",
376 				    getprogname(), refname);
377 			}
378 			continue;
379 		}
380 
381 		id = malloc(sizeof(*id));
382 		if (id == NULL) {
383 			err = got_error_from_errno("malloc");
384 			goto done;
385 		}
386 		if (!got_parse_sha1_digest(id->sha1, id_str)) {
387 			err = got_error(GOT_ERR_BAD_OBJ_ID_STR);
388 			goto done;
389 		}
390 		err = send_their_ref(ibuf, id, refname);
391 		if (err)
392 			goto done;
393 
394 		err = got_pathlist_append(&their_refs, refname, id);
395 		if (chattygot)
396 			fprintf(stderr, "%s: remote has %s %s\n",
397 			    getprogname(), refname, id_str);
398 		free(id_str);
399 		id_str = NULL;
400 		refname = NULL; /* do not free; owned by their_refs */
401 		id = NULL; /* do not free; owned by their_refs */
402 	}
403 
404 	if (!TAILQ_EMPTY(delete_refs)) {
405 		if (my_capabilities == NULL ||
406 		    strstr(my_capabilities, GOT_CAPA_DELETE_REFS) == NULL) {
407 			err = got_error(GOT_ERR_CAPA_DELETE_REFS);
408 			goto done;
409 		}
410 	}
411 
412 	TAILQ_FOREACH(pe, delete_refs, entry) {
413 		const char *refname = pe->path;
414 		struct got_pathlist_entry *their_pe;
415 		struct got_object_id *their_id = NULL;
416 
417 		TAILQ_FOREACH(their_pe, &their_refs, entry) {
418 			const char *their_refname = their_pe->path;
419 			if (got_path_cmp(refname, their_refname,
420 			    strlen(refname), strlen(their_refname)) == 0) {
421 				their_id = their_pe->data;
422 				break;
423 			}
424 		}
425 		if (their_id == NULL) {
426 			err = got_error_fmt(GOT_ERR_NOT_REF,
427 			    "%s does not exist in remote repository",
428 			    refname);
429 			goto done;
430 		}
431 
432 		got_sha1_digest_to_str(their_id->sha1, old_hashstr,
433 		    sizeof(old_hashstr));
434 		got_sha1_digest_to_str(zero_id, new_hashstr,
435 		    sizeof(new_hashstr));
436 		err = describe_refchange(&n, &sent_my_capabilites,
437 		    my_capabilities, buf, sizeof(buf), refname,
438 		    old_hashstr, new_hashstr);
439 		if (err)
440 			goto done;
441 		err = got_pkt_writepkt(fd, buf, n, chattygot);
442 		if (err)
443 			goto done;
444 		if (chattygot) {
445 			fprintf(stderr, "%s: deleting %s %s\n",
446 			    getprogname(), refname, old_hashstr);
447 		}
448 		nsent++;
449 	}
450 
451 	TAILQ_FOREACH(pe, refs, entry) {
452 		const char *refname = pe->path;
453 		struct got_object_id *id = pe->data;
454 		struct got_object_id *their_id = NULL;
455 		struct got_pathlist_entry *their_pe;
456 
457 		TAILQ_FOREACH(their_pe, &their_refs, entry) {
458 			const char *their_refname = their_pe->path;
459 			if (got_path_cmp(refname, their_refname,
460 			    strlen(refname), strlen(their_refname)) == 0) {
461 				their_id = their_pe->data;
462 				break;
463 			}
464 		}
465 		if (their_id) {
466 			if (got_object_id_cmp(id, their_id) == 0) {
467 				if (chattygot) {
468 					fprintf(stderr,
469 					    "%s: no change for %s\n",
470 					    getprogname(), refname);
471 				}
472 				continue;
473 			}
474 			got_sha1_digest_to_str(their_id->sha1, old_hashstr,
475 			    sizeof(old_hashstr));
476 		} else {
477 			got_sha1_digest_to_str(zero_id, old_hashstr,
478 			    sizeof(old_hashstr));
479 		}
480 		got_sha1_digest_to_str(id->sha1, new_hashstr,
481 		    sizeof(new_hashstr));
482 		err = describe_refchange(&n, &sent_my_capabilites,
483 		    my_capabilities, buf, sizeof(buf), refname,
484 		    old_hashstr, new_hashstr);
485 		if (err)
486 			goto done;
487 		err = got_pkt_writepkt(fd, buf, n, chattygot);
488 		if (err)
489 			goto done;
490 		if (chattygot) {
491 			if (their_id) {
492 				fprintf(stderr, "%s: updating %s %s -> %s\n",
493 				    getprogname(), refname, old_hashstr,
494 				    new_hashstr);
495 			} else {
496 				fprintf(stderr, "%s: creating %s %s\n",
497 				    getprogname(), refname, new_hashstr);
498 			}
499 		}
500 		nsent++;
501 	}
502 	err = got_pkt_flushpkt(fd, chattygot);
503 	if (err)
504 		goto done;
505 
506 	err = send_pack_request(ibuf);
507 	if (err)
508 		goto done;
509 
510 	err = recv_packfd(&packfd, ibuf);
511 	if (err)
512 		goto done;
513 
514 	if (packfd != -1) {
515 		err = send_pack_file(fd, packfd, ibuf);
516 		if (err)
517 			goto done;
518 	}
519 
520 	err = got_pkt_readpkt(&n, fd, buf, sizeof(buf), chattygot);
521 	if (err)
522 		goto done;
523 	if (n >= 4 && strncmp(buf, "ERR ", 4) == 0) {
524 		err = send_error(&buf[4], n - 4);
525 		goto done;
526 	} else if (n < 10 || strncmp(buf, "unpack ok\n", 10) != 0) {
527 		err = got_error_msg(GOT_ERR_BAD_PACKET,
528 		    "unexpected message from server");
529 		goto done;
530 	}
531 
532 	while (nsent > 0) {
533 		err = got_pkt_readpkt(&n, fd, buf, sizeof(buf), chattygot);
534 		if (err)
535 			goto done;
536 		if (n < 3) {
537 			err = got_error_msg(GOT_ERR_BAD_PACKET,
538 			    "unexpected message from server");
539 			goto done;
540 		} else if (strncmp(buf, "ok ", 3) == 0) {
541 			err = send_ref_status(ibuf, buf + 3, 1,
542 			    refs, delete_refs);
543 			if (err)
544 				goto done;
545 		} else if (strncmp(buf, "ng ", 3) == 0) {
546 			err = send_ref_status(ibuf, buf + 3, 0,
547 			    refs, delete_refs);
548 			if (err)
549 				goto done;
550 		} else {
551 			err = got_error_msg(GOT_ERR_BAD_PACKET,
552 			    "unexpected message from server");
553 			goto done;
554 		}
555 		nsent--;
556 	}
557 
558 	err = send_done(ibuf);
559 done:
560 	TAILQ_FOREACH(pe, &their_refs, entry) {
561 		free((void *)pe->path);
562 		free(pe->data);
563 	}
564 	got_pathlist_free(&their_refs);
565 	free(id_str);
566 	free(id);
567 	free(refname);
568 	free(server_capabilities);
569 	return err;
570 }
571 
572 int
573 main(int argc, char **argv)
574 {
575 	const struct got_error *err = NULL;
576 	int sendfd;
577 	struct imsgbuf ibuf;
578 	struct imsg imsg;
579 	struct got_pathlist_head refs;
580 	struct got_pathlist_head delete_refs;
581 	struct got_pathlist_entry *pe;
582 	struct got_imsg_send_request send_req;
583 	struct got_imsg_send_ref href;
584 	size_t datalen, i;
585 #if 0
586 	static int attached;
587 	while (!attached)
588 		sleep (1);
589 #endif
590 
591 	TAILQ_INIT(&refs);
592 	TAILQ_INIT(&delete_refs);
593 
594 	imsg_init(&ibuf, GOT_IMSG_FD_CHILD);
595 #ifndef PROFILE
596 	/* revoke access to most system calls */
597 	if (pledge("stdio recvfd", NULL) == -1) {
598 		err = got_error_from_errno("pledge");
599 		got_privsep_send_error(&ibuf, err);
600 		return 1;
601 	}
602 #endif
603 	if ((err = got_privsep_recv_imsg(&imsg, &ibuf, 0)) != 0) {
604 		if (err->code == GOT_ERR_PRIVSEP_PIPE)
605 			err = NULL;
606 		goto done;
607 	}
608 	if (imsg.hdr.type == GOT_IMSG_STOP)
609 		goto done;
610 	if (imsg.hdr.type != GOT_IMSG_SEND_REQUEST) {
611 		err = got_error(GOT_ERR_PRIVSEP_MSG);
612 		goto done;
613 	}
614 	datalen = imsg.hdr.len - IMSG_HEADER_SIZE;
615 	if (datalen < sizeof(send_req)) {
616 		err = got_error(GOT_ERR_PRIVSEP_LEN);
617 		goto done;
618 	}
619 	memcpy(&send_req, imsg.data, sizeof(send_req));
620 	sendfd = imsg.fd;
621 	imsg_free(&imsg);
622 
623 	if (send_req.verbosity > 0)
624 		chattygot += send_req.verbosity;
625 
626 	for (i = 0; i < send_req.nrefs; i++) {
627 		struct got_object_id *id;
628 		char *refname;
629 
630 		if ((err = got_privsep_recv_imsg(&imsg, &ibuf, 0)) != 0) {
631 			if (err->code == GOT_ERR_PRIVSEP_PIPE)
632 				err = NULL;
633 			goto done;
634 		}
635 		if (imsg.hdr.type == GOT_IMSG_STOP)
636 			goto done;
637 		if (imsg.hdr.type != GOT_IMSG_SEND_REF) {
638 			err = got_error(GOT_ERR_PRIVSEP_MSG);
639 			goto done;
640 		}
641 		datalen = imsg.hdr.len - IMSG_HEADER_SIZE;
642 		if (datalen < sizeof(href)) {
643 			err = got_error(GOT_ERR_PRIVSEP_LEN);
644 			goto done;
645 		}
646 		memcpy(&href, imsg.data, sizeof(href));
647 		if (datalen - sizeof(href) < href.name_len) {
648 			err = got_error(GOT_ERR_PRIVSEP_LEN);
649 			goto done;
650 		}
651 		refname = malloc(href.name_len + 1);
652 		if (refname == NULL) {
653 			err = got_error_from_errno("malloc");
654 			goto done;
655 		}
656 		memcpy(refname, imsg.data + sizeof(href), href.name_len);
657 		refname[href.name_len] = '\0';
658 
659 		/*
660 		 * Prevent sending of references that won't make any
661 		 * sense outside the local repository's context.
662 		 */
663 		if (strncmp(refname, "refs/got/", 9) == 0 ||
664 		    strncmp(refname, "refs/remotes/", 13) == 0) {
665 			err = got_error_fmt(GOT_ERR_SEND_BAD_REF,
666 			    "%s", refname);
667 			goto done;
668 		}
669 
670 		id = malloc(sizeof(*id));
671 		if (id == NULL) {
672 			free(refname);
673 			err = got_error_from_errno("malloc");
674 			goto done;
675 		}
676 		memcpy(id->sha1, href.id, SHA1_DIGEST_LENGTH);
677 		if (href.delete)
678 			err = got_pathlist_append(&delete_refs, refname, id);
679 		else
680 			err = got_pathlist_append(&refs, refname, id);
681 		if (err) {
682 			free(refname);
683 			free(id);
684 			goto done;
685 		}
686 
687 		imsg_free(&imsg);
688 	}
689 
690 	err = send_pack(sendfd, &refs, &delete_refs, &ibuf);
691 done:
692 	TAILQ_FOREACH(pe, &refs, entry) {
693 		free((char *)pe->path);
694 		free(pe->data);
695 	}
696 	got_pathlist_free(&refs);
697 	TAILQ_FOREACH(pe, &delete_refs, entry) {
698 		free((char *)pe->path);
699 		free(pe->data);
700 	}
701 	got_pathlist_free(&delete_refs);
702 	if (sendfd != -1 && close(sendfd) == -1 && err == NULL)
703 		err = got_error_from_errno("close");
704 	if (err != NULL && err->code != GOT_ERR_CANCELLED)  {
705 		fprintf(stderr, "%s: %s\n", getprogname(), err->msg);
706 		got_privsep_send_error(&ibuf, err);
707 	}
708 
709 	exit(0);
710 }