mirror of
https://github.com/git/git.git
synced 2024-10-21 06:59:20 +02:00
6bc0cb5176
When http-backend spawns "upload-pack" to do ref
negotiation, it streams the http request body to
upload-pack, who then streams the http response back to the
client as it reads. In theory, git can go full-duplex; the
client can consume our response while it is still sending
the request. In practice, however, HTTP is a half-duplex
protocol. Even if our client is ready to read and write
simultaneously, we may have other HTTP infrastructure in the
way, including the webserver that spawns our CGI, or any
intermediate proxies.
In at least one documented case[1], this leads to deadlock
when trying a fetch over http. What happens is basically:
1. Apache proxies the request to the CGI, http-backend.
2. http-backend gzip-inflates the data and sends
the result to upload-pack.
3. upload-pack acts on the data and generates output over
the pipe back to Apache. Apache isn't reading because
it's busy writing (step 1).
This works fine most of the time, because the upload-pack
output ends up in a system pipe buffer, and Apache reads
it as soon as it finishes writing. But if both the request
and the response exceed the system pipe buffer size, then we
deadlock (Apache blocks writing to http-backend,
http-backend blocks writing to upload-pack, and upload-pack
blocks writing to Apache).
We need to break the deadlock by spooling either the input
or the output. In this case, it's ideal to spool the input,
because Apache does not start reading either stdout _or_
stderr until we have consumed all of the input. So until we
do so, we cannot even get an error message out to the
client.
The solution is fairly straight-forward: we read the request
body into an in-memory buffer in http-backend, freeing up
Apache, and then feed the data ourselves to upload-pack. But
there are a few important things to note:
1. We limit the in-memory buffer to prevent an obvious
denial-of-service attack. This is a new hard limit on
requests, but it's unlikely to come into play. The
default value is 10MB, which covers even the ridiculous
100,000-ref negotation in the included test (that
actually caps out just over 5MB). But it's configurable
on the off chance that you don't mind spending some
extra memory to make even ridiculous requests work.
2. We must take care only to buffer when we have to. For
pushes, the incoming packfile may be of arbitrary
size, and we should connect the input directly to
receive-pack. There's no deadlock problem here, though,
because we do not produce any output until the whole
packfile has been read.
For upload-pack's initial ref advertisement, we
similarly do not need to buffer. Even though we may
generate a lot of output, there is no request body at
all (i.e., it is a GET, not a POST).
[1] http://article.gmane.org/gmane.comp.version-control.git/269020
Test-adapted-from: Dennis Kaarsemaker <dennis@kaarsemaker.net>
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
|
||
|---|---|---|
| .. | ||
| howto | ||
| RelNotes | ||
| technical | ||
| .gitattributes | ||
| .gitignore | ||
| asciidoc.conf | ||
| blame-options.txt | ||
| build-docdep.perl | ||
| cat-texi.perl | ||
| cmd-list.perl | ||
| CodingGuidelines | ||
| config.txt | ||
| date-formats.txt | ||
| diff-config.txt | ||
| diff-format.txt | ||
| diff-generate-patch.txt | ||
| diff-options.txt | ||
| docbook-xsl.css | ||
| docbook.xsl | ||
| everyday.txto | ||
| fetch-options.txt | ||
| fix-texi.perl | ||
| git-add.txt | ||
| git-am.txt | ||
| git-annotate.txt | ||
| git-apply.txt | ||
| git-archimport.txt | ||
| git-archive.txt | ||
| git-bisect-lk2009.txt | ||
| git-bisect.txt | ||
| git-blame.txt | ||
| git-branch.txt | ||
| git-bundle.txt | ||
| git-cat-file.txt | ||
| git-check-attr.txt | ||
| git-check-ignore.txt | ||
| git-check-mailmap.txt | ||
| git-check-ref-format.txt | ||
| git-checkout-index.txt | ||
| git-checkout.txt | ||
| git-cherry-pick.txt | ||
| git-cherry.txt | ||
| git-citool.txt | ||
| git-clean.txt | ||
| git-clone.txt | ||
| git-column.txt | ||
| git-commit-tree.txt | ||
| git-commit.txt | ||
| git-config.txt | ||
| git-count-objects.txt | ||
| git-credential-cache--daemon.txt | ||
| git-credential-cache.txt | ||
| git-credential-store.txt | ||
| git-credential.txt | ||
| git-cvsexportcommit.txt | ||
| git-cvsimport.txt | ||
| git-cvsserver.txt | ||
| git-daemon.txt | ||
| git-describe.txt | ||
| git-diff-files.txt | ||
| git-diff-index.txt | ||
| git-diff-tree.txt | ||
| git-diff.txt | ||
| git-difftool.txt | ||
| git-fast-export.txt | ||
| git-fast-import.txt | ||
| git-fetch-pack.txt | ||
| git-fetch.txt | ||
| git-filter-branch.txt | ||
| git-fmt-merge-msg.txt | ||
| git-for-each-ref.txt | ||
| git-format-patch.txt | ||
| git-fsck-objects.txt | ||
| git-fsck.txt | ||
| git-gc.txt | ||
| git-get-tar-commit-id.txt | ||
| git-grep.txt | ||
| git-gui.txt | ||
| git-hash-object.txt | ||
| git-help.txt | ||
| git-http-backend.txt | ||
| git-http-fetch.txt | ||
| git-http-push.txt | ||
| git-imap-send.txt | ||
| git-index-pack.txt | ||
| git-init-db.txt | ||
| git-init.txt | ||
| git-instaweb.txt | ||
| git-interpret-trailers.txt | ||
| git-log.txt | ||
| git-ls-files.txt | ||
| git-ls-remote.txt | ||
| git-ls-tree.txt | ||
| git-mailinfo.txt | ||
| git-mailsplit.txt | ||
| git-merge-base.txt | ||
| git-merge-file.txt | ||
| git-merge-index.txt | ||
| git-merge-one-file.txt | ||
| git-merge-tree.txt | ||
| git-merge.txt | ||
| git-mergetool--lib.txt | ||
| git-mergetool.txt | ||
| git-mktag.txt | ||
| git-mktree.txt | ||
| git-mv.txt | ||
| git-name-rev.txt | ||
| git-notes.txt | ||
| git-p4.txt | ||
| git-pack-objects.txt | ||
| git-pack-redundant.txt | ||
| git-pack-refs.txt | ||
| git-parse-remote.txt | ||
| git-patch-id.txt | ||
| git-prune-packed.txt | ||
| git-prune.txt | ||
| git-pull.txt | ||
| git-push.txt | ||
| git-quiltimport.txt | ||
| git-read-tree.txt | ||
| git-rebase.txt | ||
| git-receive-pack.txt | ||
| git-reflog.txt | ||
| git-relink.txt | ||
| git-remote-ext.txt | ||
| git-remote-fd.txt | ||
| git-remote-helpers.txto | ||
| git-remote-testgit.txt | ||
| git-remote.txt | ||
| git-repack.txt | ||
| git-replace.txt | ||
| git-request-pull.txt | ||
| git-rerere.txt | ||
| git-reset.txt | ||
| git-rev-list.txt | ||
| git-rev-parse.txt | ||
| git-revert.txt | ||
| git-rm.txt | ||
| git-send-email.txt | ||
| git-send-pack.txt | ||
| git-sh-i18n--envsubst.txt | ||
| git-sh-i18n.txt | ||
| git-sh-setup.txt | ||
| git-shell.txt | ||
| git-shortlog.txt | ||
| git-show-branch.txt | ||
| git-show-index.txt | ||
| git-show-ref.txt | ||
| git-show.txt | ||
| git-stage.txt | ||
| git-stash.txt | ||
| git-status.txt | ||
| git-stripspace.txt | ||
| git-submodule.txt | ||
| git-svn.txt | ||
| git-symbolic-ref.txt | ||
| git-tag.txt | ||
| git-tools.txt | ||
| git-unpack-file.txt | ||
| git-unpack-objects.txt | ||
| git-update-index.txt | ||
| git-update-ref.txt | ||
| git-update-server-info.txt | ||
| git-upload-archive.txt | ||
| git-upload-pack.txt | ||
| git-var.txt | ||
| git-verify-commit.txt | ||
| git-verify-pack.txt | ||
| git-verify-tag.txt | ||
| git-web--browse.txt | ||
| git-whatchanged.txt | ||
| git-write-tree.txt | ||
| git.txt | ||
| gitattributes.txt | ||
| gitcli.txt | ||
| gitcore-tutorial.txt | ||
| gitcredentials.txt | ||
| gitcvs-migration.txt | ||
| gitdiffcore.txt | ||
| giteveryday.txt | ||
| gitglossary.txt | ||
| githooks.txt | ||
| gitignore.txt | ||
| gitk.txt | ||
| gitmodules.txt | ||
| gitnamespaces.txt | ||
| gitremote-helpers.txt | ||
| gitrepository-layout.txt | ||
| gitrevisions.txt | ||
| gittutorial-2.txt | ||
| gittutorial.txt | ||
| gitweb.conf.txt | ||
| gitweb.txt | ||
| gitworkflows.txt | ||
| glossary-content.txt | ||
| howto-index.sh | ||
| i18n.txt | ||
| install-doc-quick.sh | ||
| install-webdoc.sh | ||
| line-range-format.txt | ||
| mailmap.txt | ||
| Makefile | ||
| manpage-1.72.xsl | ||
| manpage-base-url.xsl.in | ||
| manpage-base.xsl | ||
| manpage-bold-literal.xsl | ||
| manpage-normal.xsl | ||
| manpage-quote-apos.xsl | ||
| manpage-suppress-sp.xsl | ||
| merge-config.txt | ||
| merge-options.txt | ||
| merge-strategies.txt | ||
| pretty-formats.txt | ||
| pretty-options.txt | ||
| pull-fetch-param.txt | ||
| rev-list-options.txt | ||
| revisions.txt | ||
| sequencer.txt | ||
| SubmittingPatches | ||
| urls-remotes.txt | ||
| urls.txt | ||
| user-manual.conf | ||
| user-manual.txt | ||