 fb3d1a083f
			
		
	
	fb3d1a083f
	
	
	
		
			
			During stateless packfile negotiation where a depth is given, stateless RPC clients (e.g. git-remote-curl) will send multiple upload-pack requests with the first containing only the wants/shallows/deepens/filters and the subsequent containing haves/done. When upload-pack handles such requests, entering get_common_commits without checking whether the client has hung up can result in unexpected EOF during the negotiation loop and a die() with message "fatal: the remote end hung up unexpectedly". Real world effects include: - A client speaking to git-http-backend via a server that doesn't check the exit codes of CGIs (e.g. mod_cgi) doesn't know and doesn't care about the fatal. It continues to process the response body as normal. - A client speaking to a server that does check the exit code and returns an errant HTTP status as a result will fail with the message "error: RPC failed; HTTP 500 curl 22 The requested URL returned error: 500." - Admins running servers that surface the failure must workaround it by patching code that handles execution of git-http-backend to ignore exit codes or take other heuristic approaches. - Admins may have to deal with "hung up unexpectedly" log spam related to the failures even in cases where the exit code isn't surfaced as an HTTP server-side error status. To avoid these EOF related fatals, have upload-pack gently peek for an EOF between the sending of shallow/unshallow lines (followed by flush) and the reading of client haves. If the client has hung up at this point, exit normally. Signed-off-by: Daniel Duvall <dan@mutual.io> Signed-off-by: Junio C Hamano <gitster@pobox.com>
		
			
				
	
	
		
			123 lines
		
	
	
		
			3.0 KiB
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
			
		
		
	
	
			123 lines
		
	
	
		
			3.0 KiB
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
| #!/bin/sh
 | |
| 
 | |
| test_description='errors in upload-pack'
 | |
| 
 | |
| . ./test-lib.sh
 | |
| 
 | |
| D=$(pwd)
 | |
| 
 | |
| corrupt_repo () {
 | |
| 	object_sha1=$(git rev-parse "$1") &&
 | |
| 	ob=$(expr "$object_sha1" : "\(..\)") &&
 | |
| 	ject=$(expr "$object_sha1" : "..\(..*\)") &&
 | |
| 	rm -f ".git/objects/$ob/$ject"
 | |
| }
 | |
| 
 | |
| test_expect_success 'setup and corrupt repository' '
 | |
| 	echo file >file &&
 | |
| 	git add file &&
 | |
| 	git rev-parse :file &&
 | |
| 	git commit -a -m original &&
 | |
| 	test_tick &&
 | |
| 	echo changed >file &&
 | |
| 	git commit -a -m changed &&
 | |
| 	corrupt_repo HEAD:file
 | |
| 
 | |
| '
 | |
| 
 | |
| test_expect_success 'fsck fails' '
 | |
| 	test_must_fail git fsck
 | |
| '
 | |
| 
 | |
| test_expect_success 'upload-pack fails due to error in pack-objects packing' '
 | |
| 	head=$(git rev-parse HEAD) &&
 | |
| 	hexsz=$(test_oid hexsz) &&
 | |
| 	printf "%04xwant %s\n00000009done\n0000" \
 | |
| 		$(($hexsz + 10)) $head >input &&
 | |
| 	test_must_fail git upload-pack . <input >/dev/null 2>output.err &&
 | |
| 	test_i18ngrep "unable to read" output.err &&
 | |
| 	test_i18ngrep "pack-objects died" output.err
 | |
| '
 | |
| 
 | |
| test_expect_success 'corrupt repo differently' '
 | |
| 
 | |
| 	git hash-object -w file &&
 | |
| 	corrupt_repo HEAD^^{tree}
 | |
| 
 | |
| '
 | |
| 
 | |
| test_expect_success 'fsck fails' '
 | |
| 	test_must_fail git fsck
 | |
| '
 | |
| test_expect_success 'upload-pack fails due to error in rev-list' '
 | |
| 
 | |
| 	printf "%04xwant %s\n%04xshallow %s00000009done\n0000" \
 | |
| 		$(($hexsz + 10)) $(git rev-parse HEAD) \
 | |
| 		$(($hexsz + 12)) $(git rev-parse HEAD^) >input &&
 | |
| 	test_must_fail git upload-pack . <input >/dev/null 2>output.err &&
 | |
| 	grep "bad tree object" output.err
 | |
| '
 | |
| 
 | |
| test_expect_success 'upload-pack fails due to bad want (no object)' '
 | |
| 
 | |
| 	printf "%04xwant %s multi_ack_detailed\n00000009done\n0000" \
 | |
| 		$(($hexsz + 29)) $(test_oid deadbeef) >input &&
 | |
| 	test_must_fail git upload-pack . <input >output 2>output.err &&
 | |
| 	grep "not our ref" output.err &&
 | |
| 	grep "ERR" output &&
 | |
| 	! grep multi_ack_detailed output.err
 | |
| '
 | |
| 
 | |
| test_expect_success 'upload-pack fails due to bad want (not tip)' '
 | |
| 
 | |
| 	oid=$(echo an object we have | git hash-object -w --stdin) &&
 | |
| 	printf "%04xwant %s multi_ack_detailed\n00000009done\n0000" \
 | |
| 		$(($hexsz + 29)) "$oid" >input &&
 | |
| 	test_must_fail git upload-pack . <input >output 2>output.err &&
 | |
| 	grep "not our ref" output.err &&
 | |
| 	grep "ERR" output &&
 | |
| 	! grep multi_ack_detailed output.err
 | |
| '
 | |
| 
 | |
| test_expect_success 'upload-pack fails due to error in pack-objects enumeration' '
 | |
| 
 | |
| 	printf "%04xwant %s\n00000009done\n0000" \
 | |
| 		$((hexsz + 10)) $(git rev-parse HEAD) >input &&
 | |
| 	test_must_fail git upload-pack . <input >/dev/null 2>output.err &&
 | |
| 	grep "bad tree object" output.err &&
 | |
| 	grep "pack-objects died" output.err
 | |
| '
 | |
| 
 | |
| test_expect_success 'upload-pack tolerates EOF just after stateless client wants' '
 | |
| 	test_commit initial &&
 | |
| 	head=$(git rev-parse HEAD) &&
 | |
| 
 | |
| 	{
 | |
| 		packetize "want $head" &&
 | |
| 		packetize "shallow $head" &&
 | |
| 		packetize "deepen 1" &&
 | |
| 		printf "0000"
 | |
| 	} >request &&
 | |
| 
 | |
| 	printf "0000" >expect &&
 | |
| 
 | |
| 	git upload-pack --stateless-rpc . <request >actual &&
 | |
| 	test_cmp expect actual
 | |
| '
 | |
| 
 | |
| test_expect_success 'create empty repository' '
 | |
| 
 | |
| 	mkdir foo &&
 | |
| 	cd foo &&
 | |
| 	git init
 | |
| 
 | |
| '
 | |
| 
 | |
| test_expect_success 'fetch fails' '
 | |
| 
 | |
| 	test_must_fail git fetch .. master
 | |
| 
 | |
| '
 | |
| 
 | |
| test_done
 |