All of lore.kernel.org
 help / color / mirror / Atom feed
From: Junio C Hamano <gitster@pobox.com>
To: Dave Borowitz <dborowitz@google.com>
Cc: Jeff King <peff@peff.net>,
	"Shawn O. Pearce" <spearce@spearce.org>,
	git@vger.kernel.org
Subject: Re: [PATCH 0/4] jk/version-string and google code
Date: Fri, 10 Aug 2012 12:11:30 -0700	[thread overview]
Message-ID: <7vhasak1el.fsf@alter.siamese.dyndns.org> (raw)
In-Reply-To: <CAD0k6qSZYH5mvwR5PKhs1FFAPqMfRryXooxd_qhtt+eGXU7pUA@mail.gmail.com> (Dave Borowitz's message of "Fri, 10 Aug 2012 11:13:30 -0700")

Dave Borowitz <dborowitz@google.com> writes:

> You may also notice in that code a set of innocuous_capabilities,
> which IIRC is the complete set of capabilities, at the time of
> writing, that the C git client may send without the server advertising
> them. Such a set (painstakingly assembled, I assure you :) may be
> useful as we move further in this direction.

In builtin/fetch-pack.c, we find this:

		if (!fetching) {
			struct strbuf c = STRBUF_INIT;
			if (multi_ack == 2)     strbuf_addstr(&c, " multi_ack_detailed");
			if (multi_ack == 1)     strbuf_addstr(&c, " multi_ack");
			if (no_done)            strbuf_addstr(&c, " no-done");
			if (use_sideband == 2)  strbuf_addstr(&c, " side-band-64k");
			if (use_sideband == 1)  strbuf_addstr(&c, " side-band");
			if (args.use_thin_pack) strbuf_addstr(&c, " thin-pack");
			if (args.no_progress)   strbuf_addstr(&c, " no-progress");
			if (args.include_tag)   strbuf_addstr(&c, " include-tag");
			if (prefer_ofs_delta)   strbuf_addstr(&c, " ofs-delta");
			packet_buf_write(&req_buf, "want %s%s\n", remote_hex, c.buf);
			strbuf_release(&c);
		} else
			packet_buf_write(&req_buf, "want %s\n", remote_hex);

The ones we choose to throw at the other end based on "args.foo" are
not protected by "server_supports()" at all, which is where the
hardcoded list of "innocuous capabilities" comes from.  I would say
this is a client bug.  I wish Dulwich folks didn't choose to be
silent when they added that hardcoded list as a workaround.

If a client threw a request X at a server that does not support it,
and relied on a server bug that does not reject such a request to
allow it send a pack stream that does not conform to what X asked,
and handled the pack stream assuming that the server did X, it would
be a triple bug on the client's end.  Depending on the nature of X,
the end result may be broken. Dulwich is correct to raise an
exception upon seeing agent=foo.

One could argue that from correctness standpoint, being asked to
send ofs-delta and using only ref-delta does not make a corrupt
packfile (it just makes things less efficient), but we cannot
guarantee that all protocol capabilities will be "innocuous" that
way. Longer term direction should be to reduce the "innocuous" set.

Thanks.

      parent reply	other threads:[~2012-08-10 19:11 UTC|newest]

Thread overview: 37+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-08-10  7:53 [PATCH 0/4] jk/version-string and google code Jeff King
2012-08-10  7:57 ` [PATCH 1/4] send-pack: fix capability-sending logic Jeff King
2012-08-10  7:57 ` [PATCH 2/4] do not send client agent unless server does first Jeff King
2012-08-10 19:45   ` Junio C Hamano
2012-08-10 21:09     ` Jeff King
2012-08-10  7:58 ` [PATCH 3/4] connect: learn to parse capabilities with values Jeff King
2012-08-10  8:06   ` Eric Sunshine
2012-08-10 20:01   ` Junio C Hamano
2012-08-10 21:15     ` Jeff King
2012-08-10 21:55       ` Junio C Hamano
2012-08-13 19:03         ` Junio C Hamano
2012-08-13 19:07           ` [PATCH 4/4] fetch-pack: mention server version with verbose output Junio C Hamano
2012-08-13 19:43             ` Junio C Hamano
2012-08-13 20:54             ` Jeff King
2012-08-13 21:07               ` Junio C Hamano
2012-08-13 21:07                 ` Jeff King
2012-08-13 21:09               ` Junio C Hamano
2012-08-13 21:11                 ` Jeff King
2012-08-14  1:59                   ` Jeff King
2012-08-14  2:02                     ` Jeff King
2012-08-14  4:56                       ` Junio C Hamano
2012-08-10  7:59 ` Jeff King
2012-08-10 15:34 ` [PATCH 0/4] jk/version-string and google code Junio C Hamano
2012-08-10 17:46   ` Jeff King
2012-08-10 18:52     ` Junio C Hamano
2012-08-10 21:50       ` Jeff King
2012-08-10 22:29         ` Shawn Pearce
2012-08-10 22:36           ` Junio C Hamano
2012-08-10 15:37 ` Junio C Hamano
2012-08-10 18:06   ` Dave Borowitz
2012-08-10 18:08     ` Jeff King
2012-08-10 18:13       ` Dave Borowitz
2012-08-10 18:25         ` Jeff King
2012-08-10 21:25           ` Junio C Hamano
2012-08-10 21:35             ` Jeff King
2012-08-10 21:42               ` Junio C Hamano
2012-08-10 19:11         ` Junio C Hamano [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=7vhasak1el.fsf@alter.siamese.dyndns.org \
    --to=gitster@pobox.com \
    --cc=dborowitz@google.com \
    --cc=git@vger.kernel.org \
    --cc=peff@peff.net \
    --cc=spearce@spearce.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.