The maxPackSizeLimit, when set, will reject a pack if it exceeds that limit. This feature is intended to provide a mechanism to control disk space quota on Git repositories. Change-Id: I83d8db670875c395f8171461b402083323e623a5 CQ: 7896tags/v3.3.0.201403021825-r
@@ -403,6 +403,8 @@ readingObjectsFromLocalRepositoryFailed=reading objects from local repository fa | |||
readTimedOut=Read timed out after {0} ms | |||
receivePackObjectTooLarge1=Object too large, rejecting the pack. Max object size limit is {0} bytes. | |||
receivePackObjectTooLarge2=Object too large ({0} bytes), rejecting the pack. Max object size limit is {1} bytes. | |||
receivePackInvalidLimit=Illegal limit parameter value {0} | |||
receivePackTooLarge=Pack exceeds the limit of {0} bytes, rejecting the pack | |||
receivingObjects=Receiving objects | |||
refAlreadyExists=already exists | |||
refAlreadyExists1=Ref {0} already exists |
@@ -0,0 +1,69 @@ | |||
/* | |||
* Copyright (C) 2014, Sasa Zivkov <sasa.zivkov@sap.com>, SAP AG | |||
* and other copyright owners as documented in the project's IP log. | |||
* | |||
* This program and the accompanying materials are made available | |||
* under the terms of the Eclipse Distribution License v1.0 which | |||
* accompanies this distribution, is reproduced below, and is | |||
* available at http://www.eclipse.org/org/documents/edl-v10.php | |||
* | |||
* All rights reserved. | |||
* | |||
* Redistribution and use in source and binary forms, with or | |||
* without modification, are permitted provided that the following | |||
* conditions are met: | |||
* | |||
* - Redistributions of source code must retain the above copyright | |||
* notice, this list of conditions and the following disclaimer. | |||
* | |||
* - Redistributions in binary form must reproduce the above | |||
* copyright notice, this list of conditions and the following | |||
* disclaimer in the documentation and/or other materials provided | |||
* with the distribution. | |||
* | |||
* - Neither the name of the Eclipse Foundation, Inc. nor the | |||
* names of its contributors may be used to endorse or promote | |||
* products derived from this software without specific prior | |||
* written permission. | |||
* | |||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND | |||
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, | |||
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |||
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR | |||
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER | |||
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF | |||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |||
*/ | |||
package org.eclipse.jgit.errors; | |||
import java.io.IOException; | |||
import java.text.MessageFormat; | |||
import org.eclipse.jgit.internal.JGitText; | |||
/** | |||
* Thrown when a pack exceeds a given size limit | |||
* | |||
* @since 3.3 | |||
*/ | |||
public class TooLargePackException extends IOException { | |||
private static final long serialVersionUID = 1L; | |||
/** | |||
* Construct a too large pack exception. | |||
* | |||
* @param packSizeLimit | |||
* the pack size limit (in bytes) that was exceeded | |||
*/ | |||
public TooLargePackException(long packSizeLimit) { | |||
super(MessageFormat.format(JGitText.get().receivePackTooLarge, | |||
Long.valueOf(packSizeLimit))); | |||
} | |||
} |
@@ -465,6 +465,8 @@ public class JGitText extends TranslationBundle { | |||
/***/ public String readTimedOut; | |||
/***/ public String receivePackObjectTooLarge1; | |||
/***/ public String receivePackObjectTooLarge2; | |||
/***/ public String receivePackInvalidLimit; | |||
/***/ public String receivePackTooLarge; | |||
/***/ public String receivingObjects; | |||
/***/ public String refAlreadyExists; | |||
/***/ public String refAlreadyExists1; |
@@ -55,6 +55,7 @@ import java.io.EOFException; | |||
import java.io.IOException; | |||
import java.io.InputStream; | |||
import java.io.OutputStream; | |||
import java.text.MessageFormat; | |||
import java.util.ArrayList; | |||
import java.util.Collections; | |||
import java.util.HashSet; | |||
@@ -65,6 +66,7 @@ import java.util.concurrent.TimeUnit; | |||
import org.eclipse.jgit.errors.MissingObjectException; | |||
import org.eclipse.jgit.errors.PackProtocolException; | |||
import org.eclipse.jgit.errors.TooLargePackException; | |||
import org.eclipse.jgit.internal.JGitText; | |||
import org.eclipse.jgit.internal.storage.file.PackLock; | |||
import org.eclipse.jgit.lib.BatchRefUpdate; | |||
@@ -89,6 +91,7 @@ import org.eclipse.jgit.revwalk.RevTree; | |||
import org.eclipse.jgit.revwalk.RevWalk; | |||
import org.eclipse.jgit.transport.ReceiveCommand.Result; | |||
import org.eclipse.jgit.util.io.InterruptTimer; | |||
import org.eclipse.jgit.util.io.LimitedInputStream; | |||
import org.eclipse.jgit.util.io.TimeoutInputStream; | |||
import org.eclipse.jgit.util.io.TimeoutOutputStream; | |||
@@ -234,6 +237,9 @@ public abstract class BaseReceivePack { | |||
/** Git object size limit */ | |||
private long maxObjectSizeLimit; | |||
/** Total pack size limit */ | |||
private long maxPackSizeLimit = -1; | |||
/** | |||
* Create a new pack receive for an open repository. | |||
* | |||
@@ -622,6 +628,24 @@ public abstract class BaseReceivePack { | |||
maxObjectSizeLimit = limit; | |||
} | |||
/** | |||
* Set the maximum allowed pack size. | |||
* <p> | |||
* A pack exceeding this size will be rejected. | |||
* | |||
* @param limit | |||
* the pack size limit, in bytes | |||
* | |||
* @since 3.3 | |||
*/ | |||
public void setMaxPackSizeLimit(final long limit) { | |||
if (limit < 0) | |||
throw new IllegalArgumentException(MessageFormat.format( | |||
JGitText.get().receivePackInvalidLimit, Long.valueOf(limit))); | |||
maxPackSizeLimit = limit; | |||
} | |||
/** | |||
* Check whether the client expects a side-band stream. | |||
* | |||
@@ -741,6 +765,14 @@ public abstract class BaseReceivePack { | |||
rawOut = o; | |||
} | |||
if (maxPackSizeLimit >= 0) | |||
rawIn = new LimitedInputStream(rawIn, maxPackSizeLimit) { | |||
@Override | |||
protected void limitExceeded() throws TooLargePackException { | |||
throw new TooLargePackException(limit); | |||
} | |||
}; | |||
pckIn = new PacketLineIn(rawIn); | |||
pckOut = new PacketLineOut(rawOut); | |||
pckOut.setFlushOnEnd(false); |
@@ -0,0 +1,154 @@ | |||
/* | |||
* Copyright (C) 2007 The Guava Authors | |||
* Copyright (C) 2014, Sasa Zivkov <sasa.zivkov@sap.com>, SAP AG | |||
* and other copyright owners as documented in the project's IP log. | |||
* | |||
* This program and the accompanying materials are made available | |||
* under the terms of the Eclipse Distribution License v1.0 which | |||
* accompanies this distribution, is reproduced below, and is | |||
* available at http://www.eclipse.org/org/documents/edl-v10.php | |||
* | |||
* All rights reserved. | |||
* | |||
* Redistribution and use in source and binary forms, with or | |||
* without modification, are permitted provided that the following | |||
* conditions are met: | |||
* | |||
* - Redistributions of source code must retain the above copyright | |||
* notice, this list of conditions and the following disclaimer. | |||
* | |||
* - Redistributions in binary form must reproduce the above | |||
* copyright notice, this list of conditions and the following | |||
* disclaimer in the documentation and/or other materials provided | |||
* with the distribution. | |||
* | |||
* - Neither the name of the Eclipse Foundation, Inc. nor the | |||
* names of its contributors may be used to endorse or promote | |||
* products derived from this software without specific prior | |||
* written permission. | |||
* | |||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND | |||
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, | |||
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |||
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR | |||
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER | |||
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF | |||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |||
*/ | |||
package org.eclipse.jgit.util.io; | |||
import java.io.FilterInputStream; | |||
import java.io.IOException; | |||
import java.io.InputStream; | |||
/** | |||
* Wraps a {@link InputStream}, limiting the number of bytes which can be | |||
* read. | |||
* | |||
* This class was copied and modifed from the Google Guava 16.0. Differently from | |||
* the original Guava code, when a caller tries to read from this stream past | |||
* the given limit and the wrapped stream hasn't yet reached its EOF this class | |||
* will call the limitExceeded method instead of returning EOF. | |||
* | |||
* @since 3.3 | |||
*/ | |||
public abstract class LimitedInputStream extends FilterInputStream { | |||
private long left; | |||
/** Max number of bytes to be read from the wrapped stream */ | |||
protected final long limit; | |||
private long mark = -1; | |||
/** | |||
* Create a new LimitedInputStream | |||
* | |||
* @param in an InputStream | |||
* @param limit max number of bytes to read from the InputStream | |||
*/ | |||
protected LimitedInputStream(InputStream in, long limit) { | |||
super(in); | |||
left = limit; | |||
this.limit = limit; | |||
} | |||
@Override | |||
public int available() throws IOException { | |||
return (int) Math.min(in.available(), left); | |||
} | |||
// it's okay to mark even if mark isn't supported, as reset won't work | |||
@Override | |||
public synchronized void mark(int readLimit) { | |||
in.mark(readLimit); | |||
mark = left; | |||
} | |||
@Override | |||
public int read() throws IOException { | |||
if (left == 0) { | |||
if (in.available() == 0) | |||
return -1; | |||
else | |||
limitExceeded(); | |||
} | |||
int result = in.read(); | |||
if (result != -1) | |||
--left; | |||
return result; | |||
} | |||
@Override | |||
public int read(byte[] b, int off, int len) throws IOException { | |||
if (left == 0) { | |||
if (in.available() == 0) | |||
return -1; | |||
else | |||
limitExceeded(); | |||
} | |||
len = (int) Math.min(len, left); | |||
int result = in.read(b, off, len); | |||
if (result != -1) | |||
left -= result; | |||
return result; | |||
} | |||
@Override | |||
public synchronized void reset() throws IOException { | |||
if (!in.markSupported()) | |||
throw new IOException("Mark not supported"); | |||
if (mark == -1) | |||
throw new IOException("Mark not set"); | |||
in.reset(); | |||
left = mark; | |||
} | |||
@Override | |||
public long skip(long n) throws IOException { | |||
n = Math.min(n, left); | |||
long skipped = in.skip(n); | |||
left -= skipped; | |||
return skipped; | |||
} | |||
/** | |||
* Called when trying to read past the given {@link #limit} and the wrapped | |||
* InputStream {@link #in} hasn't yet reached its EOF | |||
* | |||
* @throws IOException | |||
* subclasses can throw an IOException when the limit is exceeded. | |||
* The throws IOException will be forwarded back to the caller of | |||
* the read method which read the stream past the limit. | |||
*/ | |||
protected abstract void limitExceeded() throws IOException; | |||
} |