commit 57b6056a5b13cae29e0cce2163c2dffd90d16e51
from: Stefan Sperling <stsp@stsp.name>
via: Thomas Adam <thomas@xteddy.org>
date: Wed Apr 05 20:24:26 2023 UTC

reject overlapping protected branch vs. tag namespaces

ok op@

commit - ffc797f3ccae553e547566756bbcf7570fc6f523
commit + 57b6056a5b13cae29e0cce2163c2dffd90d16e51
blob - 9743ca772f1ce577167cf6a970fbf1273cfeda74
blob + e13e16002a2f2614d8414536473555ae31cb96e0
--- gotd/parse.y
+++ gotd/parse.y
@@ -91,7 +91,7 @@ static int			 conf_limit_user_connections(const char *
 static struct gotd_repo		*conf_new_repo(const char *);
 static void			 conf_new_access_rule(struct gotd_repo *,
 				    enum gotd_access, int, char *);
-static int			 conf_protect_ref_namespace(
+static int			 conf_protect_ref_namespace(char **,
 				    struct got_pathlist_head *, char *);
 static int			 conf_protect_tag_namespace(struct gotd_repo *,
 				    char *);
@@ -918,12 +918,15 @@ refname_is_valid(char *refname)
 }
 
 static int
-conf_protect_ref_namespace(struct got_pathlist_head *refs, char *namespace)
+conf_protect_ref_namespace(char **new, struct got_pathlist_head *refs,
+    char *namespace)
 {
 	const struct got_error *error;
-	struct got_pathlist_entry *new;
+	struct got_pathlist_entry *pe;
 	char *s;
 
+	*new = NULL;
+
 	got_path_strip_trailing_slashes(namespace);
 	if (!refname_is_valid(namespace))
 		return -1;
@@ -932,8 +935,8 @@ conf_protect_ref_namespace(struct got_pathlist_head *r
 		return -1;
 	}
 
-	error = got_pathlist_insert(&new, refs, s, NULL);
-	if (error || new == NULL) {
+	error = got_pathlist_insert(&pe, refs, s, NULL);
+	if (error || pe == NULL) {
 		free(s);
 		if (error)
 			yyerror("got_pathlist_insert: %s", error->msg);
@@ -942,21 +945,48 @@ conf_protect_ref_namespace(struct got_pathlist_head *r
 		return -1;
 	}
 
+	*new = s;
 	return 0;
 }
 
 static int
 conf_protect_tag_namespace(struct gotd_repo *repo, char *namespace)
 {
-	return conf_protect_ref_namespace(&repo->protected_tag_namespaces,
-	    namespace);
+	struct got_pathlist_entry *pe;
+	char *new;
+
+	if (conf_protect_ref_namespace(&new, &repo->protected_tag_namespaces,
+	    namespace) == -1)
+		return -1;
+
+	TAILQ_FOREACH(pe, &repo->protected_branch_namespaces, entry) {
+		if (strcmp(pe->path, new) == 0) {
+			yyerror("duplicate protect namespace %s", namespace);
+			return -1;
+		}
+	}
+
+	return 0;
 }
 
 static int
 conf_protect_branch_namespace(struct gotd_repo *repo, char *namespace)
 {
-	return conf_protect_ref_namespace(&repo->protected_branch_namespaces,
-	    namespace);
+	struct got_pathlist_entry *pe;
+	char *new;
+
+	if (conf_protect_ref_namespace(&new,
+	    &repo->protected_branch_namespaces, namespace) == -1)
+		return -1;
+
+	TAILQ_FOREACH(pe, &repo->protected_tag_namespaces, entry) {
+		if (strcmp(pe->path, new) == 0) {
+			yyerror("duplicate protect namespace %s", namespace);
+			return -1;
+		}
+	}
+
+	return 0;
 }
 
 static int