summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSaša Živkov <sasa.zivkov@sap.com>2014-01-30 15:04:43 +0100
committerSaša Živkov <sasa.zivkov@sap.com>2014-02-25 14:20:31 +0100
commit0d05e5d26ce362b4b8c06e6b847fa93730065b48 (patch)
treee80676a3090b0492f70a557d48eba73193f231a3
parent18b030bcb5c9c60e48df17ab128005829940e117 (diff)
downloadjgit-0d05e5d26ce362b4b8c06e6b847fa93730065b48.tar.gz
jgit-0d05e5d26ce362b4b8c06e6b847fa93730065b48.zip
Possibility to limit the max pack size on receive-pack
The maxPackSizeLimit, when set, will reject a pack if it exceeds that limit. This feature is intended to provide a mechanism to control disk space quota on Git repositories. Change-Id: I83d8db670875c395f8171461b402083323e623a5 CQ: 7896
-rw-r--r--org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties2
-rw-r--r--org.eclipse.jgit/src/org/eclipse/jgit/errors/TooLargePackException.java69
-rw-r--r--org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java2
-rw-r--r--org.eclipse.jgit/src/org/eclipse/jgit/transport/BaseReceivePack.java32
-rw-r--r--org.eclipse.jgit/src/org/eclipse/jgit/util/io/LimitedInputStream.java154
5 files changed, 259 insertions, 0 deletions
diff --git a/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties b/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties
index bb67c127a7..a5a5cf6c99 100644
--- a/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties
+++ b/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties
@@ -403,6 +403,8 @@ readingObjectsFromLocalRepositoryFailed=reading objects from local repository fa
readTimedOut=Read timed out after {0} ms
receivePackObjectTooLarge1=Object too large, rejecting the pack. Max object size limit is {0} bytes.
receivePackObjectTooLarge2=Object too large ({0} bytes), rejecting the pack. Max object size limit is {1} bytes.
+receivePackInvalidLimit=Illegal limit parameter value {0}
+receivePackTooLarge=Pack exceeds the limit of {0} bytes, rejecting the pack
receivingObjects=Receiving objects
refAlreadyExists=already exists
refAlreadyExists1=Ref {0} already exists
diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/errors/TooLargePackException.java b/org.eclipse.jgit/src/org/eclipse/jgit/errors/TooLargePackException.java
new file mode 100644
index 0000000000..5cf0f802c1
--- /dev/null
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/errors/TooLargePackException.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright (C) 2014, Sasa Zivkov <sasa.zivkov@sap.com>, SAP AG
+ * and other copyright owners as documented in the project's IP log.
+ *
+ * This program and the accompanying materials are made available
+ * under the terms of the Eclipse Distribution License v1.0 which
+ * accompanies this distribution, is reproduced below, and is
+ * available at http://www.eclipse.org/org/documents/edl-v10.php
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or
+ * without modification, are permitted provided that the following
+ * conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * - Neither the name of the Eclipse Foundation, Inc. nor the
+ * names of its contributors may be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package org.eclipse.jgit.errors;
+
+import java.io.IOException;
+import java.text.MessageFormat;
+
+import org.eclipse.jgit.internal.JGitText;
+
+/**
+ * Thrown when a pack exceeds a given size limit
+ *
+ * @since 3.3
+ */
+public class TooLargePackException extends IOException {
+ private static final long serialVersionUID = 1L;
+
+ /**
+ * Construct a too large pack exception.
+ *
+ * @param packSizeLimit
+ * the pack size limit (in bytes) that was exceeded
+ */
+ public TooLargePackException(long packSizeLimit) {
+ super(MessageFormat.format(JGitText.get().receivePackTooLarge,
+ Long.valueOf(packSizeLimit)));
+ }
+}
diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java b/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java
index f9700a1ff4..8ca425a15b 100644
--- a/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java
@@ -465,6 +465,8 @@ public class JGitText extends TranslationBundle {
/***/ public String readTimedOut;
/***/ public String receivePackObjectTooLarge1;
/***/ public String receivePackObjectTooLarge2;
+ /***/ public String receivePackInvalidLimit;
+ /***/ public String receivePackTooLarge;
/***/ public String receivingObjects;
/***/ public String refAlreadyExists;
/***/ public String refAlreadyExists1;
diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/BaseReceivePack.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/BaseReceivePack.java
index 39e4aadc9d..67ab9ef3a6 100644
--- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/BaseReceivePack.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/BaseReceivePack.java
@@ -55,6 +55,7 @@ import java.io.EOFException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
+import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
@@ -65,6 +66,7 @@ import java.util.concurrent.TimeUnit;
import org.eclipse.jgit.errors.MissingObjectException;
import org.eclipse.jgit.errors.PackProtocolException;
+import org.eclipse.jgit.errors.TooLargePackException;
import org.eclipse.jgit.internal.JGitText;
import org.eclipse.jgit.internal.storage.file.PackLock;
import org.eclipse.jgit.lib.BatchRefUpdate;
@@ -89,6 +91,7 @@ import org.eclipse.jgit.revwalk.RevTree;
import org.eclipse.jgit.revwalk.RevWalk;
import org.eclipse.jgit.transport.ReceiveCommand.Result;
import org.eclipse.jgit.util.io.InterruptTimer;
+import org.eclipse.jgit.util.io.LimitedInputStream;
import org.eclipse.jgit.util.io.TimeoutInputStream;
import org.eclipse.jgit.util.io.TimeoutOutputStream;
@@ -234,6 +237,9 @@ public abstract class BaseReceivePack {
/** Git object size limit */
private long maxObjectSizeLimit;
+ /** Total pack size limit */
+ private long maxPackSizeLimit = -1;
+
/**
* Create a new pack receive for an open repository.
*
@@ -622,6 +628,24 @@ public abstract class BaseReceivePack {
maxObjectSizeLimit = limit;
}
+
+ /**
+ * Set the maximum allowed pack size.
+ * <p>
+ * A pack exceeding this size will be rejected.
+ *
+ * @param limit
+ * the pack size limit, in bytes
+ *
+ * @since 3.3
+ */
+ public void setMaxPackSizeLimit(final long limit) {
+ if (limit < 0)
+ throw new IllegalArgumentException(MessageFormat.format(
+ JGitText.get().receivePackInvalidLimit, Long.valueOf(limit)));
+ maxPackSizeLimit = limit;
+ }
+
/**
* Check whether the client expects a side-band stream.
*
@@ -741,6 +765,14 @@ public abstract class BaseReceivePack {
rawOut = o;
}
+ if (maxPackSizeLimit >= 0)
+ rawIn = new LimitedInputStream(rawIn, maxPackSizeLimit) {
+ @Override
+ protected void limitExceeded() throws TooLargePackException {
+ throw new TooLargePackException(limit);
+ }
+ };
+
pckIn = new PacketLineIn(rawIn);
pckOut = new PacketLineOut(rawOut);
pckOut.setFlushOnEnd(false);
diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/util/io/LimitedInputStream.java b/org.eclipse.jgit/src/org/eclipse/jgit/util/io/LimitedInputStream.java
new file mode 100644
index 0000000000..85c8172042
--- /dev/null
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/util/io/LimitedInputStream.java
@@ -0,0 +1,154 @@
+/*
+ * Copyright (C) 2007 The Guava Authors
+ * Copyright (C) 2014, Sasa Zivkov <sasa.zivkov@sap.com>, SAP AG
+ * and other copyright owners as documented in the project's IP log.
+ *
+ * This program and the accompanying materials are made available
+ * under the terms of the Eclipse Distribution License v1.0 which
+ * accompanies this distribution, is reproduced below, and is
+ * available at http://www.eclipse.org/org/documents/edl-v10.php
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or
+ * without modification, are permitted provided that the following
+ * conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * - Neither the name of the Eclipse Foundation, Inc. nor the
+ * names of its contributors may be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package org.eclipse.jgit.util.io;
+
+import java.io.FilterInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+/**
+ * Wraps a {@link InputStream}, limiting the number of bytes which can be
+ * read.
+ *
+ * This class was copied and modifed from the Google Guava 16.0. Differently from
+ * the original Guava code, when a caller tries to read from this stream past
+ * the given limit and the wrapped stream hasn't yet reached its EOF this class
+ * will call the limitExceeded method instead of returning EOF.
+ *
+ * @since 3.3
+ */
+public abstract class LimitedInputStream extends FilterInputStream {
+
+ private long left;
+ /** Max number of bytes to be read from the wrapped stream */
+ protected final long limit;
+ private long mark = -1;
+
+ /**
+ * Create a new LimitedInputStream
+ *
+ * @param in an InputStream
+ * @param limit max number of bytes to read from the InputStream
+ */
+ protected LimitedInputStream(InputStream in, long limit) {
+ super(in);
+ left = limit;
+ this.limit = limit;
+ }
+
+ @Override
+ public int available() throws IOException {
+ return (int) Math.min(in.available(), left);
+ }
+
+ // it's okay to mark even if mark isn't supported, as reset won't work
+ @Override
+ public synchronized void mark(int readLimit) {
+ in.mark(readLimit);
+ mark = left;
+ }
+
+ @Override
+ public int read() throws IOException {
+ if (left == 0) {
+ if (in.available() == 0)
+ return -1;
+ else
+ limitExceeded();
+ }
+
+ int result = in.read();
+ if (result != -1)
+ --left;
+ return result;
+ }
+
+ @Override
+ public int read(byte[] b, int off, int len) throws IOException {
+ if (left == 0) {
+ if (in.available() == 0)
+ return -1;
+ else
+ limitExceeded();
+ }
+
+ len = (int) Math.min(len, left);
+ int result = in.read(b, off, len);
+ if (result != -1)
+ left -= result;
+ return result;
+ }
+
+ @Override
+ public synchronized void reset() throws IOException {
+ if (!in.markSupported())
+ throw new IOException("Mark not supported");
+
+ if (mark == -1)
+ throw new IOException("Mark not set");
+
+ in.reset();
+ left = mark;
+ }
+
+ @Override
+ public long skip(long n) throws IOException {
+ n = Math.min(n, left);
+ long skipped = in.skip(n);
+ left -= skipped;
+ return skipped;
+ }
+
+ /**
+ * Called when trying to read past the given {@link #limit} and the wrapped
+ * InputStream {@link #in} hasn't yet reached its EOF
+ *
+ * @throws IOException
+ * subclasses can throw an IOException when the limit is exceeded.
+ * The throws IOException will be forwarded back to the caller of
+ * the read method which read the stream past the limit.
+ */
+ protected abstract void limitExceeded() throws IOException;
+}