upload-pack: allow stateless client EOF just prior to haves
During stateless packfile negotiation where a depth is given, stateless RPC clients (e.g. git-remote-curl) will send multiple upload-pack requests with the first containing only the wants/shallows/deepens/filters and the subsequent containing haves/done. When upload-pack handles such requests, entering get_common_commits without checking whether the client has hung up can result in unexpected EOF during the negotiation loop and a die() with message "fatal: the remote end hung up unexpectedly". Real world effects include: - A client speaking to git-http-backend via a server that doesn't check the exit codes of CGIs (e.g. mod_cgi) doesn't know and doesn't care about the fatal. It continues to process the response body as normal. - A client speaking to a server that does check the exit code and returns an errant HTTP status as a result will fail with the message "error: RPC failed; HTTP 500 curl 22 The requested URL returned error: 500." - Admins running servers that surface the failure must workaround it by patching code that handles execution of git-http-backend to ignore exit codes or take other heuristic approaches. - Admins may have to deal with "hung up unexpectedly" log spam related to the failures even in cases where the exit code isn't surfaced as an HTTP server-side error status. To avoid these EOF related fatals, have upload-pack gently peek for an EOF between the sending of shallow/unshallow lines (followed by flush) and the reading of client haves. If the client has hung up at this point, exit normally. Signed-off-by: Daniel Duvall <dan@mutual.io> Signed-off-by: Junio C Hamano <gitster@pobox.com>maint
Daniel Duvall
Junio C Hamano
parent
e2850a27a9
commit
fb3d1a083f
|
|
@ -88,6 +88,23 @@ test_expect_success 'upload-pack fails due to error in pack-objects enumeration'
|
||||||
grep "pack-objects died" output.err
|
grep "pack-objects died" output.err
|
||||||
'
|
'
|
||||||
|
|
||||||
|
test_expect_success 'upload-pack tolerates EOF just after stateless client wants' '
|
||||||
|
test_commit initial &&
|
||||||
|
head=$(git rev-parse HEAD) &&
|
||||||
|
|
||||||
|
{
|
||||||
|
packetize "want $head" &&
|
||||||
|
packetize "shallow $head" &&
|
||||||
|
packetize "deepen 1" &&
|
||||||
|
printf "0000"
|
||||||
|
} >request &&
|
||||||
|
|
||||||
|
printf "0000" >expect &&
|
||||||
|
|
||||||
|
git upload-pack --stateless-rpc . <request >actual &&
|
||||||
|
test_cmp expect actual
|
||||||
|
'
|
||||||
|
|
||||||
test_expect_success 'create empty repository' '
|
test_expect_success 'create empty repository' '
|
||||||
|
|
||||||
mkdir foo &&
|
mkdir foo &&
|
||||||
|
|
|
||||||
|
|
@ -1344,7 +1344,18 @@ void upload_pack(struct upload_pack_options *options)
|
||||||
PACKET_READ_DIE_ON_ERR_PACKET);
|
PACKET_READ_DIE_ON_ERR_PACKET);
|
||||||
|
|
||||||
receive_needs(&data, &reader);
|
receive_needs(&data, &reader);
|
||||||
if (data.want_obj.nr) {
|
|
||||||
|
/*
|
||||||
|
* An EOF at this exact point in negotiation should be
|
||||||
|
* acceptable from stateless clients as they will consume the
|
||||||
|
* shallow list before doing subsequent rpc with haves/etc.
|
||||||
|
*/
|
||||||
|
if (data.stateless_rpc)
|
||||||
|
reader.options |= PACKET_READ_GENTLE_ON_EOF;
|
||||||
|
|
||||||
|
if (data.want_obj.nr &&
|
||||||
|
packet_reader_peek(&reader) != PACKET_READ_EOF) {
|
||||||
|
reader.options &= ~PACKET_READ_GENTLE_ON_EOF;
|
||||||
get_common_commits(&data, &reader);
|
get_common_commits(&data, &reader);
|
||||||
create_pack_file(&data, NULL);
|
create_pack_file(&data, NULL);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue