Merge branch 'ab/racy-hooks'
Code clean-up to allow callers of run_commit_hook() to learn if it got "success" because the hook succeeded or because there wasn't any hook. * ab/racy-hooks: hooks: fix an obscure TOCTOU "did we just run a hook?" race merge: don't run post-hook logic on --no-verify
This commit is contained in:
commit
7431379a9c
@ -726,11 +726,13 @@ static int prepare_to_commit(const char *index_file, const char *prefix,
|
||||
int clean_message_contents = (cleanup_mode != COMMIT_MSG_CLEANUP_NONE);
|
||||
int old_display_comment_prefix;
|
||||
int merge_contains_scissors = 0;
|
||||
int invoked_hook;
|
||||
|
||||
/* This checks and barfs if author is badly specified */
|
||||
determine_author_info(author_ident);
|
||||
|
||||
if (!no_verify && run_commit_hook(use_editor, index_file, "pre-commit", NULL))
|
||||
if (!no_verify && run_commit_hook(use_editor, index_file, &invoked_hook,
|
||||
"pre-commit", NULL))
|
||||
return 0;
|
||||
|
||||
if (squash_message) {
|
||||
@ -1053,10 +1055,10 @@ static int prepare_to_commit(const char *index_file, const char *prefix,
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!no_verify && hook_exists("pre-commit")) {
|
||||
if (!no_verify && invoked_hook) {
|
||||
/*
|
||||
* Re-read the index as pre-commit hook could have updated it,
|
||||
* and write it out as a tree. We must do this before we invoke
|
||||
* Re-read the index as the pre-commit-commit hook was invoked
|
||||
* and could have updated it. We must do this before we invoke
|
||||
* the editor and after we invoke run_status above.
|
||||
*/
|
||||
discard_cache();
|
||||
@ -1068,7 +1070,7 @@ static int prepare_to_commit(const char *index_file, const char *prefix,
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (run_commit_hook(use_editor, index_file, "prepare-commit-msg",
|
||||
if (run_commit_hook(use_editor, index_file, NULL, "prepare-commit-msg",
|
||||
git_path_commit_editmsg(), hook_arg1, hook_arg2, NULL))
|
||||
return 0;
|
||||
|
||||
@ -1085,7 +1087,8 @@ static int prepare_to_commit(const char *index_file, const char *prefix,
|
||||
}
|
||||
|
||||
if (!no_verify &&
|
||||
run_commit_hook(use_editor, index_file, "commit-msg", git_path_commit_editmsg(), NULL)) {
|
||||
run_commit_hook(use_editor, index_file, NULL, "commit-msg",
|
||||
git_path_commit_editmsg(), NULL)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -1841,7 +1844,8 @@ int cmd_commit(int argc, const char **argv, const char *prefix)
|
||||
|
||||
repo_rerere(the_repository, 0);
|
||||
run_auto_maintenance(quiet);
|
||||
run_commit_hook(use_editor, get_index_file(), "post-commit", NULL);
|
||||
run_commit_hook(use_editor, get_index_file(), NULL, "post-commit",
|
||||
NULL);
|
||||
if (amend && !no_post_rewrite) {
|
||||
commit_post_rewrite(the_repository, current_head, &oid);
|
||||
}
|
||||
|
@ -845,15 +845,20 @@ static void prepare_to_commit(struct commit_list *remoteheads)
|
||||
struct strbuf msg = STRBUF_INIT;
|
||||
const char *index_file = get_index_file();
|
||||
|
||||
if (!no_verify && run_commit_hook(0 < option_edit, index_file, "pre-merge-commit", NULL))
|
||||
if (!no_verify) {
|
||||
int invoked_hook;
|
||||
|
||||
if (run_commit_hook(0 < option_edit, index_file, &invoked_hook,
|
||||
"pre-merge-commit", NULL))
|
||||
abort_commit(remoteheads, NULL);
|
||||
/*
|
||||
* Re-read the index as pre-merge-commit hook could have updated it,
|
||||
* and write it out as a tree. We must do this before we invoke
|
||||
* the editor and after we invoke run_status above.
|
||||
*/
|
||||
if (hook_exists("pre-merge-commit"))
|
||||
if (invoked_hook)
|
||||
discard_cache();
|
||||
}
|
||||
read_cache_from(index_file);
|
||||
strbuf_addbuf(&msg, &merge_msg);
|
||||
if (squash)
|
||||
@ -875,7 +880,8 @@ static void prepare_to_commit(struct commit_list *remoteheads)
|
||||
append_signoff(&msg, ignore_non_trailer(msg.buf, msg.len), 0);
|
||||
write_merge_heads(remoteheads);
|
||||
write_file_buf(git_path_merge_msg(the_repository), msg.buf, msg.len);
|
||||
if (run_commit_hook(0 < option_edit, get_index_file(), "prepare-commit-msg",
|
||||
if (run_commit_hook(0 < option_edit, get_index_file(), NULL,
|
||||
"prepare-commit-msg",
|
||||
git_path_merge_msg(the_repository), "merge", NULL))
|
||||
abort_commit(remoteheads, NULL);
|
||||
if (0 < option_edit) {
|
||||
@ -884,7 +890,7 @@ static void prepare_to_commit(struct commit_list *remoteheads)
|
||||
}
|
||||
|
||||
if (!no_verify && run_commit_hook(0 < option_edit, get_index_file(),
|
||||
"commit-msg",
|
||||
NULL, "commit-msg",
|
||||
git_path_merge_msg(the_repository), NULL))
|
||||
abort_commit(remoteheads, NULL);
|
||||
|
||||
|
@ -1408,10 +1408,12 @@ static const char *push_to_deploy(unsigned char *sha1,
|
||||
static const char *push_to_checkout_hook = "push-to-checkout";
|
||||
|
||||
static const char *push_to_checkout(unsigned char *hash,
|
||||
int *invoked_hook,
|
||||
struct strvec *env,
|
||||
const char *work_tree)
|
||||
{
|
||||
struct run_hooks_opt opt = RUN_HOOKS_OPT_INIT;
|
||||
opt.invoked_hook = invoked_hook;
|
||||
|
||||
strvec_pushf(env, "GIT_WORK_TREE=%s", absolute_path(work_tree));
|
||||
strvec_pushv(&opt.env, env->v);
|
||||
@ -1426,6 +1428,7 @@ static const char *update_worktree(unsigned char *sha1, const struct worktree *w
|
||||
{
|
||||
const char *retval, *git_dir;
|
||||
struct strvec env = STRVEC_INIT;
|
||||
int invoked_hook;
|
||||
|
||||
if (!worktree || !worktree->path)
|
||||
BUG("worktree->path must be non-NULL");
|
||||
@ -1436,10 +1439,9 @@ static const char *update_worktree(unsigned char *sha1, const struct worktree *w
|
||||
|
||||
strvec_pushf(&env, "GIT_DIR=%s", absolute_path(git_dir));
|
||||
|
||||
if (!hook_exists(push_to_checkout_hook))
|
||||
retval = push_to_checkout(sha1, &invoked_hook, &env, worktree->path);
|
||||
if (!invoked_hook)
|
||||
retval = push_to_deploy(sha1, &env, worktree->path);
|
||||
else
|
||||
retval = push_to_checkout(sha1, &env, worktree->path);
|
||||
|
||||
strvec_clear(&env);
|
||||
return retval;
|
||||
|
2
commit.c
2
commit.c
@ -1713,7 +1713,7 @@ size_t ignore_non_trailer(const char *buf, size_t len)
|
||||
}
|
||||
|
||||
int run_commit_hook(int editor_is_used, const char *index_file,
|
||||
const char *name, ...)
|
||||
int *invoked_hook, const char *name, ...)
|
||||
{
|
||||
struct run_hooks_opt opt = RUN_HOOKS_OPT_INIT;
|
||||
va_list args;
|
||||
|
3
commit.h
3
commit.h
@ -369,7 +369,8 @@ int compare_commits_by_commit_date(const void *a_, const void *b_, void *unused)
|
||||
int compare_commits_by_gen_then_commit_date(const void *a_, const void *b_, void *unused);
|
||||
|
||||
LAST_ARG_MUST_BE_NULL
|
||||
int run_commit_hook(int editor_is_used, const char *index_file, const char *name, ...);
|
||||
int run_commit_hook(int editor_is_used, const char *index_file,
|
||||
int *invoked_hook, const char *name, ...);
|
||||
|
||||
/* Sign a commit or tag buffer, storing the result in a header. */
|
||||
int sign_with_header(struct strbuf *buf, const char *keyid);
|
||||
|
7
hook.c
7
hook.c
@ -96,9 +96,13 @@ static int notify_hook_finished(int result,
|
||||
void *pp_task_cb)
|
||||
{
|
||||
struct hook_cb_data *hook_cb = pp_cb;
|
||||
struct run_hooks_opt *opt = hook_cb->options;
|
||||
|
||||
hook_cb->rc |= result;
|
||||
|
||||
if (opt->invoked_hook)
|
||||
*opt->invoked_hook = 1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -123,6 +127,9 @@ int run_hooks_opt(const char *hook_name, struct run_hooks_opt *options)
|
||||
if (!options)
|
||||
BUG("a struct run_hooks_opt must be provided to run_hooks");
|
||||
|
||||
if (options->invoked_hook)
|
||||
*options->invoked_hook = 0;
|
||||
|
||||
if (!hook_path && !options->error_if_missing)
|
||||
goto cleanup;
|
||||
|
||||
|
12
hook.h
12
hook.h
@ -18,6 +18,18 @@ struct run_hooks_opt
|
||||
* translates to "struct child_process"'s "dir" member.
|
||||
*/
|
||||
const char *dir;
|
||||
|
||||
/**
|
||||
* A pointer which if provided will be set to 1 or 0 depending
|
||||
* on if a hook was started, regardless of whether or not that
|
||||
* was successful. I.e. if the underlying start_command() was
|
||||
* successful this will be set to 1.
|
||||
*
|
||||
* Used for avoiding TOCTOU races in code that would otherwise
|
||||
* call hook_exist() after a "maybe hook run" to see if a hook
|
||||
* was invoked.
|
||||
*/
|
||||
int *invoked_hook;
|
||||
};
|
||||
|
||||
#define RUN_HOOKS_OPT_INIT { \
|
||||
|
@ -1220,7 +1220,7 @@ static int run_prepare_commit_msg_hook(struct repository *r,
|
||||
} else {
|
||||
arg1 = "message";
|
||||
}
|
||||
if (run_commit_hook(0, r->index_file, "prepare-commit-msg", name,
|
||||
if (run_commit_hook(0, r->index_file, NULL, "prepare-commit-msg", name,
|
||||
arg1, arg2, NULL))
|
||||
ret = error(_("'prepare-commit-msg' hook failed"));
|
||||
|
||||
@ -1552,7 +1552,7 @@ static int try_to_commit(struct repository *r,
|
||||
goto out;
|
||||
}
|
||||
|
||||
run_commit_hook(0, r->index_file, "post-commit", NULL);
|
||||
run_commit_hook(0, r->index_file, NULL, "post-commit", NULL);
|
||||
if (flags & AMEND_MSG)
|
||||
commit_post_rewrite(r, current_head, oid);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user