mirror of
https://github.com/git/git.git
synced 2024-09-28 08:49:45 +02:00
a5487ddf0f
When the child process's environment is set up in start_command(), error messages were written to wherever the parent redirected the child's stderr channel. However, even if the parent redirected the child's stderr, errors during this setup process, including the exec itself, are usually an indication of a problem in the parent's environment. Therefore, the error messages should go to the parent's stderr. Redirection of the child's error messages is usually only used to redirect hook error messages during client-server exchanges. In these cases, hook setup errors could be regarded as information leak. This patch makes a copy of stderr if necessary and uses a special die routine that is used for all die() calls in the child that sends the errors messages to the parent's stderr. The trace call that reported a failed execvp is removed (because it writes to stderr) and replaced by die_errno() with special treatment of ENOENT. The improvement in the error message can be seen with this sequence: mkdir .git/hooks/pre-commit git commit Previously, the error message was error: cannot run .git/hooks/pre-commit: No such file or directory and now it is fatal: cannot exec '.git/hooks/pre-commit': Permission denied Signed-off-by: Johannes Sixt <j6t@kdbg.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
452 lines
9.4 KiB
C
452 lines
9.4 KiB
C
#include "cache.h"
|
|
#include "run-command.h"
|
|
#include "exec_cmd.h"
|
|
|
|
static inline void close_pair(int fd[2])
|
|
{
|
|
close(fd[0]);
|
|
close(fd[1]);
|
|
}
|
|
|
|
static inline void dup_devnull(int to)
|
|
{
|
|
int fd = open("/dev/null", O_RDWR);
|
|
dup2(fd, to);
|
|
close(fd);
|
|
}
|
|
|
|
#ifndef WIN32
|
|
static int child_err = 2;
|
|
|
|
static NORETURN void die_child(const char *err, va_list params)
|
|
{
|
|
char msg[4096];
|
|
int len = vsnprintf(msg, sizeof(msg), err, params);
|
|
if (len > sizeof(msg))
|
|
len = sizeof(msg);
|
|
|
|
write(child_err, "fatal: ", 7);
|
|
write(child_err, msg, len);
|
|
write(child_err, "\n", 1);
|
|
exit(128);
|
|
}
|
|
|
|
static inline void set_cloexec(int fd)
|
|
{
|
|
int flags = fcntl(fd, F_GETFD);
|
|
if (flags >= 0)
|
|
fcntl(fd, F_SETFD, flags | FD_CLOEXEC);
|
|
}
|
|
#endif
|
|
|
|
int start_command(struct child_process *cmd)
|
|
{
|
|
int need_in, need_out, need_err;
|
|
int fdin[2], fdout[2], fderr[2];
|
|
int failed_errno = failed_errno;
|
|
|
|
/*
|
|
* In case of errors we must keep the promise to close FDs
|
|
* that have been passed in via ->in and ->out.
|
|
*/
|
|
|
|
need_in = !cmd->no_stdin && cmd->in < 0;
|
|
if (need_in) {
|
|
if (pipe(fdin) < 0) {
|
|
failed_errno = errno;
|
|
if (cmd->out > 0)
|
|
close(cmd->out);
|
|
goto fail_pipe;
|
|
}
|
|
cmd->in = fdin[1];
|
|
}
|
|
|
|
need_out = !cmd->no_stdout
|
|
&& !cmd->stdout_to_stderr
|
|
&& cmd->out < 0;
|
|
if (need_out) {
|
|
if (pipe(fdout) < 0) {
|
|
failed_errno = errno;
|
|
if (need_in)
|
|
close_pair(fdin);
|
|
else if (cmd->in)
|
|
close(cmd->in);
|
|
goto fail_pipe;
|
|
}
|
|
cmd->out = fdout[0];
|
|
}
|
|
|
|
need_err = !cmd->no_stderr && cmd->err < 0;
|
|
if (need_err) {
|
|
if (pipe(fderr) < 0) {
|
|
failed_errno = errno;
|
|
if (need_in)
|
|
close_pair(fdin);
|
|
else if (cmd->in)
|
|
close(cmd->in);
|
|
if (need_out)
|
|
close_pair(fdout);
|
|
else if (cmd->out)
|
|
close(cmd->out);
|
|
fail_pipe:
|
|
error("cannot create pipe for %s: %s",
|
|
cmd->argv[0], strerror(failed_errno));
|
|
errno = failed_errno;
|
|
return -1;
|
|
}
|
|
cmd->err = fderr[0];
|
|
}
|
|
|
|
trace_argv_printf(cmd->argv, "trace: run_command:");
|
|
|
|
#ifndef WIN32
|
|
fflush(NULL);
|
|
cmd->pid = fork();
|
|
if (!cmd->pid) {
|
|
/*
|
|
* Redirect the channel to write syscall error messages to
|
|
* before redirecting the process's stderr so that all die()
|
|
* in subsequent call paths use the parent's stderr.
|
|
*/
|
|
if (cmd->no_stderr || need_err) {
|
|
child_err = dup(2);
|
|
set_cloexec(child_err);
|
|
}
|
|
set_die_routine(die_child);
|
|
|
|
if (cmd->no_stdin)
|
|
dup_devnull(0);
|
|
else if (need_in) {
|
|
dup2(fdin[0], 0);
|
|
close_pair(fdin);
|
|
} else if (cmd->in) {
|
|
dup2(cmd->in, 0);
|
|
close(cmd->in);
|
|
}
|
|
|
|
if (cmd->no_stderr)
|
|
dup_devnull(2);
|
|
else if (need_err) {
|
|
dup2(fderr[1], 2);
|
|
close_pair(fderr);
|
|
}
|
|
|
|
if (cmd->no_stdout)
|
|
dup_devnull(1);
|
|
else if (cmd->stdout_to_stderr)
|
|
dup2(2, 1);
|
|
else if (need_out) {
|
|
dup2(fdout[1], 1);
|
|
close_pair(fdout);
|
|
} else if (cmd->out > 1) {
|
|
dup2(cmd->out, 1);
|
|
close(cmd->out);
|
|
}
|
|
|
|
if (cmd->dir && chdir(cmd->dir))
|
|
die_errno("exec '%s': cd to '%s' failed", cmd->argv[0],
|
|
cmd->dir);
|
|
if (cmd->env) {
|
|
for (; *cmd->env; cmd->env++) {
|
|
if (strchr(*cmd->env, '='))
|
|
putenv((char *)*cmd->env);
|
|
else
|
|
unsetenv(*cmd->env);
|
|
}
|
|
}
|
|
if (cmd->preexec_cb)
|
|
cmd->preexec_cb();
|
|
if (cmd->git_cmd) {
|
|
execv_git_cmd(cmd->argv);
|
|
} else {
|
|
execvp(cmd->argv[0], (char *const*) cmd->argv);
|
|
}
|
|
/*
|
|
* Do not check for cmd->silent_exec_failure; the parent
|
|
* process will check it when it sees this exit code.
|
|
*/
|
|
if (errno == ENOENT)
|
|
exit(127);
|
|
else
|
|
die_errno("cannot exec '%s'", cmd->argv[0]);
|
|
}
|
|
if (cmd->pid < 0)
|
|
error("cannot fork() for %s: %s", cmd->argv[0],
|
|
strerror(failed_errno = errno));
|
|
#else
|
|
{
|
|
int s0 = -1, s1 = -1, s2 = -1; /* backups of stdin, stdout, stderr */
|
|
const char **sargv = cmd->argv;
|
|
char **env = environ;
|
|
|
|
if (cmd->no_stdin) {
|
|
s0 = dup(0);
|
|
dup_devnull(0);
|
|
} else if (need_in) {
|
|
s0 = dup(0);
|
|
dup2(fdin[0], 0);
|
|
} else if (cmd->in) {
|
|
s0 = dup(0);
|
|
dup2(cmd->in, 0);
|
|
}
|
|
|
|
if (cmd->no_stderr) {
|
|
s2 = dup(2);
|
|
dup_devnull(2);
|
|
} else if (need_err) {
|
|
s2 = dup(2);
|
|
dup2(fderr[1], 2);
|
|
}
|
|
|
|
if (cmd->no_stdout) {
|
|
s1 = dup(1);
|
|
dup_devnull(1);
|
|
} else if (cmd->stdout_to_stderr) {
|
|
s1 = dup(1);
|
|
dup2(2, 1);
|
|
} else if (need_out) {
|
|
s1 = dup(1);
|
|
dup2(fdout[1], 1);
|
|
} else if (cmd->out > 1) {
|
|
s1 = dup(1);
|
|
dup2(cmd->out, 1);
|
|
}
|
|
|
|
if (cmd->dir)
|
|
die("chdir in start_command() not implemented");
|
|
if (cmd->env)
|
|
env = make_augmented_environ(cmd->env);
|
|
|
|
if (cmd->git_cmd) {
|
|
cmd->argv = prepare_git_cmd(cmd->argv);
|
|
}
|
|
|
|
cmd->pid = mingw_spawnvpe(cmd->argv[0], cmd->argv, env);
|
|
failed_errno = errno;
|
|
if (cmd->pid < 0 && (!cmd->silent_exec_failure || errno != ENOENT))
|
|
error("cannot spawn %s: %s", cmd->argv[0], strerror(errno));
|
|
|
|
if (cmd->env)
|
|
free_environ(env);
|
|
if (cmd->git_cmd)
|
|
free(cmd->argv);
|
|
|
|
cmd->argv = sargv;
|
|
if (s0 >= 0)
|
|
dup2(s0, 0), close(s0);
|
|
if (s1 >= 0)
|
|
dup2(s1, 1), close(s1);
|
|
if (s2 >= 0)
|
|
dup2(s2, 2), close(s2);
|
|
}
|
|
#endif
|
|
|
|
if (cmd->pid < 0) {
|
|
if (need_in)
|
|
close_pair(fdin);
|
|
else if (cmd->in)
|
|
close(cmd->in);
|
|
if (need_out)
|
|
close_pair(fdout);
|
|
else if (cmd->out)
|
|
close(cmd->out);
|
|
if (need_err)
|
|
close_pair(fderr);
|
|
errno = failed_errno;
|
|
return -1;
|
|
}
|
|
|
|
if (need_in)
|
|
close(fdin[0]);
|
|
else if (cmd->in)
|
|
close(cmd->in);
|
|
|
|
if (need_out)
|
|
close(fdout[1]);
|
|
else if (cmd->out)
|
|
close(cmd->out);
|
|
|
|
if (need_err)
|
|
close(fderr[1]);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int wait_or_whine(pid_t pid, const char *argv0, int silent_exec_failure)
|
|
{
|
|
int status, code = -1;
|
|
pid_t waiting;
|
|
int failed_errno = 0;
|
|
|
|
while ((waiting = waitpid(pid, &status, 0)) < 0 && errno == EINTR)
|
|
; /* nothing */
|
|
|
|
if (waiting < 0) {
|
|
failed_errno = errno;
|
|
error("waitpid for %s failed: %s", argv0, strerror(errno));
|
|
} else if (waiting != pid) {
|
|
error("waitpid is confused (%s)", argv0);
|
|
} else if (WIFSIGNALED(status)) {
|
|
code = WTERMSIG(status);
|
|
error("%s died of signal %d", argv0, code);
|
|
/*
|
|
* This return value is chosen so that code & 0xff
|
|
* mimics the exit code that a POSIX shell would report for
|
|
* a program that died from this signal.
|
|
*/
|
|
code -= 128;
|
|
} else if (WIFEXITED(status)) {
|
|
code = WEXITSTATUS(status);
|
|
/*
|
|
* Convert special exit code when execvp failed.
|
|
*/
|
|
if (code == 127) {
|
|
code = -1;
|
|
failed_errno = ENOENT;
|
|
if (!silent_exec_failure)
|
|
error("cannot run %s: %s", argv0,
|
|
strerror(ENOENT));
|
|
}
|
|
} else {
|
|
error("waitpid is confused (%s)", argv0);
|
|
}
|
|
errno = failed_errno;
|
|
return code;
|
|
}
|
|
|
|
int finish_command(struct child_process *cmd)
|
|
{
|
|
return wait_or_whine(cmd->pid, cmd->argv[0], cmd->silent_exec_failure);
|
|
}
|
|
|
|
int run_command(struct child_process *cmd)
|
|
{
|
|
int code = start_command(cmd);
|
|
if (code)
|
|
return code;
|
|
return finish_command(cmd);
|
|
}
|
|
|
|
static void prepare_run_command_v_opt(struct child_process *cmd,
|
|
const char **argv,
|
|
int opt)
|
|
{
|
|
memset(cmd, 0, sizeof(*cmd));
|
|
cmd->argv = argv;
|
|
cmd->no_stdin = opt & RUN_COMMAND_NO_STDIN ? 1 : 0;
|
|
cmd->git_cmd = opt & RUN_GIT_CMD ? 1 : 0;
|
|
cmd->stdout_to_stderr = opt & RUN_COMMAND_STDOUT_TO_STDERR ? 1 : 0;
|
|
cmd->silent_exec_failure = opt & RUN_SILENT_EXEC_FAILURE ? 1 : 0;
|
|
}
|
|
|
|
int run_command_v_opt(const char **argv, int opt)
|
|
{
|
|
struct child_process cmd;
|
|
prepare_run_command_v_opt(&cmd, argv, opt);
|
|
return run_command(&cmd);
|
|
}
|
|
|
|
int run_command_v_opt_cd_env(const char **argv, int opt, const char *dir, const char *const *env)
|
|
{
|
|
struct child_process cmd;
|
|
prepare_run_command_v_opt(&cmd, argv, opt);
|
|
cmd.dir = dir;
|
|
cmd.env = env;
|
|
return run_command(&cmd);
|
|
}
|
|
|
|
#ifdef WIN32
|
|
static unsigned __stdcall run_thread(void *data)
|
|
{
|
|
struct async *async = data;
|
|
return async->proc(async->fd_for_proc, async->data);
|
|
}
|
|
#endif
|
|
|
|
int start_async(struct async *async)
|
|
{
|
|
int pipe_out[2];
|
|
|
|
if (pipe(pipe_out) < 0)
|
|
return error("cannot create pipe: %s", strerror(errno));
|
|
async->out = pipe_out[0];
|
|
|
|
#ifndef WIN32
|
|
/* Flush stdio before fork() to avoid cloning buffers */
|
|
fflush(NULL);
|
|
|
|
async->pid = fork();
|
|
if (async->pid < 0) {
|
|
error("fork (async) failed: %s", strerror(errno));
|
|
close_pair(pipe_out);
|
|
return -1;
|
|
}
|
|
if (!async->pid) {
|
|
close(pipe_out[0]);
|
|
exit(!!async->proc(pipe_out[1], async->data));
|
|
}
|
|
close(pipe_out[1]);
|
|
#else
|
|
async->fd_for_proc = pipe_out[1];
|
|
async->tid = (HANDLE) _beginthreadex(NULL, 0, run_thread, async, 0, NULL);
|
|
if (!async->tid) {
|
|
error("cannot create thread: %s", strerror(errno));
|
|
close_pair(pipe_out);
|
|
return -1;
|
|
}
|
|
#endif
|
|
return 0;
|
|
}
|
|
|
|
int finish_async(struct async *async)
|
|
{
|
|
#ifndef WIN32
|
|
int ret = wait_or_whine(async->pid, "child process", 0);
|
|
#else
|
|
DWORD ret = 0;
|
|
if (WaitForSingleObject(async->tid, INFINITE) != WAIT_OBJECT_0)
|
|
ret = error("waiting for thread failed: %lu", GetLastError());
|
|
else if (!GetExitCodeThread(async->tid, &ret))
|
|
ret = error("cannot get thread exit code: %lu", GetLastError());
|
|
CloseHandle(async->tid);
|
|
#endif
|
|
return ret;
|
|
}
|
|
|
|
int run_hook(const char *index_file, const char *name, ...)
|
|
{
|
|
struct child_process hook;
|
|
const char **argv = NULL, *env[2];
|
|
char index[PATH_MAX];
|
|
va_list args;
|
|
int ret;
|
|
size_t i = 0, alloc = 0;
|
|
|
|
if (access(git_path("hooks/%s", name), X_OK) < 0)
|
|
return 0;
|
|
|
|
va_start(args, name);
|
|
ALLOC_GROW(argv, i + 1, alloc);
|
|
argv[i++] = git_path("hooks/%s", name);
|
|
while (argv[i-1]) {
|
|
ALLOC_GROW(argv, i + 1, alloc);
|
|
argv[i++] = va_arg(args, const char *);
|
|
}
|
|
va_end(args);
|
|
|
|
memset(&hook, 0, sizeof(hook));
|
|
hook.argv = argv;
|
|
hook.no_stdin = 1;
|
|
hook.stdout_to_stderr = 1;
|
|
if (index_file) {
|
|
snprintf(index, sizeof(index), "GIT_INDEX_FILE=%s", index_file);
|
|
env[0] = index;
|
|
env[1] = NULL;
|
|
hook.env = env;
|
|
}
|
|
|
|
ret = run_command(&hook);
|
|
free(argv);
|
|
return ret;
|
|
}
|