Call AdvertiseRefsHook before validating wants

AdvertiseRefsHook is used to limit the visibility of the refs in Gerrit.
If this hook is not called, then all refs are treated as visible,
causing the server to serve commits reachable from branches the client
should not be able to access, if asked to via a request naming a guessed
object id.

This bug was introduced in v2.0.0.201206130900-r~123 (Modify refs in
UploadPack/ReceivePack using a hook interface, 2012-02-08).  Stateful
bidirectional transports are not affected.

Fix it by moving the AdvertiseRefsHook call to
getAdvertisedOrDefaultRefs, ensuring the hook is called in all cases.

[jn: backported to stable-4.5 by splitting out tests and the protocol v2
 specific parts]

Change-Id: I159f396216354f2eda3968d17802e166d8c8ec2d
Signed-off-by: Masaya Suzuki <masayasuzuki@google.com>
Signed-off-by: Jonathan Nieder <jrn@google.com>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>

diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/UploadPack.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/UploadPack.java
index d1fd67e97728cd56c61170d4f35d5f4b8192024f..0b1848c3114939bda1329e636c04a30305057382 100644 (file)
--- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/UploadPack.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/UploadPack.java
@@ -82,7 +82,6 @@ import org.eclipse.jgit.lib.NullProgressMonitor;
 import org.eclipse.jgit.lib.ObjectId;
 import org.eclipse.jgit.lib.ProgressMonitor;
 import org.eclipse.jgit.lib.Ref;
-import org.eclipse.jgit.lib.RefDatabase;
 import org.eclipse.jgit.lib.Repository;
 import org.eclipse.jgit.revwalk.AsyncRevObjectQueue;
 import org.eclipse.jgit.revwalk.DepthWalk;
@@ -706,8 +705,14 @@ public class UploadPack {
        }
 
        private Map<String, Ref> getAdvertisedOrDefaultRefs() throws IOException {
-               if (refs == null)
-                       setAdvertisedRefs(db.getRefDatabase().getRefs(RefDatabase.ALL));
+               if (refs != null) {
+                       return refs;
+               }
+
+               advertiseRefsHook.advertiseRefs(this);
+               if (refs == null) {
+                       setAdvertisedRefs(db.getRefDatabase().getRefs(ALL));
+               }
                return refs;
        }
 
@@ -866,15 +871,7 @@ public class UploadPack {
         */
        public void sendAdvertisedRefs(final RefAdvertiser adv) throws IOException,
                        ServiceMayNotContinueException {
-               try {
-                       advertiseRefsHook.advertiseRefs(this);
-               } catch (ServiceMayNotContinueException fail) {
-                       if (fail.getMessage() != null) {
-                               adv.writeOne("ERR " + fail.getMessage()); //$NON-NLS-1$
-                               fail.setOutput();
-                       }
-                       throw fail;
-               }
+               Map<String, Ref> advertisedOrDefaultRefs = getAdvertisedOrDefaultRefs();
 
                adv.init(db);
                adv.advertiseCapability(OPTION_INCLUDE_TAG);
@@ -899,7 +896,6 @@ public class UploadPack {
                        adv.advertiseCapability(OPTION_ALLOW_REACHABLE_SHA1_IN_WANT);
                adv.advertiseCapability(OPTION_AGENT, UserAgent.get());
                adv.setDerefTags(true);
-               Map<String, Ref> advertisedOrDefaultRefs = getAdvertisedOrDefaultRefs();
                findSymrefs(adv, advertisedOrDefaultRefs);
                advertised = adv.send(advertisedOrDefaultRefs);
                if (adv.isEmpty())