Gotweb

Blob

Date:: Thu Apr 26 20:17:43 2018 UTC
Message:: error out if child dies or does not exit with success
Actions:: History | Blame | Raw File
1 /*
2  * Copyright (c) 2018 Stefan Sperling <stsp@openbsd.org>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include <sys/types.h>
18 #include <sys/stat.h>
19 #include <sys/queue.h>
20 #include <sys/uio.h>
21 #include <sys/socket.h>
22 #include <sys/wait.h>
23 
24 #include <errno.h>
25 #include <fcntl.h>
26 #include <stdio.h>
27 #include <stdlib.h>
28 #include <string.h>
29 #include <stdint.h>
30 #include <sha1.h>
31 #include <zlib.h>
32 #include <ctype.h>
33 #include <limits.h>
34 #include <imsg.h>
35 
36 #include "got_error.h"
37 #include "got_object.h"
38 #include "got_repository.h"
39 
40 #include "got_lib_sha1.h"
41 #include "got_lib_delta.h"
42 #include "got_lib_pack.h"
43 #include "got_lib_path.h"
44 #include "got_lib_zbuf.h"
45 #include "got_lib_object.h"
46 #include "got_lib_privsep.h"
47 
48 #ifndef MIN
49 #define	MIN(_a,_b) ((_a) < (_b) ? (_a) : (_b))
50 #endif
51 
52 #ifndef nitems
53 #define nitems(_a) (sizeof(_a) / sizeof((_a)[0]))
54 #endif
55 
56 #define GOT_OBJ_TAG_COMMIT	"commit"
57 #define GOT_OBJ_TAG_TREE	"tree"
58 #define GOT_OBJ_TAG_BLOB	"blob"
59 
60 #define GOT_COMMIT_TAG_TREE		"tree "
61 #define GOT_COMMIT_TAG_PARENT		"parent "
62 #define GOT_COMMIT_TAG_AUTHOR		"author "
63 #define GOT_COMMIT_TAG_COMMITTER	"committer "
64 
65 const struct got_error *
66 got_object_id_str(char **outbuf, struct got_object_id *id)
67 {
68 	static const size_t len = SHA1_DIGEST_STRING_LENGTH;
69 
70 	*outbuf = calloc(1, len);
71 	if (*outbuf == NULL)
72 		return got_error_from_errno();
73 
74 	if (got_sha1_digest_to_str(id->sha1, *outbuf, len) == NULL) {
75 		free(*outbuf);
76 		*outbuf = NULL;
77 		return got_error(GOT_ERR_BAD_OBJ_ID_STR);
78 	}
79 
80 	return NULL;
81 }
82 
83 int
84 got_object_id_cmp(struct got_object_id *id1, struct got_object_id *id2)
85 {
86 	return memcmp(id1->sha1, id2->sha1, SHA1_DIGEST_LENGTH);
87 }
88 
89 struct got_object_id *
90 got_object_id_dup(struct got_object_id *id1)
91 {
92 	struct got_object_id *id2;
93 
94 	id2 = malloc(sizeof(*id2));
95 	if (id2 == NULL)
96 		return NULL;
97 	memcpy(id2, id1, sizeof(*id2));
98 	return id2;
99 }
100 
101 struct got_object_id *
102 got_object_get_id(struct got_object *obj)
103 {
104 	return got_object_id_dup(&obj->id);
105 }
106 
107 int
108 got_object_get_type(struct got_object *obj)
109 {
110 	switch (obj->type) {
111 	case GOT_OBJ_TYPE_COMMIT:
112 	case GOT_OBJ_TYPE_TREE:
113 	case GOT_OBJ_TYPE_BLOB:
114 	case GOT_OBJ_TYPE_TAG:
115 		return obj->type;
116 	default:
117 		abort();
118 		break;
119 	}
120 
121 	/* not reached */
122 	return 0;
123 }
124 
125 static const struct got_error *
126 parse_object_header(struct got_object **obj, char *buf, size_t len)
127 {
128 	const char *obj_tags[] = {
129 		GOT_OBJ_TAG_COMMIT,
130 		GOT_OBJ_TAG_TREE,
131 		GOT_OBJ_TAG_BLOB
132 	};
133 	const int obj_types[] = {
134 		GOT_OBJ_TYPE_COMMIT,
135 		GOT_OBJ_TYPE_TREE,
136 		GOT_OBJ_TYPE_BLOB,
137 	};
138 	int type = 0;
139 	size_t size = 0, hdrlen = 0;
140 	int i;
141 	char *p = strchr(buf, '\0');
142 
143 	if (p == NULL)
144 		return got_error(GOT_ERR_BAD_OBJ_HDR);
145 
146 	hdrlen = strlen(buf) + 1 /* '\0' */;
147 
148 	for (i = 0; i < nitems(obj_tags); i++) {
149 		const char *tag = obj_tags[i];
150 		size_t tlen = strlen(tag);
151 		const char *errstr;
152 
153 		if (strncmp(buf, tag, tlen) != 0)
154 			continue;
155 
156 		type = obj_types[i];
157 		if (len <= tlen)
158 			return got_error(GOT_ERR_BAD_OBJ_HDR);
159 		size = strtonum(buf + tlen, 0, LONG_MAX, &errstr);
160 		if (errstr != NULL)
161 			return got_error(GOT_ERR_BAD_OBJ_HDR);
162 		break;
163 	}
164 
165 	if (type == 0)
166 		return got_error(GOT_ERR_BAD_OBJ_HDR);
167 
168 	*obj = calloc(1, sizeof(**obj));
169 	if (*obj == NULL)
170 		return got_error_from_errno();
171 	(*obj)->type = type;
172 	(*obj)->hdrlen = hdrlen;
173 	(*obj)->size = size;
174 	return NULL;
175 }
176 
177 static const struct got_error *
178 read_object_header(struct got_object **obj, FILE *f)
179 {
180 	const struct got_error *err;
181 	struct got_zstream_buf zb;
182 	char *buf;
183 	const size_t zbsize = 64;
184 	size_t outlen, totlen;
185 	int i;
186 
187 	buf = calloc(zbsize, sizeof(char));
188 	if (buf == NULL)
189 		return got_error_from_errno();
190 
191 	err = got_inflate_init(&zb, NULL, zbsize);
192 	if (err)
193 		return err;
194 
195 	i = 0;
196 	totlen = 0;
197 	do {
198 		err = got_inflate_read(&zb, f, &outlen);
199 		if (err)
200 			goto done;
201 		if (strchr(zb.outbuf, '\0') == NULL) {
202 			buf = recallocarray(buf, 1 + i, 2 + i, zbsize);
203 			if (buf == NULL) {
204 				err = got_error_from_errno();
205 				goto done;
206 			}
207 		}
208 		memcpy(buf + totlen, zb.outbuf, outlen);
209 		totlen += outlen;
210 		i++;
211 	} while (strchr(zb.outbuf, '\0') == NULL);
212 
213 	err = parse_object_header(obj, buf, totlen);
214 done:
215 	got_inflate_end(&zb);
216 	return err;
217 }
218 
219 static void
220 read_object_header_privsep_child(int obj_fd, int imsg_fds[2])
221 {
222 	const struct got_error *err = NULL;
223 	struct got_object *obj = NULL;
224 	struct imsgbuf ibuf;
225 	FILE *f = NULL;
226 	int status = 0;
227 
228 	setproctitle("read object header");
229 	close(imsg_fds[0]);
230 	imsg_init(&ibuf, imsg_fds[1]);
231 
232 	/* revoke access to most system calls */
233 	if (pledge("stdio", NULL) == -1) {
234 		err = got_error_from_errno();
235 		goto done;
236 	}
237 
238 	f = fdopen(obj_fd, "rb");
239 	if (f == NULL) {
240 		err = got_error_from_errno();
241 		close(obj_fd);
242 		goto done;
243 	}
244 
245 	err = read_object_header(&obj, f);
246 	if (err)
247 		goto done;
248 
249 	err = got_privsep_send_obj(&ibuf, obj, 0);
250 done:
251 	if (obj)
252 		got_object_close(obj);
253 	if (err) {
254 		got_privsep_send_error(&ibuf, err);
255 		status = 1;
256 	}
257 	if (f)
258 		fclose(f);
259 	imsg_clear(&ibuf);
260 	close(imsg_fds[1]);
261 	_exit(status);
262 }
263 
264 static const struct got_error *
265 wait_for_child(pid_t pid)
266 {
267 	int child_status;
268 
269 	waitpid(pid, &child_status, 0);
270 
271 	if (!WIFEXITED(child_status))
272 		return got_error(GOT_ERR_PRIVSEP_DIED);
273 
274 	if (WEXITSTATUS(child_status) != 0)
275 		return got_error(GOT_ERR_PRIVSEP_EXIT);
276 
277 	return NULL;
278 }
279 
280 static const struct got_error *
281 read_object_header_privsep(struct got_object **obj, int fd)
282 {
283 	struct imsgbuf parent_ibuf;
284 	int imsg_fds[2];
285 	const struct got_error *err = NULL, *err_child = NULL;
286 	pid_t pid;
287 
288 	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, imsg_fds) == -1)
289 		return got_error_from_errno();
290 
291 	pid = fork();
292 	if (pid == -1)
293 		return got_error_from_errno();
294 	else if (pid == 0) {
295 		read_object_header_privsep_child(fd, imsg_fds);
296 		/* not reached */
297 	}
298 
299 	close(imsg_fds[1]);
300 	imsg_init(&parent_ibuf, imsg_fds[0]);
301 	err = got_privsep_recv_obj(obj, &parent_ibuf);
302 	imsg_clear(&parent_ibuf);
303 	err_child = wait_for_child(pid);
304 	close(imsg_fds[0]);
305 	return err ? err : err_child;
306 }
307 
308 static const struct got_error *
309 object_path(char **path, struct got_object_id *id, struct got_repository *repo)
310 {
311 	const struct got_error *err = NULL;
312 	char *hex;
313 	char *path_objects = got_repo_get_path_objects(repo);
314 
315 	*path = NULL;
316 
317 	if (path_objects == NULL)
318 		return got_error_from_errno();
319 
320 	err = got_object_id_str(&hex, id);
321 	if (err)
322 		return err;
323 
324 	if (asprintf(path, "%s/%.2x/%s", path_objects,
325 	    id->sha1[0], hex + 2) == -1)
326 		err = got_error_from_errno();
327 
328 	free(hex);
329 	free(path_objects);
330 	return err;
331 }
332 
333 static const struct got_error *
334 open_loose_object(int *fd, struct got_object *obj, struct got_repository *repo)
335 {
336 	const struct got_error *err = NULL;
337 	char *path;
338 
339 	err = object_path(&path, &obj->id, repo);
340 	if (err)
341 		return err;
342 	*fd = open(path, O_RDONLY | O_NOFOLLOW, GOT_DEFAULT_FILE_MODE);
343 	if (*fd == -1) {
344 		err = got_error_from_errno();
345 		goto done;
346 	}
347 done:
348 	free(path);
349 	return err;
350 }
351 
352 const struct got_error *
353 got_object_open(struct got_object **obj, struct got_repository *repo,
354     struct got_object_id *id)
355 {
356 	const struct got_error *err = NULL;
357 	char *path;
358 	int fd;
359 
360 	err = object_path(&path, id, repo);
361 	if (err)
362 		return err;
363 
364 	fd = open(path, O_RDONLY | O_NOFOLLOW, GOT_DEFAULT_FILE_MODE);
365 	if (fd == -1) {
366 		if (errno != ENOENT) {
367 			err = got_error_from_errno();
368 			goto done;
369 		}
370 		err = got_packfile_open_object(obj, id, repo);
371 		if (err)
372 			goto done;
373 		if (*obj == NULL)
374 			err = got_error(GOT_ERR_NO_OBJ);
375 	} else {
376 		err = read_object_header_privsep(obj, fd);
377 		if (err)
378 			goto done;
379 		memcpy((*obj)->id.sha1, id->sha1, SHA1_DIGEST_LENGTH);
380 	}
381 done:
382 	free(path);
383 	if (fd != -1)
384 		close(fd);
385 	return err;
386 
387 }
388 
389 const struct got_error *
390 got_object_open_by_id_str(struct got_object **obj, struct got_repository *repo,
391     const char *id_str)
392 {
393 	struct got_object_id id;
394 
395 	if (!got_parse_sha1_digest(id.sha1, id_str))
396 		return got_error(GOT_ERR_BAD_OBJ_ID_STR);
397 
398 	return got_object_open(obj, repo, &id);
399 }
400 
401 void
402 got_object_close(struct got_object *obj)
403 {
404 	if (obj->flags & GOT_OBJ_FLAG_DELTIFIED) {
405 		struct got_delta *delta;
406 		while (!SIMPLEQ_EMPTY(&obj->deltas.entries)) {
407 			delta = SIMPLEQ_FIRST(&obj->deltas.entries);
408 			SIMPLEQ_REMOVE_HEAD(&obj->deltas.entries, entry);
409 			got_delta_close(delta);
410 		}
411 	}
412 	if (obj->flags & GOT_OBJ_FLAG_PACKED)
413 		free(obj->path_packfile);
414 	free(obj);
415 }
416 
417 struct got_commit_object *
418 got_object_commit_alloc_partial(void)
419 {
420 	struct got_commit_object *commit;
421 
422 	commit = calloc(1, sizeof(*commit));
423 	if (commit == NULL)
424 		return NULL;
425 	commit->tree_id = calloc(1, sizeof(*commit->tree_id));
426 	if (commit->tree_id == NULL) {
427 		free(commit);
428 		return NULL;
429 	}
430 
431 	SIMPLEQ_INIT(&commit->parent_ids);
432 
433 	return commit;
434 }
435 
436 const struct got_error *
437 got_object_commit_add_parent(struct got_commit_object *commit,
438     const char *id_str)
439 {
440 	const struct got_error *err = NULL;
441 	struct got_parent_id *pid;
442 
443 	pid = calloc(1, sizeof(*pid));
444 	if (pid == NULL)
445 		return got_error_from_errno();
446 
447 	pid->id = calloc(1, sizeof(*pid->id));
448 	if (pid->id == NULL) {
449 		err = got_error_from_errno();
450 		free(pid);
451 		return err;
452 	}
453 
454 	if (!got_parse_sha1_digest(pid->id->sha1, id_str)) {
455 		err = got_error(GOT_ERR_BAD_OBJ_DATA);
456 		free(pid->id);
457 		free(pid);
458 		return err;
459 	}
460 
461 	SIMPLEQ_INSERT_TAIL(&commit->parent_ids, pid, entry);
462 	commit->nparents++;
463 
464 	return NULL;
465 }
466 
467 static const struct got_error *
468 parse_commit_object(struct got_commit_object **commit, char *buf, size_t len)
469 {
470 	const struct got_error *err = NULL;
471 	char *s = buf;
472 	size_t tlen;
473 	ssize_t remain = (ssize_t)len;
474  
475 	*commit = got_object_commit_alloc_partial();
476 	if (*commit == NULL)
477 		return got_error_from_errno();
478 
479 	tlen = strlen(GOT_COMMIT_TAG_TREE);
480 	if (strncmp(s, GOT_COMMIT_TAG_TREE, tlen) == 0) {
481 		remain -= tlen;
482 		if (remain < SHA1_DIGEST_STRING_LENGTH) {
483 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
484 			goto done;
485 		}
486 		s += tlen;
487 		if (!got_parse_sha1_digest((*commit)->tree_id->sha1, s)) {
488 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
489 			goto done;
490 		}
491 		remain -= SHA1_DIGEST_STRING_LENGTH;
492 		s += SHA1_DIGEST_STRING_LENGTH;
493 	} else {
494 		err = got_error(GOT_ERR_BAD_OBJ_DATA);
495 		goto done;
496 	}
497 
498 	tlen = strlen(GOT_COMMIT_TAG_PARENT);
499 	while (strncmp(s, GOT_COMMIT_TAG_PARENT, tlen) == 0) {
500 		remain -= tlen;
501 		if (remain < SHA1_DIGEST_STRING_LENGTH) {
502 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
503 			goto done;
504 		}
505 		s += tlen;
506 		err = got_object_commit_add_parent(*commit, s);
507 		if (err)
508 			goto done;
509 
510 		remain -= SHA1_DIGEST_STRING_LENGTH;
511 		s += SHA1_DIGEST_STRING_LENGTH;
512 	}
513 
514 	tlen = strlen(GOT_COMMIT_TAG_AUTHOR);
515 	if (strncmp(s, GOT_COMMIT_TAG_AUTHOR, tlen) == 0) {
516 		char *p;
517 
518 		remain -= tlen;
519 		if (remain <= 0) {
520 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
521 			goto done;
522 		}
523 		s += tlen;
524 		p = strchr(s, '\n');
525 		if (p == NULL) {
526 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
527 			goto done;
528 		}
529 		*p = '\0';
530 		(*commit)->author = strdup(s);
531 		if ((*commit)->author == NULL) {
532 			err = got_error_from_errno();
533 			goto done;
534 		}
535 		s += strlen((*commit)->author) + 1;
536 		remain -= strlen((*commit)->author) + 1;
537 	}
538 
539 	tlen = strlen(GOT_COMMIT_TAG_COMMITTER);
540 	if (strncmp(s, GOT_COMMIT_TAG_COMMITTER, tlen) == 0) {
541 		char *p;
542 
543 		remain -= tlen;
544 		if (remain <= 0) {
545 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
546 			goto done;
547 		}
548 		s += tlen;
549 		p = strchr(s, '\n');
550 		if (p == NULL) {
551 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
552 			goto done;
553 		}
554 		*p = '\0';
555 		(*commit)->committer = strdup(s);
556 		if ((*commit)->committer == NULL) {
557 			err = got_error_from_errno();
558 			goto done;
559 		}
560 		s += strlen((*commit)->committer) + 1;
561 		remain -= strlen((*commit)->committer) + 1;
562 	}
563 
564 	(*commit)->logmsg = strndup(s, remain);
565 	if ((*commit)->logmsg == NULL) {
566 		err = got_error_from_errno();
567 		goto done;
568 	}
569 done:
570 	if (err) {
571 		got_object_commit_close(*commit);
572 		*commit = NULL;
573 	}
574 	return err;
575 }
576 
577 static void
578 tree_entry_close(struct got_tree_entry *te)
579 {
580 	free(te->id);
581 	free(te->name);
582 	free(te);
583 }
584 
585 struct got_tree_entry *
586 got_alloc_tree_entry_partial(void)
587 {
588 	struct got_tree_entry *te;
589 
590 	te = calloc(1, sizeof(*te));
591 	if (te == NULL)
592 		return NULL;
593 
594 	te->id = calloc(1, sizeof(*te->id));
595 	if (te->id == NULL) {
596 		free(te);
597 		te = NULL;
598 	}
599 	return te;
600 }
601 
602 static const struct got_error *
603 parse_tree_entry(struct got_tree_entry **te, size_t *elen, char *buf,
604     size_t maxlen)
605 {
606 	char *p = buf, *space;
607 	const struct got_error *err = NULL;
608 
609 	*te = got_alloc_tree_entry_partial();
610 	if (*te == NULL)
611 		return got_error_from_errno();
612 
613 	*elen = strlen(buf) + 1;
614 	if (*elen > maxlen) {
615 		free(*te);
616 		*te = NULL;
617 		return got_error(GOT_ERR_BAD_OBJ_DATA);
618 	}
619 
620 	space = strchr(buf, ' ');
621 	if (space == NULL) {
622 		err = got_error(GOT_ERR_BAD_OBJ_DATA);
623 		free(*te);
624 		*te = NULL;
625 		return err;
626 	}
627 	while (*p != ' ') {
628 		if (*p < '0' && *p > '7') {
629 			err = got_error(GOT_ERR_BAD_OBJ_DATA);
630 			goto done;
631 		}
632 		(*te)->mode <<= 3;
633 		(*te)->mode |= *p - '0';
634 		p++;
635 	}
636 
637 	(*te)->name = strdup(space + 1);
638 	if (*elen > maxlen || maxlen - *elen < SHA1_DIGEST_LENGTH) {
639 		err = got_error(GOT_ERR_BAD_OBJ_DATA);
640 		goto done;
641 	}
642 	buf += strlen(buf) + 1;
643 	memcpy((*te)->id->sha1, buf, SHA1_DIGEST_LENGTH);
644 	*elen += SHA1_DIGEST_LENGTH;
645 done:
646 	if (err) {
647 		tree_entry_close(*te);
648 		*te = NULL;
649 	}
650 	return err;
651 }
652 
653 static const struct got_error *
654 parse_tree_object(struct got_tree_object **tree, uint8_t *buf, size_t len)
655 {
656 	const struct got_error *err;
657 	size_t remain = len;
658 
659 	*tree = calloc(1, sizeof(**tree));
660 	if (*tree == NULL)
661 		return got_error_from_errno();
662 
663 	SIMPLEQ_INIT(&(*tree)->entries);
664 
665 	while (remain > 0) {
666 		struct got_tree_entry *te;
667 		size_t elen;
668 
669 		err = parse_tree_entry(&te, &elen, buf, remain);
670 		if (err)
671 			return err;
672 		(*tree)->nentries++;
673 		SIMPLEQ_INSERT_TAIL(&(*tree)->entries, te, entry);
674 		buf += elen;
675 		remain -= elen;
676 	}
677 
678 	if (remain != 0) {
679 		got_object_tree_close(*tree);
680 		return got_error(GOT_ERR_BAD_OBJ_DATA);
681 	}
682 
683 	return NULL;
684 }
685 
686 static const struct got_error *
687 read_to_mem(uint8_t **outbuf, size_t *outlen, FILE *f)
688 {
689 	const struct got_error *err = NULL;
690 	static const size_t blocksize = 512;
691 	size_t n, total, remain;
692 	uint8_t *buf;
693 
694 	*outbuf = NULL;
695 	*outlen = 0;
696 
697 	buf = calloc(1, blocksize);
698 	if (buf == NULL)
699 		return got_error_from_errno();
700 
701 	remain = blocksize;
702 	total = 0;
703 	while (1) {
704 		if (remain == 0) {
705 			uint8_t *newbuf;
706 			newbuf = reallocarray(buf, 1, total + blocksize);
707 			if (newbuf == NULL) {
708 				err = got_error_from_errno();
709 				goto done;
710 			}
711 			buf = newbuf;
712 			remain += blocksize;
713 		}
714 		n = fread(buf + total, 1, remain, f);
715 		if (n == 0) {
716 			if (ferror(f)) {
717 				err = got_ferror(f, GOT_ERR_IO);
718 				goto done;
719 			}
720 			break; /* EOF */
721 		}
722 		remain -= n;
723 		total += n;
724 	};
725 
726 done:
727 	if (err == NULL) {
728 		*outbuf = buf;
729 		*outlen = total;
730 	} else
731 		free(buf);
732 	return err;
733 }
734 
735 static const struct got_error *
736 read_commit_object(struct got_commit_object **commit, struct got_object *obj,
737     FILE *f)
738 {
739 	const struct got_error *err = NULL;
740 	size_t len;
741 	uint8_t *p;
742 
743 	if (obj->flags & GOT_OBJ_FLAG_PACKED)
744 		err = read_to_mem(&p, &len, f);
745 	else
746 		err = got_inflate_to_mem(&p, &len, f);
747 	if (err)
748 		return err;
749 
750 	if (len < obj->hdrlen + obj->size) {
751 		err = got_error(GOT_ERR_BAD_OBJ_DATA);
752 		goto done;
753 	}
754 
755 	/* Skip object header. */
756 	len -= obj->hdrlen;
757 	err = parse_commit_object(commit, p + obj->hdrlen, len);
758 	free(p);
759 done:
760 	return err;
761 }
762 
763 static void
764 read_commit_object_privsep_child(struct got_object *obj, int obj_fd,
765     int imsg_fds[2])
766 {
767 	const struct got_error *err = NULL;
768 	struct got_commit_object *commit = NULL;
769 	struct imsgbuf ibuf;
770 	FILE *f = NULL;
771 	int status = 0;
772 
773 	setproctitle("read commit object");
774 	close(imsg_fds[0]);
775 	imsg_init(&ibuf, imsg_fds[1]);
776 
777 	/* revoke access to most system calls */
778 	if (pledge("stdio", NULL) == -1) {
779 		err = got_error_from_errno();
780 		goto done;
781 	}
782 
783 	f = fdopen(obj_fd, "rb");
784 	if (f == NULL) {
785 		err = got_error_from_errno();
786 		close(obj_fd);
787 		goto done;
788 	}
789 
790 	err = read_commit_object(&commit, obj, f);
791 	if (err)
792 		goto done;
793 
794 	err = got_privsep_send_commit(&ibuf, commit);
795 done:
796 	if (commit)
797 		got_object_commit_close(commit);
798 	if (err) {
799 		got_privsep_send_error(&ibuf, err);
800 		status = 1;
801 	}
802 	if (f)
803 		fclose(f);
804 	imsg_clear(&ibuf);
805 	close(imsg_fds[1]);
806 	_exit(status);
807 }
808 
809 static const struct got_error *
810 read_commit_object_privsep(struct got_commit_object **commit,
811     struct got_repository *repo, struct got_object *obj, int fd)
812 {
813 	const struct got_error *err = NULL, *err_child = NULL;
814 	struct imsgbuf parent_ibuf;
815 	int imsg_fds[2];
816 	pid_t pid;
817 
818 	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, imsg_fds) == -1)
819 		return got_error_from_errno();
820 
821 	pid = fork();
822 	if (pid == -1)
823 		return got_error_from_errno();
824 	else if (pid == 0) {
825 		read_commit_object_privsep_child(obj, fd, imsg_fds);
826 		/* not reached */
827 	}
828 
829 	close(imsg_fds[1]);
830 	imsg_init(&parent_ibuf, imsg_fds[0]);
831 	err = got_privsep_recv_commit(commit, &parent_ibuf);
832 	imsg_clear(&parent_ibuf);
833 	err_child = wait_for_child(pid);
834 	close(imsg_fds[0]);
835 	return err ? err : err_child;
836 }
837 
838 const struct got_error *
839 got_object_commit_open(struct got_commit_object **commit,
840     struct got_repository *repo, struct got_object *obj)
841 {
842 	const struct got_error *err = NULL;
843 
844 	if (obj->type != GOT_OBJ_TYPE_COMMIT)
845 		return got_error(GOT_ERR_OBJ_TYPE);
846 
847 	if (obj->flags & GOT_OBJ_FLAG_PACKED) {
848 		uint8_t *buf;
849 		size_t len;
850 		err = got_packfile_extract_object_to_mem(&buf, &len, obj, repo);
851 		if (err)
852 			return err;
853 		obj->size = len;
854 		err = parse_commit_object(commit, buf, len);
855 		free(buf);
856 	} else {
857 		int fd;
858 		err = open_loose_object(&fd, obj, repo);
859 		if (err)
860 			return err;
861 		err = read_commit_object_privsep(commit, repo, obj, fd);
862 		close(fd);
863 	}
864 	return err;
865 }
866 
867 void
868 got_object_commit_close(struct got_commit_object *commit)
869 {
870 	struct got_parent_id *pid;
871 
872 	while (!SIMPLEQ_EMPTY(&commit->parent_ids)) {
873 		pid = SIMPLEQ_FIRST(&commit->parent_ids);
874 		SIMPLEQ_REMOVE_HEAD(&commit->parent_ids, entry);
875 		free(pid->id);
876 		free(pid);
877 	}
878 
879 	free(commit->tree_id);
880 	free(commit->author);
881 	free(commit->committer);
882 	free(commit->logmsg);
883 	free(commit);
884 }
885 
886 static const struct got_error *
887 read_tree_object(struct got_tree_object **tree, struct got_object *obj, FILE *f)
888 {
889 	const struct got_error *err = NULL;
890 	size_t len;
891 	uint8_t *p;
892 
893 	if (obj->flags & GOT_OBJ_FLAG_PACKED)
894 		err = read_to_mem(&p, &len, f);
895 	else
896 		err = got_inflate_to_mem(&p, &len, f);
897 	if (err)
898 		return err;
899 
900 	if (len < obj->hdrlen + obj->size) {
901 		err = got_error(GOT_ERR_BAD_OBJ_DATA);
902 		goto done;
903 	}
904 
905 	/* Skip object header. */
906 	len -= obj->hdrlen;
907 	err = parse_tree_object(tree, p + obj->hdrlen, len);
908 	free(p);
909 done:
910 	return err;
911 }
912 
913 static void
914 read_tree_object_privsep_child(struct got_object *obj, int obj_fd,
915     int imsg_fds[2])
916 {
917 	const struct got_error *err = NULL;
918 	struct got_tree_object *tree = NULL;
919 	struct imsgbuf ibuf;
920 	FILE *f = NULL;
921 	int status = 0;
922 
923 	setproctitle("read tree object");
924 	close(imsg_fds[0]);
925 	imsg_init(&ibuf, imsg_fds[1]);
926 
927 	/* revoke access to most system calls */
928 	if (pledge("stdio", NULL) == -1) {
929 		err = got_error_from_errno();
930 		goto done;
931 	}
932 
933 	f = fdopen(obj_fd, "rb");
934 	if (f == NULL) {
935 		err = got_error_from_errno();
936 		close(obj_fd);
937 		goto done;
938 	}
939 
940 	err = read_tree_object(&tree, obj, f);
941 	if (err)
942 		goto done;
943 
944 	err = got_privsep_send_tree(&ibuf, tree);
945 done:
946 	if (tree)
947 		got_object_tree_close(tree);
948 	if (err) {
949 		got_privsep_send_error(&ibuf, err);
950 		status = 1;
951 	}
952 	if (f)
953 		fclose(f);
954 	imsg_clear(&ibuf);
955 	close(imsg_fds[1]);
956 	_exit(status);
957 }
958 
959 static const struct got_error *
960 read_tree_object_privsep(struct got_tree_object **tree, struct got_object *obj,
961     int fd)
962 {
963 	const struct got_error *err = NULL, *err_child = NULL;
964 	struct imsgbuf parent_ibuf;
965 	int imsg_fds[2];
966 	pid_t pid;
967 
968 	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, imsg_fds) == -1)
969 		return got_error_from_errno();
970 
971 	pid = fork();
972 	if (pid == -1)
973 		return got_error_from_errno();
974 	else if (pid == 0) {
975 		read_tree_object_privsep_child(obj, fd, imsg_fds);
976 		/* not reached */
977 	}
978 
979 	close(imsg_fds[1]);
980 	imsg_init(&parent_ibuf, imsg_fds[0]);
981 	err = got_privsep_recv_tree(tree, &parent_ibuf);
982 	imsg_clear(&parent_ibuf);
983 	err_child = wait_for_child(pid);
984 	close(imsg_fds[0]);
985 	return err ? err : err_child;
986 }
987 
988 const struct got_error *
989 got_object_tree_open(struct got_tree_object **tree,
990     struct got_repository *repo, struct got_object *obj)
991 {
992 	const struct got_error *err = NULL;
993 
994 	if (obj->type != GOT_OBJ_TYPE_TREE)
995 		return got_error(GOT_ERR_OBJ_TYPE);
996 
997 	if (obj->flags & GOT_OBJ_FLAG_PACKED) {
998 		uint8_t *buf;
999 		size_t len;
1000 		err = got_packfile_extract_object_to_mem(&buf, &len, obj, repo);
1001 		if (err)
1002 			return err;
1003 		obj->size = len;
1004 		err = parse_tree_object(tree, buf, len);
1005 		free(buf);
1006 	} else {
1007 		int fd;
1008 		err = open_loose_object(&fd, obj, repo);
1009 		if (err)
1010 			return err;
1011 		err = read_tree_object_privsep(tree, obj, fd);
1012 		close(fd);
1013 	}
1014 	return err;
1015 }
1016 
1017 void
1018 got_object_tree_close(struct got_tree_object *tree)
1019 {
1020 	struct got_tree_entry *te;
1021 
1022 	while (!SIMPLEQ_EMPTY(&tree->entries)) {
1023 		te = SIMPLEQ_FIRST(&tree->entries);
1024 		SIMPLEQ_REMOVE_HEAD(&tree->entries, entry);
1025 		tree_entry_close(te);
1026 	}
1027 
1028 	free(tree);
1029 }
1030 
1031 static const struct got_error *
1032 read_blob_object_privsep_child(int outfd, int infd, int imsg_fds[2])
1033 {
1034 	const struct got_error *err = NULL;
1035 	struct imsgbuf ibuf;
1036 	int status = 0;
1037 	size_t size;
1038 	FILE *infile = NULL;
1039 
1040 	setproctitle("read blob object");
1041 	close(imsg_fds[0]);
1042 	imsg_init(&ibuf, imsg_fds[1]);
1043 
1044 	/* revoke access to most system calls */
1045 	if (pledge("stdio", NULL) == -1) {
1046 		err = got_error_from_errno();
1047 		goto done;
1048 	}
1049 
1050 	infile = fdopen(infd, "rb");
1051 	if (infile == NULL) {
1052 		err = got_error_from_errno();
1053 		close(infd);
1054 		goto done;
1055 	}
1056 	err = got_inflate_to_fd(&size, infile, outfd);
1057 	fclose(infile);
1058 	if (err)
1059 		goto done;
1060 
1061 	err = got_privsep_send_blob(&ibuf, size);
1062 done:
1063 	if (err) {
1064 		got_privsep_send_error(&ibuf, err);
1065 		status = 1;
1066 	}
1067 	close(outfd);
1068 	imsg_clear(&ibuf);
1069 	close(imsg_fds[1]);
1070 	_exit(status);
1071 }
1072 
1073 static const struct got_error *
1074 read_blob_object_privsep(size_t *size, int outfd, int infd)
1075 {
1076 	struct imsgbuf parent_ibuf;
1077 	int imsg_fds[2];
1078 	const struct got_error *err = NULL, *err_child = NULL;
1079 	pid_t pid;
1080 
1081 	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, imsg_fds) == -1)
1082 		return got_error_from_errno();
1083 
1084 	pid = fork();
1085 	if (pid == -1)
1086 		return got_error_from_errno();
1087 	else if (pid == 0) {
1088 		read_blob_object_privsep_child(outfd, infd, imsg_fds);
1089 		/* not reached */
1090 	}
1091 
1092 	close(imsg_fds[1]);
1093 	imsg_init(&parent_ibuf, imsg_fds[0]);
1094 	err = got_privsep_recv_blob(size, &parent_ibuf);
1095 	imsg_clear(&parent_ibuf);
1096 	err_child = wait_for_child(pid);
1097 	close(imsg_fds[0]);
1098 	if (lseek(outfd, SEEK_SET, 0) == -1)
1099 		err = got_error_from_errno();
1100 	return err ? err : err_child;
1101 }
1102 
1103 const struct got_error *
1104 got_object_blob_open(struct got_blob_object **blob,
1105     struct got_repository *repo, struct got_object *obj, size_t blocksize)
1106 {
1107 	const struct got_error *err = NULL;
1108 
1109 	if (obj->type != GOT_OBJ_TYPE_BLOB)
1110 		return got_error(GOT_ERR_OBJ_TYPE);
1111 
1112 	if (blocksize < obj->hdrlen)
1113 		return got_error(GOT_ERR_NO_SPACE);
1114 
1115 	*blob = calloc(1, sizeof(**blob));
1116 	if (*blob == NULL)
1117 		return got_error_from_errno();
1118 
1119 	(*blob)->read_buf = calloc(1, blocksize);
1120 	if ((*blob)->read_buf == NULL) {
1121 		err = got_error_from_errno();
1122 		goto done;
1123 	}
1124 	if (obj->flags & GOT_OBJ_FLAG_PACKED) {
1125 		err = got_packfile_extract_object(&((*blob)->f), obj, repo);
1126 		if (err)
1127 			goto done;
1128 	} else {
1129 		int infd, outfd;
1130 		size_t size;
1131 		struct stat sb;
1132 
1133 		err = open_loose_object(&infd, obj, repo);
1134 		if (err)
1135 			goto done;
1136 
1137 
1138 		outfd = got_opentempfd();
1139 		if (outfd == -1) {
1140 			err = got_error_from_errno();
1141 			close(infd);
1142 			goto done;
1143 		}
1144 
1145 		err = read_blob_object_privsep(&size, outfd, infd);
1146 		close(infd);
1147 		if (err)
1148 			goto done;
1149 
1150 		if (size != obj->hdrlen + obj->size) {
1151 			err = got_error(GOT_ERR_PRIVSEP_LEN);
1152 			close(outfd);
1153 			goto done;
1154 		}
1155 
1156 		if (fstat(outfd, &sb) == -1) {
1157 			err = got_error_from_errno();
1158 			close(outfd);
1159 			goto done;
1160 		}
1161 
1162 		if (sb.st_size != size) {
1163 			err = got_error(GOT_ERR_PRIVSEP_LEN);
1164 			close(outfd);
1165 			goto done;
1166 		}
1167 
1168 		(*blob)->f = fdopen(outfd, "rb");
1169 		if ((*blob)->f == NULL) {
1170 			err = got_error_from_errno();
1171 			close(outfd);
1172 			goto done;
1173 		}
1174 	}
1175 
1176 	(*blob)->hdrlen = obj->hdrlen;
1177 	(*blob)->blocksize = blocksize;
1178 	memcpy(&(*blob)->id.sha1, obj->id.sha1, SHA1_DIGEST_LENGTH);
1179 
1180 done:
1181 	if (err && *blob) {
1182 		if ((*blob)->f)
1183 			fclose((*blob)->f);
1184 		free((*blob)->read_buf);
1185 		free(*blob);
1186 		*blob = NULL;
1187 	}
1188 	return err;
1189 }
1190 
1191 void
1192 got_object_blob_close(struct got_blob_object *blob)
1193 {
1194 	free(blob->read_buf);
1195 	fclose(blob->f);
1196 	free(blob);
1197 }
1198 
1199 char *
1200 got_object_blob_id_str(struct got_blob_object *blob, char *buf, size_t size)
1201 {
1202 	return got_sha1_digest_to_str(blob->id.sha1, buf, size);
1203 }
1204 
1205 size_t
1206 got_object_blob_get_hdrlen(struct got_blob_object *blob)
1207 {
1208 	return blob->hdrlen;
1209 }
1210 
1211 const uint8_t *
1212 got_object_blob_get_read_buf(struct got_blob_object *blob)
1213 {
1214 	return blob->read_buf;
1215 }
1216 
1217 const struct got_error *
1218 got_object_blob_read_block(size_t *outlenp, struct got_blob_object *blob)
1219 {
1220 	size_t n;
1221 
1222 	n = fread(blob->read_buf, 1, blob->blocksize, blob->f);
1223 	if (n == 0 && ferror(blob->f))
1224 		return got_ferror(blob->f, GOT_ERR_IO);
1225 	*outlenp = n;
1226 	return NULL;
1227 }