summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMasaya Suzuki <masayasuzuki@google.com>2018-12-18 09:20:54 -0800
committerMatthias Sohn <matthias.sohn@sap.com>2018-12-24 10:58:43 +0100
commit61f0bd54d058789d73a8db0dfb8d23310aa8c411 (patch)
tree62170fe42ae3e68928d17bbc7848345e3bf96c35
parentc31108bcc55eaf06b2047b9ab284cbf9cd29ebf6 (diff)
downloadjgit-61f0bd54d058789d73a8db0dfb8d23310aa8c411.tar.gz
jgit-61f0bd54d058789d73a8db0dfb8d23310aa8c411.zip
Call AdvertiseRefsHook before validating wants
AdvertiseRefsHook is used to limit the visibility of the refs in Gerrit. If this hook is not called, then all refs are treated as visible, causing the server to serve commits reachable from branches the client should not be able to access, if asked to via a request naming a guessed object id. This bug was introduced in v2.0.0.201206130900-r~123 (Modify refs in UploadPack/ReceivePack using a hook interface, 2012-02-08). Stateful bidirectional transports are not affected. Fix it by moving the AdvertiseRefsHook call to getAdvertisedOrDefaultRefs, ensuring the hook is called in all cases. [jn: backported to stable-4.5 by splitting out tests and the protocol v2 specific parts] Change-Id: I159f396216354f2eda3968d17802e166d8c8ec2d Signed-off-by: Masaya Suzuki <masayasuzuki@google.com> Signed-off-by: Jonathan Nieder <jrn@google.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
-rw-r--r--org.eclipse.jgit/src/org/eclipse/jgit/transport/UploadPack.java22
1 files changed, 9 insertions, 13 deletions
diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/UploadPack.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/UploadPack.java
index d1fd67e977..0b1848c311 100644
--- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/UploadPack.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/UploadPack.java
@@ -82,7 +82,6 @@ import org.eclipse.jgit.lib.NullProgressMonitor;
import org.eclipse.jgit.lib.ObjectId;
import org.eclipse.jgit.lib.ProgressMonitor;
import org.eclipse.jgit.lib.Ref;
-import org.eclipse.jgit.lib.RefDatabase;
import org.eclipse.jgit.lib.Repository;
import org.eclipse.jgit.revwalk.AsyncRevObjectQueue;
import org.eclipse.jgit.revwalk.DepthWalk;
@@ -706,8 +705,14 @@ public class UploadPack {
}
private Map<String, Ref> getAdvertisedOrDefaultRefs() throws IOException {
- if (refs == null)
- setAdvertisedRefs(db.getRefDatabase().getRefs(RefDatabase.ALL));
+ if (refs != null) {
+ return refs;
+ }
+
+ advertiseRefsHook.advertiseRefs(this);
+ if (refs == null) {
+ setAdvertisedRefs(db.getRefDatabase().getRefs(ALL));
+ }
return refs;
}
@@ -866,15 +871,7 @@ public class UploadPack {
*/
public void sendAdvertisedRefs(final RefAdvertiser adv) throws IOException,
ServiceMayNotContinueException {
- try {
- advertiseRefsHook.advertiseRefs(this);
- } catch (ServiceMayNotContinueException fail) {
- if (fail.getMessage() != null) {
- adv.writeOne("ERR " + fail.getMessage()); //$NON-NLS-1$
- fail.setOutput();
- }
- throw fail;
- }
+ Map<String, Ref> advertisedOrDefaultRefs = getAdvertisedOrDefaultRefs();
adv.init(db);
adv.advertiseCapability(OPTION_INCLUDE_TAG);
@@ -899,7 +896,6 @@ public class UploadPack {
adv.advertiseCapability(OPTION_ALLOW_REACHABLE_SHA1_IN_WANT);
adv.advertiseCapability(OPTION_AGENT, UserAgent.get());
adv.setDerefTags(true);
- Map<String, Ref> advertisedOrDefaultRefs = getAdvertisedOrDefaultRefs();
findSymrefs(adv, advertisedOrDefaultRefs);
advertised = adv.send(advertisedOrDefaultRefs);
if (adv.isEmpty())