[RFC][PATCH] Allow transfer of any valid sha1

From: Eric W. Biederman <ebiederm@xmission.com>
Date: 2006-05-24 17:51:36
While working on git-quiltimport I decided to see if
I could transform Andrews patches where he imports git tress into
git-pull commands, which should result in better history and better
attribution.

To be accurate of his source Andrew records the sha1 of the commit
and the git tree he pulled from.  Which looks like:

GIT b307e8548921c686d2eb948ca418ab2941876daa \
 git+ssh://master.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git

So I figured I would transform the above line into the obvious
git-pull command:

 git-pull \
  git+ssh://master.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git \
  b307e8548921c686d2eb948ca418ab2941876daa

To my surprise that didn't work.  There were a couple of little places
in the scripts where git-fetch and git-fetch-pack never expected to be
given a sha1 but that was easy to fix up, and had no real repercussions.  

More problematic was the little bit in git-upload pack that only
allows you to a sha1 if it was on the list of sha1 generated from
looking at the heads.  I'm not at all certain of the sense of
that check as you can get everything by just cloning the repository.

Can we fix the check in upload-pack.c something like my
patch below does?  Are there any security implications for
doing that?

Could we just make the final check before dying if (!o) ?





		/* We have sent all our refs already, and the other end
		 * should have chosen out of them; otherwise they are
		 * asking for nonsense.
		 *
		 * Hmph.  We may later want to allow "want" line that
		 * asks for something like "master~10" (symbolic)...
		 * would it make sense?  I don't know.
		 */

diff --git a/upload-pack.c b/upload-pack.c
index 47560c9..0f2e544 100644
--- a/upload-pack.c
+++ b/upload-pack.c
@@ -207,7 +207,9 @@ static int receive_needs(void)
 		 * would it make sense?  I don't know.
 		 */
 		o = lookup_object(sha1_buf);
-		if (!o || !(o->flags & OUR_REF))
+		if (!o)
+			o = parse_object(sha1_buf);
+		if (!o || ((o->type != commit_type) && (o->type != tag_type)))
 			die("git-upload-pack: not our ref %s", line+5);
 		if (!(o->flags & WANTED)) {
 			o->flags |= WANTED;
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Received on Wed May 24 17:52:58 2006

This archive was generated by hypermail 2.1.8 : 2006-05-24 17:53:17 EST