admin/git
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'ab/racy-hooks'

Browse Source 
Code clean-up to allow callers of run_commit_hook() to learn if it
got "success" because the hook succeeded or because there wasn't
any hook.

* ab/racy-hooks:
  hooks: fix an obscure TOCTOU "did we just run a hook?" race
  merge: don't run post-hook logic on --no-verify
This commit is contained in:
Junio C Hamano
2022-03-16 17:53:09 -07:00
parent ea05fd5fbf a8cc594333
commit 7431379a9c
8 changed files with 57 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
builtin/commit.c
View File

@@ -726,11 +726,13 @@ static int prepare_to_commit(const char *index_file, const char *prefix,
int clean_message_contents = (cleanup_mode != COMMIT_MSG_CLEANUP_NONE); int clean_message_contents = (cleanup_mode != COMMIT_MSG_CLEANUP_NONE);
int old_display_comment_prefix; int old_display_comment_prefix;
int merge_contains_scissors = 0; int merge_contains_scissors = 0;
int invoked_hook;
/* This checks and barfs if author is badly specified */ /* This checks and barfs if author is badly specified */
determine_author_info(author_ident); determine_author_info(author_ident);
if (!no_verify && run_commit_hook(use_editor, index_file, "pre-commit", NULL)) if (!no_verify && run_commit_hook(use_editor, index_file, &invoked_hook,
"pre-commit", NULL))
return 0; return 0;
if (squash_message) { if (squash_message) {
@@ -1053,10 +1055,10 @@ static int prepare_to_commit(const char *index_file, const char *prefix,
return 0; return 0;
} }
if (!no_verify && hook_exists("pre-commit")) { if (!no_verify && invoked_hook) {
/* /*
* Re-read the index as pre-commit hook could have updated it, * Re-read the index as the pre-commit-commit hook was invoked
* and write it out as a tree. We must do this before we invoke * and could have updated it. We must do this before we invoke
* the editor and after we invoke run_status above. * the editor and after we invoke run_status above.
*/ */
discard_cache(); discard_cache();
@@ -1068,7 +1070,7 @@ static int prepare_to_commit(const char *index_file, const char *prefix,
return 0; return 0;
} }
if (run_commit_hook(use_editor, index_file, "prepare-commit-msg", if (run_commit_hook(use_editor, index_file, NULL, "prepare-commit-msg",
git_path_commit_editmsg(), hook_arg1, hook_arg2, NULL)) git_path_commit_editmsg(), hook_arg1, hook_arg2, NULL))
return 0; return 0;
@@ -1085,7 +1087,8 @@ static int prepare_to_commit(const char *index_file, const char *prefix,
} }
if (!no_verify && if (!no_verify &&
run_commit_hook(use_editor, index_file, "commit-msg", git_path_commit_editmsg(), NULL)) { run_commit_hook(use_editor, index_file, NULL, "commit-msg",
git_path_commit_editmsg(), NULL)) {
return 0; return 0;
} }
@@ -1841,7 +1844,8 @@ int cmd_commit(int argc, const char **argv, const char *prefix)
repo_rerere(the_repository, 0); repo_rerere(the_repository, 0);
run_auto_maintenance(quiet); run_auto_maintenance(quiet);
run_commit_hook(use_editor, get_index_file(), "post-commit", NULL); run_commit_hook(use_editor, get_index_file(), NULL, "post-commit",
NULL);
if (amend && !no_post_rewrite) { if (amend && !no_post_rewrite) {
commit_post_rewrite(the_repository, current_head, &oid); commit_post_rewrite(the_repository, current_head, &oid);
} }

28
builtin/merge.c
View File

@@ -845,15 +845,20 @@ static void prepare_to_commit(struct commit_list *remoteheads)
struct strbuf msg = STRBUF_INIT; struct strbuf msg = STRBUF_INIT;
const char *index_file = get_index_file(); const char *index_file = get_index_file();
if (!no_verify && run_commit_hook(0 < option_edit, index_file, "pre-merge-commit", NULL)) if (!no_verify) {
abort_commit(remoteheads, NULL); int invoked_hook;
/*
* Re-read the index as pre-merge-commit hook could have updated it, if (run_commit_hook(0 < option_edit, index_file, &invoked_hook,
* and write it out as a tree. We must do this before we invoke "pre-merge-commit", NULL))
* the editor and after we invoke run_status above. abort_commit(remoteheads, NULL);
*/ /*
if (hook_exists("pre-merge-commit")) * Re-read the index as pre-merge-commit hook could have updated it,
discard_cache(); * and write it out as a tree. We must do this before we invoke
* the editor and after we invoke run_status above.
*/
if (invoked_hook)
discard_cache();
}
read_cache_from(index_file); read_cache_from(index_file);
strbuf_addbuf(&msg, &merge_msg); strbuf_addbuf(&msg, &merge_msg);
if (squash) if (squash)
@@ -875,7 +880,8 @@ static void prepare_to_commit(struct commit_list *remoteheads)
append_signoff(&msg, ignore_non_trailer(msg.buf, msg.len), 0); append_signoff(&msg, ignore_non_trailer(msg.buf, msg.len), 0);
write_merge_heads(remoteheads); write_merge_heads(remoteheads);
write_file_buf(git_path_merge_msg(the_repository), msg.buf, msg.len); write_file_buf(git_path_merge_msg(the_repository), msg.buf, msg.len);
if (run_commit_hook(0 < option_edit, get_index_file(), "prepare-commit-msg", if (run_commit_hook(0 < option_edit, get_index_file(), NULL,
"prepare-commit-msg",
git_path_merge_msg(the_repository), "merge", NULL)) git_path_merge_msg(the_repository), "merge", NULL))
abort_commit(remoteheads, NULL); abort_commit(remoteheads, NULL);
if (0 < option_edit) { if (0 < option_edit) {
@@ -884,7 +890,7 @@ static void prepare_to_commit(struct commit_list *remoteheads)
} }
if (!no_verify && run_commit_hook(0 < option_edit, get_index_file(), if (!no_verify && run_commit_hook(0 < option_edit, get_index_file(),
"commit-msg", NULL, "commit-msg",
git_path_merge_msg(the_repository), NULL)) git_path_merge_msg(the_repository), NULL))
abort_commit(remoteheads, NULL); abort_commit(remoteheads, NULL);

8
builtin/receive-pack.c
View File

@@ -1408,10 +1408,12 @@ static const char *push_to_deploy(unsigned char *sha1,
static const char *push_to_checkout_hook = "push-to-checkout"; static const char *push_to_checkout_hook = "push-to-checkout";
static const char *push_to_checkout(unsigned char *hash, static const char *push_to_checkout(unsigned char *hash,
int *invoked_hook,
struct strvec *env, struct strvec *env,
const char *work_tree) const char *work_tree)
{ {
struct run_hooks_opt opt = RUN_HOOKS_OPT_INIT; struct run_hooks_opt opt = RUN_HOOKS_OPT_INIT;
opt.invoked_hook = invoked_hook;
strvec_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree)); strvec_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
strvec_pushv(&opt.env, env->v); strvec_pushv(&opt.env, env->v);
@@ -1426,6 +1428,7 @@ static const char *update_worktree(unsigned char *sha1, const struct worktree *w
{ {
const char *retval, *git_dir; const char *retval, *git_dir;
struct strvec env = STRVEC_INIT; struct strvec env = STRVEC_INIT;
int invoked_hook;
if (!worktree || !worktree->path) if (!worktree || !worktree->path)
BUG("worktree->path must be non-NULL"); BUG("worktree->path must be non-NULL");
@@ -1436,10 +1439,9 @@ static const char *update_worktree(unsigned char *sha1, const struct worktree *w
strvec_pushf(&env, "GIT_DIR=%s", absolute_path(git_dir)); strvec_pushf(&env, "GIT_DIR=%s", absolute_path(git_dir));
if (!hook_exists(push_to_checkout_hook)) retval = push_to_checkout(sha1, &invoked_hook, &env, worktree->path);
if (!invoked_hook)
retval = push_to_deploy(sha1, &env, worktree->path); retval = push_to_deploy(sha1, &env, worktree->path);
else
retval = push_to_checkout(sha1, &env, worktree->path);
strvec_clear(&env); strvec_clear(&env);
return retval; return retval;

2
commit.c
View File

@@ -1713,7 +1713,7 @@ size_t ignore_non_trailer(const char *buf, size_t len)
} }
int run_commit_hook(int editor_is_used, const char *index_file, int run_commit_hook(int editor_is_used, const char *index_file,
const char *name, ...) int *invoked_hook, const char *name, ...)
{ {
struct run_hooks_opt opt = RUN_HOOKS_OPT_INIT; struct run_hooks_opt opt = RUN_HOOKS_OPT_INIT;
va_list args; va_list args;

3
commit.h
View File

@@ -369,7 +369,8 @@ int compare_commits_by_commit_date(const void *a_, const void *b_, void *unused)
int compare_commits_by_gen_then_commit_date(const void *a_, const void *b_, void *unused); int compare_commits_by_gen_then_commit_date(const void *a_, const void *b_, void *unused);
LAST_ARG_MUST_BE_NULL LAST_ARG_MUST_BE_NULL
int run_commit_hook(int editor_is_used, const char *index_file, const char *name, ...); int run_commit_hook(int editor_is_used, const char *index_file,
int *invoked_hook, const char *name, ...);
/* Sign a commit or tag buffer, storing the result in a header. */ /* Sign a commit or tag buffer, storing the result in a header. */
int sign_with_header(struct strbuf *buf, const char *keyid); int sign_with_header(struct strbuf *buf, const char *keyid);

7
hook.c
View File

@@ -96,9 +96,13 @@ static int notify_hook_finished(int result,
void *pp_task_cb) void *pp_task_cb)
{ {
struct hook_cb_data *hook_cb = pp_cb; struct hook_cb_data *hook_cb = pp_cb;
struct run_hooks_opt *opt = hook_cb->options;
hook_cb->rc |= result; hook_cb->rc |= result;
if (opt->invoked_hook)
*opt->invoked_hook = 1;
return 0; return 0;
} }
@@ -123,6 +127,9 @@ int run_hooks_opt(const char *hook_name, struct run_hooks_opt *options)
if (!options) if (!options)
BUG("a struct run_hooks_opt must be provided to run_hooks"); BUG("a struct run_hooks_opt must be provided to run_hooks");
if (options->invoked_hook)
*options->invoked_hook = 0;
if (!hook_path && !options->error_if_missing) if (!hook_path && !options->error_if_missing)
goto cleanup; goto cleanup;

12
hook.h
View File

@@ -18,6 +18,18 @@ struct run_hooks_opt
* translates to "struct child_process"'s "dir" member. * translates to "struct child_process"'s "dir" member.
*/ */
const char *dir; const char *dir;
/**
* A pointer which if provided will be set to 1 or 0 depending
* on if a hook was started, regardless of whether or not that
* was successful. I.e. if the underlying start_command() was
* successful this will be set to 1.
*
* Used for avoiding TOCTOU races in code that would otherwise
* call hook_exist() after a "maybe hook run" to see if a hook
* was invoked.
*/
int *invoked_hook;
}; };
#define RUN_HOOKS_OPT_INIT { \ #define RUN_HOOKS_OPT_INIT { \

4
sequencer.c
View File

@@ -1220,7 +1220,7 @@ static int run_prepare_commit_msg_hook(struct repository *r,
} else { } else {
arg1 = "message"; arg1 = "message";
} }
if (run_commit_hook(0, r->index_file, "prepare-commit-msg", name, if (run_commit_hook(0, r->index_file, NULL, "prepare-commit-msg", name,
arg1, arg2, NULL)) arg1, arg2, NULL))
ret = error(_("'prepare-commit-msg' hook failed")); ret = error(_("'prepare-commit-msg' hook failed"));
@@ -1552,7 +1552,7 @@ static int try_to_commit(struct repository *r,
goto out; goto out;
} }
run_commit_hook(0, r->index_file, "post-commit", NULL); run_commit_hook(0, r->index_file, NULL, "post-commit", NULL);
if (flags & AMEND_MSG) if (flags & AMEND_MSG)
commit_post_rewrite(r, current_head, oid); commit_post_rewrite(r, current_head, oid);