diff mbox series

[2/2] receive-pack: use find_commit_header() in check_nonce()

Message ID 8b350cae-2180-4ac7-a911-d40043576445@web.de (mailing list archive)
State New, archived
Headers show
Series [1/2] receive-pack: use find_commit_header() in check_cert_push_options() | expand

Commit Message

René Scharfe Feb. 9, 2024, 8:41 p.m. UTC 
Use the public function find_commit_header() and remove find_header(),
as it becomes unused.  This is safe and appropriate because we pass the
NUL-terminated payload buffer to check_nonce() instead of its start and
length.  The underlying strbuf push_cert cannot contain NULs, as it is
built using strbuf_addstr(), only.

We no longer need to call strlen(), as find_commit_header() returns the
length of nonce already.

Signed-off-by: René Scharfe <l.s.r@web.de>
---
Formatted with -U5 for easier review.
Removing find_header_mem(), which basically becomes unused, left as an
exercise for the reader. ;)

 builtin/receive-pack.c | 25 +++++--------------------
 1 file changed, 5 insertions(+), 20 deletions(-)

--
2.43.0

Comments

Junio C Hamano Feb. 9, 2024, 10:18 p.m. UTC | #1 
René Scharfe <l.s.r@web.de> writes:

> @@ -620,17 +605,18 @@ static int constant_memequal(const char *a, const char *b, size_t n)
>  	for (i = 0; i < n; i++)
>  		res |= a[i] ^ b[i];
>  	return res;
>  }
>
> -static const char *check_nonce(const char *buf, size_t len)
> +static const char *check_nonce(const char *buf)
>  {
> -	char *nonce = find_header(buf, len, "nonce", NULL);
> +	size_t noncelen;
> +	const char *found = find_commit_header(buf, "nonce", &noncelen);
> +	char *nonce = found ? xmemdupz(found, noncelen) : NULL;

OK, the changes to this function are all quite trivially correct.

>  	timestamp_t stamp, ostamp;
>  	char *bohmac, *expect = NULL;
>  	const char *retval = NONCE_BAD;
> -	size_t noncelen;
>
>  	if (!nonce) {
>  		retval = NONCE_MISSING;
>  		goto leave;
>  	} else if (!push_cert_nonce) {
> @@ -668,11 +654,10 @@ static const char *check_nonce(const char *buf, size_t len)
>  	if (bohmac == nonce || bohmac[0] != '-') {
>  		retval = NONCE_BAD;
>  		goto leave;
>  	}
>
> -	noncelen = strlen(nonce);
>  	expect = prepare_push_cert_nonce(service_dir, stamp);
>  	if (noncelen != strlen(expect)) {
>  		/* This is not even the right size. */
>  		retval = NONCE_BAD;
>  		goto leave;
> @@ -765,11 +750,11 @@ static void prepare_push_cert_sha1(struct child_process *proc)
>  		sigcheck.payload = xmemdupz(push_cert.buf, bogs);
>  		sigcheck.payload_len = bogs;
>  		check_signature(&sigcheck, push_cert.buf + bogs,
>  				push_cert.len - bogs);
>
> -		nonce_status = check_nonce(push_cert.buf, bogs);
> +		nonce_status = check_nonce(sigcheck.payload);

Hmph.  sigc->payload is used as a read-only member in
check_signature(), and the xmemdupz() copy we made earlier is
readily available as a replacement for the counted (push_cert.buf,
bogs) string.  Very nice finding.

>  	}
>  	if (!is_null_oid(&push_cert_oid)) {
>  		strvec_pushf(&proc->env, "GIT_PUSH_CERT=%s",
>  			     oid_to_hex(&push_cert_oid));
>  		strvec_pushf(&proc->env, "GIT_PUSH_CERT_SIGNER=%s",
> --
> 2.43.0
diff mbox series

Patch

diff --git a/builtin/receive-pack.c b/builtin/receive-pack.c
index 8ebb3a872f..dbee508775 100644
--- a/builtin/receive-pack.c
+++ b/builtin/receive-pack.c
@@ -591,25 +591,10 @@  static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
 	/* RFC 2104 5. HMAC-SHA1 or HMAC-SHA256 */
 	strbuf_addf(&buf, "%"PRItime"-%.*s", stamp, (int)the_hash_algo->hexsz, hash_to_hex(hash));
 	return strbuf_detach(&buf, NULL);
 }

-static char *find_header(const char *msg, size_t len, const char *key,
-			 const char **next_line)
-{
-	size_t out_len;
-	const char *val = find_header_mem(msg, len, key, &out_len);
-
-	if (!val)
-		return NULL;
-
-	if (next_line)
-		*next_line = val + out_len + 1;
-
-	return xmemdupz(val, out_len);
-}
-
 /*
  * Return zero if a and b are equal up to n bytes and nonzero if they are not.
  * This operation is guaranteed to run in constant time to avoid leaking data.
  */
 static int constant_memequal(const char *a, const char *b, size_t n)
@@ -620,17 +605,18 @@  static int constant_memequal(const char *a, const char *b, size_t n)
 	for (i = 0; i < n; i++)
 		res |= a[i] ^ b[i];
 	return res;
 }

-static const char *check_nonce(const char *buf, size_t len)
+static const char *check_nonce(const char *buf)
 {
-	char *nonce = find_header(buf, len, "nonce", NULL);
+	size_t noncelen;
+	const char *found = find_commit_header(buf, "nonce", &noncelen);
+	char *nonce = found ? xmemdupz(found, noncelen) : NULL;
 	timestamp_t stamp, ostamp;
 	char *bohmac, *expect = NULL;
 	const char *retval = NONCE_BAD;
-	size_t noncelen;

 	if (!nonce) {
 		retval = NONCE_MISSING;
 		goto leave;
 	} else if (!push_cert_nonce) {
@@ -668,11 +654,10 @@  static const char *check_nonce(const char *buf, size_t len)
 	if (bohmac == nonce || bohmac[0] != '-') {
 		retval = NONCE_BAD;
 		goto leave;
 	}

-	noncelen = strlen(nonce);
 	expect = prepare_push_cert_nonce(service_dir, stamp);
 	if (noncelen != strlen(expect)) {
 		/* This is not even the right size. */
 		retval = NONCE_BAD;
 		goto leave;
@@ -765,11 +750,11 @@  static void prepare_push_cert_sha1(struct child_process *proc)
 		sigcheck.payload = xmemdupz(push_cert.buf, bogs);
 		sigcheck.payload_len = bogs;
 		check_signature(&sigcheck, push_cert.buf + bogs,
 				push_cert.len - bogs);

-		nonce_status = check_nonce(push_cert.buf, bogs);
+		nonce_status = check_nonce(sigcheck.payload);
 	}
 	if (!is_null_oid(&push_cert_oid)) {
 		strvec_pushf(&proc->env, "GIT_PUSH_CERT=%s",
 			     oid_to_hex(&push_cert_oid));
 		strvec_pushf(&proc->env, "GIT_PUSH_CERT_SIGNER=%s",